diff options
author | Joas Schilling <coding@schilljs.com> | 2019-07-29 17:13:11 +0300 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2019-07-30 15:16:21 +0300 |
commit | e6070d272a85ab4b2cff258718e593d12f489025 (patch) | |
tree | 972909440af02f84b14c5f7541db4cb57b323580 /lib | |
parent | ece3c74e7cf9bbcc48ac55e8592a9e0090620b10 (diff) |
Correctly check if a user has access to a conversation
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Collaboration/Resources/ConversationProvider.php | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/lib/Collaboration/Resources/ConversationProvider.php b/lib/Collaboration/Resources/ConversationProvider.php index 549034325..6621a13b6 100644 --- a/lib/Collaboration/Resources/ConversationProvider.php +++ b/lib/Collaboration/Resources/ConversationProvider.php @@ -22,8 +22,10 @@ declare(strict_types=1); namespace OCA\Spreed\Collaboration\Resources; +use OCA\Spreed\Exceptions\ParticipantNotFoundException; use OCA\Spreed\Exceptions\RoomNotFoundException; use OCA\Spreed\Manager; +use OCA\Spreed\Participant; use OCA\Spreed\Room; use OCP\Collaboration\Resources\IProvider; use OCP\Collaboration\Resources\IResource; @@ -76,14 +78,25 @@ class ConversationProvider implements IProvider { } public function canAccessResource(IResource $resource, IUser $user = null): bool { + $userId = $user instanceof IUser ? $user->getUID() : null; + if ($userId === null) { + throw new ResourceException('Guests are not supported at the moment'); + } + try { $room = $this->manager->getRoomForParticipantByToken( $resource->getId(), - $user instanceof IUser ? $user->getUID() : null + $userId ); - return $user instanceof IUser || $room->getType() === Room::PUBLIC_CALL; + + // Logged in users need to have a regular participant, + // before they can do anything with the room. + $participant = $room->getParticipant($userId); + return $participant->getParticipantType() !== Participant::USER_SELF_JOINED; } catch (RoomNotFoundException $e) { throw new ResourceException('Conversation not found'); + } catch (ParticipantNotFoundException $e) { + throw new ResourceException('Participant not found'); } } |