From ab18fa731bf81f02426eb3c1304d4e6cae81d3e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=94=D0=B0=D0=BC=D1=8F=D0=BD=20=D0=9C=D0=B8=D0=BD=D0=BA?=
 =?UTF-8?q?=D0=BE=D0=B2?= <damencho@jitsi.org>
Date: Tue, 19 Oct 2021 16:52:16 -0700
Subject: [PATCH] Adds new option to allowners module (#10207)

* feat: Adds option to disable owner revoke in allowners module.

* squash: Fixes few lua check warnings.
---
 .../prosody-plugins/mod_muc_allowners.lua     | 46 +++++++++++++++++--
 1 file changed, 41 insertions(+), 5 deletions(-)

diff --git a/resources/prosody-plugins/mod_muc_allowners.lua b/resources/prosody-plugins/mod_muc_allowners.lua
index e2235a4e1..dc0783e67 100644
--- a/resources/prosody-plugins/mod_muc_allowners.lua
+++ b/resources/prosody-plugins/mod_muc_allowners.lua
@@ -2,24 +2,28 @@ local filters = require 'util.filters';
 local jid = require "util.jid";
 local jid_bare = require "util.jid".bare;
 local jid_host = require "util.jid".host;
+local st = require "util.stanza";
 local um_is_admin = require "core.usermanager".is_admin;
 local util = module:require "util";
 local is_healthcheck_room = util.is_healthcheck_room;
 local extract_subdomain = util.extract_subdomain;
+local get_room_from_jid = util.get_room_from_jid;
 local presence_check_status = util.presence_check_status;
 local MUC_NS = 'http://jabber.org/protocol/muc';
 
 local moderated_subdomains;
 local moderated_rooms;
+local disable_revoke_owners;
 
 local function load_config()
     moderated_subdomains = module:get_option_set("allowners_moderated_subdomains", {})
     moderated_rooms = module:get_option_set("allowners_moderated_rooms", {})
+    disable_revoke_owners = module:get_option_boolean("allowners_disable_revoke_owners", false);
 end
 load_config();
 
-local function is_admin(jid)
-    return um_is_admin(jid, module.host);
+local function is_admin(_jid)
+    return um_is_admin(_jid, module.host);
 end
 
 -- List of the bare_jids of all occupants that are currently joining (went through pre-join) and will be promoted
@@ -71,12 +75,14 @@ module:hook("muc-occupant-pre-join", function (event)
         end
 
         if not (room_name == session.jitsi_meet_room or session.jitsi_meet_room == '*') then
-            module:log('debug', 'skip allowners for auth user and non matching room name: %s, jwt room name: %s', room_name, session.jitsi_meet_room);
+            module:log('debug', 'skip allowners for auth user and non matching room name: %s, jwt room name: %s',
+                room_name, session.jitsi_meet_room);
             return;
         end
 
         if not (subdomain == session.jitsi_meet_context_group) then
-            module:log('debug', 'skip allowners for auth user and non matching room subdomain: %s, jwt subdomain: %s', subdomain, session.jitsi_meet_context_group);
+            module:log('debug', 'skip allowners for auth user and non matching room subdomain: %s, jwt subdomain: %s',
+                subdomain, session.jitsi_meet_context_group);
             return;
         end
     end
@@ -103,7 +109,10 @@ module:hook_global('config-reloaded', load_config);
 -- We want to filter those presences where we send first `participant` and just after it `moderator`
 function filter_stanza(stanza)
     -- when joining_moderator_participants is empty there is nothing to filter
-    if next(joining_moderator_participants) == nil or not stanza.attr or not stanza.attr.to or stanza.name ~= "presence" then
+    if next(joining_moderator_participants) == nil
+            or not stanza.attr
+            or not stanza.attr.to
+            or stanza.name ~= "presence" then
         return stanza;
     end
 
@@ -146,3 +155,30 @@ end
 
 -- enable filtering presences
 filters.add_filter_hook(filter_session);
+
+-- filters any attempt to revoke owner rights on non moderated rooms
+function filter_admin_set_query(event)
+    local origin, stanza = event.origin, event.stanza;
+    local room_jid = jid_bare(stanza.attr.to);
+    local room = get_room_from_jid(room_jid);
+
+    local item = stanza.tags[1].tags[1];
+    local _aff = item.attr.affiliation;
+
+    -- if it is a moderated room we skip it
+    if is_moderated(room.jid) then
+        return nil;
+    end
+
+    -- any revoking is disabled
+    if _aff ~= 'owner' then
+        origin.send(st.error_reply(stanza, "auth", "forbidden"));
+        return true;
+    end
+end
+
+if not disable_revoke_owners then
+    -- default prosody priority for handling these is -2
+    module:hook("iq-set/bare/http://jabber.org/protocol/muc#admin:query", filter_admin_set_query, 5);
+    module:hook("iq-set/host/http://jabber.org/protocol/muc#admin:query", filter_admin_set_query, 5);
+end