diff options
| author | Daniel Calviño Sánchez <danxuliu@gmail.com> | 2018-07-12 07:50:38 +0300 |
|---|---|---|
| committer | Daniel Calviño Sánchez <danxuliu@gmail.com> | 2018-08-08 11:24:49 +0300 |
| commit | 94b4a185056e3969b1962b1b2854bf7cb24e939f (patch) | |
| tree | db82da5d7e8274d59e7e07219022e12af3f6027e /lib/PublicShareAuth | |
| parent | 7dfcbe2c5aa6168b4c235f73ade54d7d2f47e0b9 (diff) | |
Prevent extra participants from joining a "share:password" room
The rooms to request the password for a share are public rooms, so
anyone could join them provided she knows its token. Thus, now it is
enforced that only a single participant besides the owner can join the
room.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Diffstat (limited to 'lib/PublicShareAuth')
| -rw-r--r-- | lib/PublicShareAuth/Room.php | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/lib/PublicShareAuth/Room.php b/lib/PublicShareAuth/Room.php index cc20048a1..739bd3efc 100644 --- a/lib/PublicShareAuth/Room.php +++ b/lib/PublicShareAuth/Room.php @@ -24,6 +24,8 @@ declare(strict_types=1); namespace OCA\Spreed\PublicShareAuth; +use OCA\Spreed\Participant; + /** * Custom behaviour for rooms to request the password for a share. * @@ -40,6 +42,57 @@ namespace OCA\Spreed\PublicShareAuth; class Room { /** + * Prevents other users from joining if there is already another participant + * in the room besides the owner. + * + * This method should be called before a user joins a room. + * + * @param \OCA\Spreed\Room $room + * @param string $userId + * @throws \OverflowException + */ + public function preventExtraUsersFromJoining(\OCA\Spreed\Room $room, string $userId) { + if ($room->getObjectType() !== 'share:password') { + return; + } + + $participants = $room->getParticipants(); + $users = $participants['users']; + $guests = $participants['guests']; + + if (array_key_exists($userId, $users) && $users[$userId]['participantType'] === Participant::OWNER) { + return; + } + + if (\count($users) > 1 || \count($guests) > 0) { + throw new \OverflowException('Only the owner and another participant are allowed in rooms to request the password for a share'); + } + } + + /** + * Prevents other guests from joining if there is already another + * participant in the room besides the owner. + * + * This method should be called before a guest joins a room. + * + * @param \OCA\Spreed\Room $room + * @throws \OverflowException + */ + public function preventExtraGuestsFromJoining(\OCA\Spreed\Room $room) { + if ($room->getObjectType() !== 'share:password') { + return; + } + + $participants = $room->getParticipants(); + $users = $participants['users']; + $guests = $participants['guests']; + + if (\count($users) > 1 || \count($guests) > 0) { + throw new \OverflowException('Only the owner and another participant are allowed in rooms to request the password for a share'); + } + } + + /** * Destroys the PublicShareAuth room as soon as one of the participant * leaves the room. * |