diff options
| author | Joas Schilling <coding@schilljs.com> | 2022-04-27 20:13:40 +0300 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2022-04-27 22:22:43 +0300 |
| commit | 5874253f25e5d780680d2dbdc7c71540d6a95aee (patch) | |
| tree | 68e586d58272819a398a55065e8af9a823943103 /lib | |
| parent | 7f0dbc0c6497225090cab15fb416e7352edd9323 (diff) | |
Disallow sharing without chat permissions
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/Collaboration/Collaborators/RoomPlugin.php | 8 | ||||
| -rw-r--r-- | lib/Share/RoomShareProvider.php | 8 |
2 files changed, 15 insertions, 1 deletions
diff --git a/lib/Collaboration/Collaborators/RoomPlugin.php b/lib/Collaboration/Collaborators/RoomPlugin.php index ea9e92d8e..cc03429fe 100644 --- a/lib/Collaboration/Collaborators/RoomPlugin.php +++ b/lib/Collaboration/Collaborators/RoomPlugin.php @@ -25,6 +25,8 @@ declare(strict_types=1); namespace OCA\Talk\Collaboration\Collaborators; use OCA\Talk\Manager; +use OCA\Talk\Model\Attendee; +use OCA\Talk\Participant; use OCA\Talk\Room; use OCP\Collaboration\Collaborators\ISearchPlugin; use OCP\Collaboration\Collaborators\ISearchResult; @@ -62,6 +64,12 @@ class RoomPlugin implements ISearchPlugin { continue; } + $participant = $room->getParticipant($userId, false); + if (!$participant instanceof Participant || !($participant->getPermissions() & Attendee::PERMISSIONS_CHAT)) { + // No chat permissions is like read-only + continue; + } + if (stripos($room->getDisplayName($userId), $search) !== false) { $item = $this->roomToSearchResultItem($room, $userId); diff --git a/lib/Share/RoomShareProvider.php b/lib/Share/RoomShareProvider.php index 9e3c4ad90..24b1aa82d 100644 --- a/lib/Share/RoomShareProvider.php +++ b/lib/Share/RoomShareProvider.php @@ -34,6 +34,7 @@ use OCA\Talk\Events\RoomEvent; use OCA\Talk\Exceptions\ParticipantNotFoundException; use OCA\Talk\Exceptions\RoomNotFoundException; use OCA\Talk\Manager; +use OCA\Talk\Model\Attendee; use OCA\Talk\Room; use OCA\Talk\Service\ParticipantService; use OCP\AppFramework\Utility\ITimeFactory; @@ -142,13 +143,18 @@ class RoomShareProvider implements IShareProvider { } try { - $room->getParticipant($share->getSharedBy(), false); + $participant = $room->getParticipant($share->getSharedBy(), false); } catch (ParticipantNotFoundException $e) { // If the sharer is not a participant of the room even if the room // exists the error is still "Room not found". throw new GenericShareException('Room not found', $this->l->t('Conversation not found'), 404); } + if (!($participant->getPermissions() & Attendee::PERMISSIONS_CHAT)) { + // No chat permissions is like read-only + throw new GenericShareException('Room not found', $this->l->t('Conversation not found'), 404); + } + $existingShares = $this->getSharesByPath($share->getNode()); foreach ($existingShares as $existingShare) { if ($existingShare->getSharedWith() === $share->getSharedWith()) { |