mirror of
https://github.com/nextcloud/spreed.git
synced 2025-12-18 05:20:50 +01:00
Restrict renaming, inviting and public/private to owner and moderators
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling
parent
8a3dd6757c
commit
9d6d4f87e5
4 changed files with 124 additions and 1 deletions
|
|
@ -354,8 +354,15 @@ class RoomController extends OCSController {
|
|||
public function renameRoom($token, $roomName) {
|
||||
try {
|
||||
$room = $this->manager->getRoomForParticipantByToken($token, $this->userId);
|
||||
$participant = $room->getParticipant($this->userId);
|
||||
} catch (RoomNotFoundException $e) {
|
||||
return new DataResponse([], Http::STATUS_NOT_FOUND);
|
||||
} catch (\RuntimeException $e) {
|
||||
return new DataResponse([], Http::STATUS_NOT_FOUND);
|
||||
}
|
||||
|
||||
if (!in_array($participant->getParticipantType(), [Participant::OWNER, Participant::MODERATOR], true)) {
|
||||
return new DataResponse([], Http::STATUS_FORBIDDEN);
|
||||
}
|
||||
|
||||
if (strlen($roomName) > 200) {
|
||||
|
|
@ -378,8 +385,15 @@ class RoomController extends OCSController {
|
|||
public function addParticipantToRoom($token, $newParticipant) {
|
||||
try {
|
||||
$room = $this->manager->getRoomForParticipantByToken($token, $this->userId);
|
||||
$participant = $room->getParticipant($this->userId);
|
||||
} catch (RoomNotFoundException $e) {
|
||||
return new DataResponse([], Http::STATUS_NOT_FOUND);
|
||||
} catch (\RuntimeException $e) {
|
||||
return new DataResponse([], Http::STATUS_NOT_FOUND);
|
||||
}
|
||||
|
||||
if (!in_array($participant->getParticipantType(), [Participant::OWNER, Participant::MODERATOR], true)) {
|
||||
return new DataResponse([], Http::STATUS_FORBIDDEN);
|
||||
}
|
||||
|
||||
$participants = $room->getParticipants();
|
||||
|
|
@ -441,8 +455,15 @@ class RoomController extends OCSController {
|
|||
public function makePublic($token) {
|
||||
try {
|
||||
$room = $this->manager->getRoomForParticipantByToken($token, $this->userId);
|
||||
$participant = $room->getParticipant($this->userId);
|
||||
} catch (RoomNotFoundException $e) {
|
||||
return new DataResponse([], Http::STATUS_NOT_FOUND);
|
||||
} catch (\RuntimeException $e) {
|
||||
return new DataResponse([], Http::STATUS_NOT_FOUND);
|
||||
}
|
||||
|
||||
if (!in_array($participant->getParticipantType(), [Participant::OWNER, Participant::MODERATOR], true)) {
|
||||
return new DataResponse([], Http::STATUS_FORBIDDEN);
|
||||
}
|
||||
|
||||
if ($room->getType() !== Room::PUBLIC_CALL) {
|
||||
|
|
@ -461,8 +482,15 @@ class RoomController extends OCSController {
|
|||
public function makePrivate($token) {
|
||||
try {
|
||||
$room = $this->manager->getRoomForParticipantByToken($token, $this->userId);
|
||||
$participant = $room->getParticipant($this->userId);
|
||||
} catch (RoomNotFoundException $e) {
|
||||
return new DataResponse([], Http::STATUS_NOT_FOUND);
|
||||
} catch (\RuntimeException $e) {
|
||||
return new DataResponse([], Http::STATUS_NOT_FOUND);
|
||||
}
|
||||
|
||||
if (!in_array($participant->getParticipantType(), [Participant::OWNER, Participant::MODERATOR], true)) {
|
||||
return new DataResponse([], Http::STATUS_FORBIDDEN);
|
||||
}
|
||||
|
||||
if ($room->getType() === Room::PUBLIC_CALL) {
|
||||
|
|
|
|||
|
|
@ -67,7 +67,11 @@ class Manager {
|
|||
$result = $query->execute();
|
||||
$rooms = [];
|
||||
while ($row = $result->fetch()) {
|
||||
$rooms[] = new Room($this->db, $this->secureRandom, (int) $row['id'], (int) $row['type'], $row['token'], $row['name']);
|
||||
$room = new Room($this->db, $this->secureRandom, (int) $row['id'], (int) $row['type'], $row['token'], $row['name']);
|
||||
if ($participant !== null && isset($row['userId'])) {
|
||||
$room->setParticipant(new Participant($this->db, $room, $row['userId'], (int) $row['participantType'], (int) $row['lastPing'], $row['sessionId']));
|
||||
}
|
||||
$rooms[] = $room;
|
||||
}
|
||||
$result->closeCursor();
|
||||
|
||||
|
|
@ -106,6 +110,9 @@ class Manager {
|
|||
}
|
||||
|
||||
$room = new Room($this->db, $this->secureRandom, (int) $row['id'], (int) $row['type'], $row['token'], $row['name']);
|
||||
if ($participant !== null && isset($row['userId'])) {
|
||||
$room->setParticipant(new Participant($this->db, $room, $row['userId'], (int) $row['participantType'], (int) $row['lastPing'], $row['sessionId']));
|
||||
}
|
||||
|
||||
if ($participant === null && $room->getType() !== Room::PUBLIC_CALL) {
|
||||
throw new RoomNotFoundException();
|
||||
|
|
@ -147,6 +154,9 @@ class Manager {
|
|||
}
|
||||
|
||||
$room = new Room($this->db, $this->secureRandom, (int) $row['id'], (int) $row['type'], $row['token'], $row['name']);
|
||||
if ($participant !== null && isset($row['userId'])) {
|
||||
$room->setParticipant(new Participant($this->db, $room, $row['userId'], (int) $row['participantType'], (int) $row['lastPing'], $row['sessionId']));
|
||||
}
|
||||
|
||||
if ($room->getType() === Room::PUBLIC_CALL) {
|
||||
return $room;
|
||||
|
|
|
|||
|
|
@ -23,9 +23,57 @@
|
|||
|
||||
namespace OCA\Spreed;
|
||||
|
||||
use OCP\IDBConnection;
|
||||
|
||||
class Participant {
|
||||
const OWNER = 1;
|
||||
const MODERATOR = 2;
|
||||
const USER = 3;
|
||||
const GUEST = 4;
|
||||
|
||||
/** @var IDBConnection */
|
||||
protected $db;
|
||||
/** @var Room */
|
||||
protected $room;
|
||||
/** @var string */
|
||||
protected $user;
|
||||
/** @var int */
|
||||
protected $participantType;
|
||||
/** @var int */
|
||||
protected $lastPing;
|
||||
/** @var string */
|
||||
protected $sessionId;
|
||||
|
||||
/**
|
||||
* @param IDBConnection $db
|
||||
* @param Room $room
|
||||
* @param string $user
|
||||
* @param int $participantType
|
||||
* @param int $lastPing
|
||||
* @param string $sessionId
|
||||
*/
|
||||
public function __construct(IDBConnection $db, Room $room, $user, $participantType, $lastPing, $sessionId) {
|
||||
$this->db = $db;
|
||||
$this->room = $room;
|
||||
$this->user = $user;
|
||||
$this->participantType = $participantType;
|
||||
$this->lastPing = $lastPing;
|
||||
$this->sessionId = $sessionId;
|
||||
}
|
||||
|
||||
public function getUser() {
|
||||
return $this->user;
|
||||
}
|
||||
|
||||
public function getParticipantType() {
|
||||
return $this->participantType;
|
||||
}
|
||||
|
||||
public function getLastPing() {
|
||||
return $this->lastPing;
|
||||
}
|
||||
|
||||
public function getSessionId() {
|
||||
return $this->sessionId;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
37
lib/Room.php
37
lib/Room.php
|
|
@ -49,6 +49,9 @@ class Room {
|
|||
/** @var string */
|
||||
private $name;
|
||||
|
||||
/** @var Participant */
|
||||
protected $participant;
|
||||
|
||||
/**
|
||||
* Room constructor.
|
||||
*
|
||||
|
|
@ -96,6 +99,40 @@ class Room {
|
|||
return $this->name;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param Participant $participant
|
||||
*/
|
||||
public function setParticipant(Participant $participant) {
|
||||
$this->participant = $participant;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $userId
|
||||
* @return Participant
|
||||
* @throws \RuntimeException When the user is not a participant
|
||||
*/
|
||||
public function getParticipant($userId) {
|
||||
if ($this->participant instanceof Participant) {
|
||||
return $this->participant;
|
||||
}
|
||||
|
||||
$query = $this->db->getQueryBuilder();
|
||||
$query->select('*')
|
||||
->from('spreedme_room_participants')
|
||||
->where($query->expr()->eq('userId', $query->createNamedParameter($userId)))
|
||||
->andWhere($query->expr()->eq('roomId', $query->createNamedParameter($this->getId())));
|
||||
$result = $query->execute();
|
||||
$row = $result->fetch();
|
||||
$result->closeCursor();
|
||||
|
||||
if ($row === false) {
|
||||
throw new \RuntimeException('User is not a participant');
|
||||
}
|
||||
|
||||
$this->participant = new Participant($this->db, $this, $row['userId'], (int) $row['participantType'], (int) $row['lastPing'], $row['sessionId']);
|
||||
return $this->participant;
|
||||
}
|
||||
|
||||
public function deleteRoom() {
|
||||
$query = $this->db->getQueryBuilder();
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue