diff options
| author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2021-03-04 16:34:17 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-04 16:34:17 +0300 |
| commit | 582656131472788b419d948bcc05032180fb184f (patch) | |
| tree | 900039c2538cf8d1d05a33a5b88e584d223102b7 /lib/Controller/ChatController.php | |
| parent | 59f4f69ba5916e78a3f82377c64691a1737038b3 (diff) | |
| parent | 6cbe15c503058c9ef3a0525f0d9d6612fa354a88 (diff) | |
Merge pull request #5313 from nextcloud/backport/5310/stable21
[stable21] don't allow to delete other persons chats in 1-1 chats
Diffstat (limited to 'lib/Controller/ChatController.php')
| -rw-r--r-- | lib/Controller/ChatController.php | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/lib/Controller/ChatController.php b/lib/Controller/ChatController.php index 49257cbca..f8e0f19a6 100644 --- a/lib/Controller/ChatController.php +++ b/lib/Controller/ChatController.php @@ -563,9 +563,11 @@ class ChatController extends AEnvironmentAwareController { } $attendee = $this->participant->getAttendee(); - if (!$this->participant->hasModeratorPermissions(false) - && ($message->getActorType() !== $attendee->getActorType() - || $message->getActorId() !== $attendee->getActorId())) { + $isOwnMessage = $message->getActorType() === $attendee->getActorType() + && $message->getActorId() === $attendee->getActorId(); + if (!$isOwnMessage + && (!$this->participant->hasModeratorPermissions(false) + || $this->room->getType() === Room::ONE_TO_ONE_CALL)) { // Actor is not a moderator or not the owner of the message return new DataResponse([], Http::STATUS_FORBIDDEN); } |