diff options
| author | Jakob Röhrl <jakob.roehrl@web.de> | 2021-03-04 11:37:45 +0300 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2021-03-04 12:22:54 +0300 |
| commit | 2c3f80bb08793fec62a95478187ffafffb35bbff (patch) | |
| tree | 2b528eff6744607fe7a28ec732aea89e5c18e536 /lib/Controller/ChatController.php | |
| parent | 5bf97d54bca227a690db77c7229d9693efe5b4f6 (diff) | |
Don't allow to delete other persons chats in 1-1 chats
Signed-off-by: Jakob Röhrl <jakob.roehrl@web.de>
Diffstat (limited to 'lib/Controller/ChatController.php')
| -rw-r--r-- | lib/Controller/ChatController.php | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/Controller/ChatController.php b/lib/Controller/ChatController.php index 4be98b359..62db43832 100644 --- a/lib/Controller/ChatController.php +++ b/lib/Controller/ChatController.php @@ -551,9 +551,11 @@ class ChatController extends AEnvironmentAwareController { } $attendee = $this->participant->getAttendee(); - if (!$this->participant->hasModeratorPermissions(false) - && ($message->getActorType() !== $attendee->getActorType() - || $message->getActorId() !== $attendee->getActorId())) { + $isOwnMessage = $message->getActorType() === $attendee->getActorType() + && $message->getActorId() === $attendee->getActorId(); + if (!$isOwnMessage + && (!$this->participant->hasModeratorPermissions(false) + || $this->room->getType() === Room::ONE_TO_ONE_CALL)) { // Actor is not a moderator or not the owner of the message return new DataResponse([], Http::STATUS_FORBIDDEN); } |