diff options
author | Joas Schilling <coding@schilljs.com> | 2022-04-27 18:05:07 +0300 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2022-04-27 22:03:14 +0300 |
commit | 7c1268acbce3884cb07a7447dba067d0ddbccfec (patch) | |
tree | 684ffcb4c1fdbc4f4165b4ff962f0bf3df649e03 /lib | |
parent | 8d9f4be98fceaf1c3ef30d6241242f6ef6d12062 (diff) |
Introduce a chat permission on the API
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Controller/ChatController.php | 4 | ||||
-rw-r--r-- | lib/Controller/ReactionController.php | 2 | ||||
-rw-r--r-- | lib/Exceptions/PermissionsException.php | 28 | ||||
-rw-r--r-- | lib/Middleware/InjectionMiddleware.php | 27 | ||||
-rw-r--r-- | lib/Model/Attendee.php | 2 |
5 files changed, 62 insertions, 1 deletions
diff --git a/lib/Controller/ChatController.php b/lib/Controller/ChatController.php index 39db47d83..8e508d0b0 100644 --- a/lib/Controller/ChatController.php +++ b/lib/Controller/ChatController.php @@ -180,6 +180,7 @@ class ChatController extends AEnvironmentAwareController { * @PublicPage * @RequireParticipant * @RequireReadWriteConversation + * @RequirePermissions(permissions=chat) * @RequireModeratorOrNoLobby * * Sends a new chat message to the given room. @@ -235,6 +236,7 @@ class ChatController extends AEnvironmentAwareController { * @PublicPage * @RequireParticipant * @RequireReadWriteConversation + * @RequirePermissions(permissions=chat) * @RequireModeratorOrNoLobby * * Sends a rich-object to the given room. @@ -575,6 +577,7 @@ class ChatController extends AEnvironmentAwareController { * @NoAdminRequired * @RequireParticipant * @RequireReadWriteConversation + * @RequirePermissions(permissions=chat) * @RequireModeratorOrNoLobby * * @param int $messageId @@ -825,6 +828,7 @@ class ChatController extends AEnvironmentAwareController { * @PublicPage * @RequireParticipant * @RequireReadWriteConversation + * @RequirePermissions(permissions=chat) * @RequireModeratorOrNoLobby * * @param string $search diff --git a/lib/Controller/ReactionController.php b/lib/Controller/ReactionController.php index a5b6fa89e..d99553914 100644 --- a/lib/Controller/ReactionController.php +++ b/lib/Controller/ReactionController.php @@ -48,6 +48,7 @@ class ReactionController extends AEnvironmentAwareController { * @PublicPage * @RequireParticipant * @RequireReadWriteConversation + * @RequirePermissions(permissions=chat) * @RequireModeratorOrNoLobby * * @param int $messageId for reaction @@ -78,6 +79,7 @@ class ReactionController extends AEnvironmentAwareController { * @PublicPage * @RequireParticipant * @RequireReadWriteConversation + * @RequirePermissions(permissions=chat) * @RequireModeratorOrNoLobby * * @param int $messageId for reaction diff --git a/lib/Exceptions/PermissionsException.php b/lib/Exceptions/PermissionsException.php new file mode 100644 index 000000000..3677eb0d0 --- /dev/null +++ b/lib/Exceptions/PermissionsException.php @@ -0,0 +1,28 @@ +<?php + +declare(strict_types=1); +/** + * @copyright Copyright (c) 2020 Julien Veyssier <eneiluj@posteo.net> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + + +namespace OCA\Talk\Exceptions; + +class PermissionsException extends \Exception { +} diff --git a/lib/Middleware/InjectionMiddleware.php b/lib/Middleware/InjectionMiddleware.php index 18d98b1ac..0671aac8c 100644 --- a/lib/Middleware/InjectionMiddleware.php +++ b/lib/Middleware/InjectionMiddleware.php @@ -25,6 +25,7 @@ namespace OCA\Talk\Middleware; use OCA\Talk\Controller\AEnvironmentAwareController; use OCA\Talk\Exceptions\ParticipantNotFoundException; +use OCA\Talk\Exceptions\PermissionsException; use OCA\Talk\Exceptions\RoomNotFoundException; use OCA\Talk\Manager; use OCA\Talk\Middleware\Exceptions\LobbyException; @@ -108,6 +109,11 @@ class InjectionMiddleware extends Middleware { if ($this->reflector->hasAnnotation('RequireModeratorOrNoLobby')) { $this->checkLobbyState($controller); } + + $requiredPermissions = $this->reflector->getAnnotationParameter('RequirePermissions', 'permissions'); + if ($requiredPermissions) { + $this->checkPermissions($controller, $requiredPermissions); + } } /** @@ -190,6 +196,24 @@ class InjectionMiddleware extends Middleware { /** * @param AEnvironmentAwareController $controller + * @throws PermissionsException + */ + protected function checkPermissions(AEnvironmentAwareController $controller, string $permissions): void { + $textPermissions = explode(',', $permissions); + $participant = $controller->getParticipant(); + if (!$participant instanceof Participant) { + throw new PermissionsException(); + } + + foreach ($textPermissions as $textPermission) { + if ($textPermission === 'chat' && !($participant->getPermissions() & Attendee::PERMISSIONS_CHAT)) { + throw new PermissionsException(); + } + } + } + + /** + * @param AEnvironmentAwareController $controller * @throws LobbyException */ protected function checkLobbyState(AEnvironmentAwareController $controller): void { @@ -238,7 +262,8 @@ class InjectionMiddleware extends Middleware { } if ($exception instanceof NotAModeratorException || - $exception instanceof ReadOnlyException) { + $exception instanceof ReadOnlyException || + $exception instanceof PermissionsException) { if ($controller instanceof OCSController) { throw new OCSException('', Http::STATUS_FORBIDDEN); } diff --git a/lib/Model/Attendee.php b/lib/Model/Attendee.php index 32c03f666..cabda580f 100644 --- a/lib/Model/Attendee.php +++ b/lib/Model/Attendee.php @@ -78,6 +78,7 @@ class Attendee extends Entity { public const PERMISSIONS_PUBLISH_AUDIO = 16; public const PERMISSIONS_PUBLISH_VIDEO = 32; public const PERMISSIONS_PUBLISH_SCREEN = 64; + public const PERMISSIONS_CHAT = 128; public const PERMISSIONS_MAX_DEFAULT = // Max int (when all permissions are granted as default) self::PERMISSIONS_CALL_START | self::PERMISSIONS_CALL_JOIN @@ -85,6 +86,7 @@ class Attendee extends Entity { | self::PERMISSIONS_PUBLISH_AUDIO | self::PERMISSIONS_PUBLISH_VIDEO | self::PERMISSIONS_PUBLISH_SCREEN + | self::PERMISSIONS_CHAT ; public const PERMISSIONS_MAX_CUSTOM = self::PERMISSIONS_MAX_DEFAULT | self::PERMISSIONS_CUSTOM; // Max int (when all permissions are granted as custom) |