diff options
| author | Joas Schilling <coding@schilljs.com> | 2021-02-02 15:21:10 +0300 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2021-02-02 15:52:26 +0300 |
| commit | 11a861c2cbf26916162ff989e70c3dcb61bb169f (patch) | |
| tree | be6d33db6196cf196c2ea6e3555df77bbf604c1c | |
| parent | 065a1ef8b689de382416f4b870135803293b6bf8 (diff) | |
Prevent deleting system messages and shares
Signed-off-by: Joas Schilling <coding@schilljs.com>
| -rw-r--r-- | docs/chat.md | 1 | ||||
| -rw-r--r-- | lib/Controller/ChatController.php | 5 | ||||
| -rw-r--r-- | src/components/MessagesList/MessagesGroup/Message/Message.vue | 8 |
3 files changed, 13 insertions, 1 deletions
diff --git a/docs/chat.md b/docs/chat.md index da98470b6..3d03bf5e1 100644 --- a/docs/chat.md +++ b/docs/chat.md @@ -110,6 +110,7 @@ Base endpoint is: `/ocs/v2.php/apps/spreed/api/v1` + `403 Forbidden` When the message is not from the current user and the user not a moderator + `403 Forbidden` When the conversation is read-only + `404 Not Found` When the conversation or chat message could not be found for the participant + + `405 Method Not Allowed` When the message is not a normal chat message + `412 Precondition Failed` When the lobby is active and the user is not a moderator - Header: diff --git a/lib/Controller/ChatController.php b/lib/Controller/ChatController.php index 34476b53c..4c5706086 100644 --- a/lib/Controller/ChatController.php +++ b/lib/Controller/ChatController.php @@ -492,6 +492,11 @@ class ChatController extends AEnvironmentAwareController { return new DataResponse([], Http::STATUS_FORBIDDEN); } + if ($message->getVerb() !== 'comment') { + // System message or file share (since the message is not parsed, it has type "system") + return new DataResponse([], Http::STATUS_METHOD_NOT_ALLOWED); + } + $maxDeleteAge = $this->timeFactory->getDateTime(); $maxDeleteAge->sub(new \DateInterval('PT6H')); if ($message->getCreationDateTime() < $maxDeleteAge) { diff --git a/src/components/MessagesList/MessagesGroup/Message/Message.vue b/src/components/MessagesList/MessagesGroup/Message/Message.vue index 277c5ec69..c4a04bc1a 100644 --- a/src/components/MessagesList/MessagesGroup/Message/Message.vue +++ b/src/components/MessagesList/MessagesGroup/Message/Message.vue @@ -326,7 +326,7 @@ export default { }, hasActions() { - return this.isReplyable && !this.isConversationReadOnly + return (this.isReplyable || this.isDeleteable) && !this.isConversationReadOnly }, isConversationReadOnly() { @@ -481,9 +481,13 @@ export default { }, isDeleteable() { + const isFileShare = this.message === '{file}' + && this.messageParameters?.file + return (moment(this.timestamp * 1000).add(6, 'h')) > moment() && this.messageType === 'comment' && !this.isDeleting + && !isFileShare && (this.participant.participantType === PARTICIPANT.TYPE.OWNER || this.participant.participantType === PARTICIPANT.TYPE.MODERATOR || this.isMyMsg) @@ -578,6 +582,8 @@ export default { } catch (e) { if (e?.response?.status === 400) { showError(t('spreed', 'Message could not be deleted because it is too old')) + } else if (e?.response?.status === 405) { + showError(t('spreed', 'Only normal chat messages can be deleted')) } else { showError(t('spreed', 'An error occurred while deleting the message')) console.error(e) |