From 58b732a84d0d505a73f9ff80b70df94e46e8cf77 Mon Sep 17 00:00:00 2001
From: HarHarLinks <kim.brose@rwth-aachen.de>
Date: Fri, 14 Jan 2022 19:21:05 +0100
Subject: [PATCH] support hookshot permissions management

see Half-Shot/matrix-hookshot#167
---
 roles/matrix-bridge-hookshot/defaults/main.yml      | 13 +++++++++++++
 .../matrix-bridge-hookshot/templates/config.yml.j2  |  3 +++
 2 files changed, 16 insertions(+)

diff --git a/roles/matrix-bridge-hookshot/defaults/main.yml b/roles/matrix-bridge-hookshot/defaults/main.yml
index 3063e673..05e7c5a0 100644
--- a/roles/matrix-bridge-hookshot/defaults/main.yml
+++ b/roles/matrix-bridge-hookshot/defaults/main.yml
@@ -108,6 +108,19 @@ matrix_hookshot_provisioning_secret: ''
 matrix_hookshot_provisioning_enabled: false
 matrix_hookshot_provisioning_endpoint: "{{ matrix_hookshot_public_endpoint }}/v1"
 
+# You can configure access to the bridge as documented here https://half-shot.github.io/matrix-hookshot/setup.html#permissions
+# When empty, the default permissions are applied.
+# Example:
+# matrix_hookshot_permissions:
+#   - actor: *
+#     services:
+#       - service: *
+#         level: commands
+#   - actor: example.com
+#     services:
+#       - service: "*"
+#         level: admin
+matrix_hookshot_permissions: []
 
 matrix_hookshot_bot_displayname: Hookshot Bot
 matrix_hookshot_bot_avatar: 'mxc://half-shot.uk/2876e89ccade4cb615e210c458e2a7a6883fe17d'
diff --git a/roles/matrix-bridge-hookshot/templates/config.yml.j2 b/roles/matrix-bridge-hookshot/templates/config.yml.j2
index 2bd6b0e1..8be3b1d6 100644
--- a/roles/matrix-bridge-hookshot/templates/config.yml.j2
+++ b/roles/matrix-bridge-hookshot/templates/config.yml.j2
@@ -100,6 +100,9 @@ logging:
   # (Optional) Logging settings. You can have a severity debug,info,warn,error
   #
   level: info
+{% if matrix_hookshot_permissions %}
+permissions: {{ matrix_hookshot_permissions }}
+{% endif %}
 listeners:
   # (Optional) HTTP Listener configuration.
   # Bind resource endpoints to ports and addresses.