From dd50ee19ab80daef38ae59b2b4f68bd679a4cee7 Mon Sep 17 00:00:00 2001
From: Sabine Laszakovits <sabinbox@laszakovits.net>
Date: Sun, 25 Oct 2020 21:42:40 +0100
Subject: [PATCH] fixed bridge permissions

---
 docs/configuring-playbook-bridge-mautrix-signal.md | 14 ++++++++++++++
 .../matrix-bridge-mautrix-signal/defaults/main.yml |  9 +++++++++
 .../templates/config.yaml.j2                       |  4 +---
 3 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/docs/configuring-playbook-bridge-mautrix-signal.md b/docs/configuring-playbook-bridge-mautrix-signal.md
index 7bdd9924..066dbaff 100644
--- a/docs/configuring-playbook-bridge-mautrix-signal.md
+++ b/docs/configuring-playbook-bridge-mautrix-signal.md
@@ -10,6 +10,20 @@ Use the following playbook configuration:
 matrix_mautrix_signal_enabled: true
 ```
 
+To specify which users have access to the bridge, use the variable `matrix_mautrix_signal_configuration_permissions`.
+Refer to the documentation for
+```yaml
+bridge:
+  permissions:
+```
+in [the example config in mautrix-signal](https://github.com/tulir/mautrix-signal/blob/master/mautrix_signal/example-config.yaml).
+For instance, use
+```yaml
+matrix_mautrix_signal_configuration_permissions:
+  "YOUR_DOMAIN": user
+```
+to allow all users registered to `YOUR_DOMAIN` access to the bridge (where `YOUR_DOMAIN` is your base domain, not the `matrix.` domain).
+
 
 ## Set up Double Puppeting
 
diff --git a/roles/matrix-bridge-mautrix-signal/defaults/main.yml b/roles/matrix-bridge-mautrix-signal/defaults/main.yml
index c15f1ed1..e6c5fe05 100644
--- a/roles/matrix-bridge-mautrix-signal/defaults/main.yml
+++ b/roles/matrix-bridge-mautrix-signal/defaults/main.yml
@@ -62,6 +62,15 @@ matrix_mautrix_signal_login_shared_secret: ''
 # or completely replace this variable with your own template.
 matrix_mautrix_signal_configuration_yaml: "{{ lookup('template', 'templates/config.yaml.j2') }}"
 
+# Permitted values:
+#       user - Use the bridge with puppeting.
+#      admin - Use and administrate the bridge.
+# Permitted keys:
+#        * - All Matrix users
+#   domain - All users on that homeserver
+#     mxid - Specific user
+matrix_mautrix_signal_configuration_permissions: []
+
 matrix_mautrix_signal_configuration_extension_yaml: |
   # Your custom YAML configuration goes here.
   # This configuration extends the default starting configuration (`matrix_mautrix_signal_configuration_yaml`).
diff --git a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2 b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2
index 6865d3c1..ec2a4764 100644
--- a/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2
+++ b/roles/matrix-bridge-mautrix-signal/templates/config.yaml.j2
@@ -170,9 +170,7 @@ bridge:
     #        * - All Matrix users
     #   domain - All users on that homeserver
     #     mxid - Specific user
-    permissions:
-        "1m.at": "user"
-        "@admin:1m.at": "admin"
+    permissions: {{ matrix_mautrix_signal_configuration_permissions }} 
 
 
 # Python logging configuration.