Introduce a chat permission on the API

Signed-off-by: Joas Schilling <coding@schilljs.com>
author: Joas Schilling <coding@schilljs.com> 2022-04-27 18:05:07 +0300
committer: Joas Schilling <coding@schilljs.com> 2022-04-27 22:03:14 +0300
commit: 7c1268acbce3884cb07a7447dba067d0ddbccfec (patch)
tree: 684ffcb4c1fdbc4f4165b4ff962f0bf3df649e03 /lib
parent: 8d9f4be98fceaf1c3ef30d6241242f6ef6d12062 (diff)
5 files changed, 62 insertions, 1 deletions
diff --git a/lib/Controller/ChatController.php b/lib/Controller/ChatController.php
index 39db47d83..8e508d0b0 100644
--- a/lib/Controller/ChatController.php
+++ b/lib/Controller/ChatController.php
@@ -180,6 +180,7 @@ class ChatController extends AEnvironmentAwareController {
 	 * @PublicPage
 	 * @RequireParticipant
 	 * @RequireReadWriteConversation
+	 * @RequirePermissions(permissions=chat)
 	 * @RequireModeratorOrNoLobby
 	 *
 	 * Sends a new chat message to the given room.
@@ -235,6 +236,7 @@ class ChatController extends AEnvironmentAwareController {
 	 * @PublicPage
 	 * @RequireParticipant
 	 * @RequireReadWriteConversation
+	 * @RequirePermissions(permissions=chat)
 	 * @RequireModeratorOrNoLobby
 	 *
 	 * Sends a rich-object to the given room.
@@ -575,6 +577,7 @@ class ChatController extends AEnvironmentAwareController {
 	 * @NoAdminRequired
 	 * @RequireParticipant
 	 * @RequireReadWriteConversation
+	 * @RequirePermissions(permissions=chat)
 	 * @RequireModeratorOrNoLobby
 	 *
 	 * @param int $messageId
@@ -825,6 +828,7 @@ class ChatController extends AEnvironmentAwareController {
 	 * @PublicPage
 	 * @RequireParticipant
 	 * @RequireReadWriteConversation
+	 * @RequirePermissions(permissions=chat)
 	 * @RequireModeratorOrNoLobby
 	 *
 	 * @param string $search
diff --git a/lib/Controller/ReactionController.php b/lib/Controller/ReactionController.php
index a5b6fa89e..d99553914 100644
--- a/lib/Controller/ReactionController.php
+++ b/lib/Controller/ReactionController.php
@@ -48,6 +48,7 @@ class ReactionController extends AEnvironmentAwareController {
 	 * @PublicPage
 	 * @RequireParticipant
 	 * @RequireReadWriteConversation
+	 * @RequirePermissions(permissions=chat)
 	 * @RequireModeratorOrNoLobby
 	 *
 	 * @param int $messageId for reaction
@@ -78,6 +79,7 @@ class ReactionController extends AEnvironmentAwareController {
 	 * @PublicPage
 	 * @RequireParticipant
 	 * @RequireReadWriteConversation
+	 * @RequirePermissions(permissions=chat)
 	 * @RequireModeratorOrNoLobby
 	 *
 	 * @param int $messageId for reaction
diff --git a/lib/Exceptions/PermissionsException.php b/lib/Exceptions/PermissionsException.php
new file mode 100644
index 000000000..3677eb0d0
--- /dev/null
+++ b/lib/Exceptions/PermissionsException.php
@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2020 Julien Veyssier <eneiluj@posteo.net>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+namespace OCA\Talk\Exceptions;
+
+class PermissionsException extends \Exception {
+}
diff --git a/lib/Middleware/InjectionMiddleware.php b/lib/Middleware/InjectionMiddleware.php
index 18d98b1ac..0671aac8c 100644
--- a/lib/Middleware/InjectionMiddleware.php
+++ b/lib/Middleware/InjectionMiddleware.php
@@ -25,6 +25,7 @@ namespace OCA\Talk\Middleware;
 
 use OCA\Talk\Controller\AEnvironmentAwareController;
 use OCA\Talk\Exceptions\ParticipantNotFoundException;
+use OCA\Talk\Exceptions\PermissionsException;
 use OCA\Talk\Exceptions\RoomNotFoundException;
 use OCA\Talk\Manager;
 use OCA\Talk\Middleware\Exceptions\LobbyException;
@@ -108,6 +109,11 @@ class InjectionMiddleware extends Middleware {
 		if ($this->reflector->hasAnnotation('RequireModeratorOrNoLobby')) {
 			$this->checkLobbyState($controller);
 		}
+
+		$requiredPermissions = $this->reflector->getAnnotationParameter('RequirePermissions', 'permissions');
+		if ($requiredPermissions) {
+			$this->checkPermissions($controller, $requiredPermissions);
+		}
 	}
 
 	/**
@@ -190,6 +196,24 @@ class InjectionMiddleware extends Middleware {
 
 	/**
 	 * @param AEnvironmentAwareController $controller
+	 * @throws PermissionsException
+	 */
+	protected function checkPermissions(AEnvironmentAwareController $controller, string $permissions): void {
+		$textPermissions = explode(',', $permissions);
+		$participant = $controller->getParticipant();
+		if (!$participant instanceof Participant) {
+			throw new PermissionsException();
+		}
+
+		foreach ($textPermissions as $textPermission) {
+			if ($textPermission === 'chat' && !($participant->getPermissions() & Attendee::PERMISSIONS_CHAT)) {
+				throw new PermissionsException();
+			}
+		}
+	}
+
+	/**
+	 * @param AEnvironmentAwareController $controller
 	 * @throws LobbyException
 	 */
 	protected function checkLobbyState(AEnvironmentAwareController $controller): void {
@@ -238,7 +262,8 @@ class InjectionMiddleware extends Middleware {
 		}
 
 		if ($exception instanceof NotAModeratorException ||
-			$exception instanceof ReadOnlyException) {
+			$exception instanceof ReadOnlyException ||
+			$exception instanceof PermissionsException) {
 			if ($controller instanceof OCSController) {
 				throw new OCSException('', Http::STATUS_FORBIDDEN);
 			}
diff --git a/lib/Model/Attendee.php b/lib/Model/Attendee.php
index 32c03f666..cabda580f 100644
--- a/lib/Model/Attendee.php
+++ b/lib/Model/Attendee.php
@@ -78,6 +78,7 @@ class Attendee extends Entity {
 	public const PERMISSIONS_PUBLISH_AUDIO = 16;
 	public const PERMISSIONS_PUBLISH_VIDEO = 32;
 	public const PERMISSIONS_PUBLISH_SCREEN = 64;
+	public const PERMISSIONS_CHAT = 128;
 	public const PERMISSIONS_MAX_DEFAULT = // Max int (when all permissions are granted as default)
 		self::PERMISSIONS_CALL_START
 		| self::PERMISSIONS_CALL_JOIN
@@ -85,6 +86,7 @@ class Attendee extends Entity {
 		| self::PERMISSIONS_PUBLISH_AUDIO
 		| self::PERMISSIONS_PUBLISH_VIDEO
 		| self::PERMISSIONS_PUBLISH_SCREEN
+		| self::PERMISSIONS_CHAT
 	;
 	public const PERMISSIONS_MAX_CUSTOM = self::PERMISSIONS_MAX_DEFAULT | self::PERMISSIONS_CUSTOM; // Max int (when all permissions are granted as custom)
author	Joas Schilling <coding@schilljs.com>	2022-04-27 18:05:07 +0300
committer	Joas Schilling <coding@schilljs.com>	2022-04-27 22:03:14 +0300
commit	7c1268acbce3884cb07a7447dba067d0ddbccfec (patch)
tree	684ffcb4c1fdbc4f4165b4ff962f0bf3df649e03 /lib
parent	8d9f4be98fceaf1c3ef30d6241242f6ef6d12062 (diff)