Propagate permission changes to federated servers #12979
Conversation
|
/backport to stable30 |
The frontend gets the permission for the current participant from the room data (as guest users can not get it from the participant list). However, permission changes were not propagated to federated servers, so the frontend of federated users always assumed that the user had the default permissions. Signed-off-by: Daniel Calviño Sánchez <[email protected]>
danxuliu
force-pushed
the
propagate-permission-changes-to-federated-servers
branch
from
1758178
to
e6db057
Compare
Signed-off-by: Daniel Calviño Sánchez <[email protected]>
When a participant does not have custom permissions the permissions are got from the call or conversation, so they need to be propagated as well to the federated servers to correctly calculate the participant permissions. Signed-off-by: Daniel Calviño Sánchez <[email protected]>
Besides propagating the permissions to federated servers when modified the existing permissions need to be set when creating the federated conversation (or if a federated user is added again to the conversation when all the previous federated users left it already). Signed-off-by: Daniel Calviño Sánchez <[email protected]>
danxuliu
force-pushed
the
propagate-permission-changes-to-federated-servers
branch
from
e6db057
to
f0d8036
Compare
| $protocol['roomCallPermissions'] = $roomCallPermissions; | ||
| $protocol['roomDefaultPermissions'] = $roomDefaultPermissions; |
There was a problem hiding this comment.
And description, and call state, and, …
No this doesn't scale.
And as said, we remove call permissions, please don't add it
There was a problem hiding this comment.
And description, and call state, and, …
No this doesn't scale.
Well, then some other approach is needed. But the initial state needs to be propagated somehow.
And as said, we remove call permissions, please don't add it
This code was written before it was decided that call permissions were going to be removed. Anyway, I will redo it and rebase once call permissions are removed in main and stable30.
| @@ -125,6 +125,8 @@ public function shareReceived(ICloudFederationShare $share): string { | |||
| $remoteId = $share->getProviderId(); | |||
| $roomToken = $share->getResourceName(); | |||
| $roomName = $share->getProtocol()['roomName']; | |||
| $roomCallPermissions = $share->getProtocol()['roomCallPermissions']; | |||
There was a problem hiding this comment.
| $roomCallPermissions = $share->getProtocol()['roomCallPermissions']; |
| @@ -74,6 +77,8 @@ public function addRemoteRoom( | |||
| int $remoteAttendeeId, | |||
| int $roomType, | |||
| string $roomName, | |||
| int $roomCallPermissions, | |||
There was a problem hiding this comment.
| int $roomCallPermissions, |
| @@ -288,7 +292,7 @@ public function testReceiveRemoteShare(): void { | |||
| // Test receiving federation expectations | |||
| $this->federationManager->expects($this->once()) | |||
| ->method('addRemoteRoom') | |||
| ->with($shareWithUser, $providerId, $roomType, $roomName, $name, $remote, $token) | |||
| ->with($shareWithUser, $providerId, $roomType, $roomName, $roomCallPermissions, $roomDefaultPermissions, $name, $remote, $token) | |||
There was a problem hiding this comment.
| ->with($shareWithUser, $providerId, $roomType, $roomName, $roomCallPermissions, $roomDefaultPermissions, $name, $remote, $token) | |
| ->with($shareWithUser, $providerId, $roomType, $roomName, $roomDefaultPermissions, $name, $remote, $token) |
| foreach ($participants as $participant) { | ||
| $cloudId = $this->cloudIdManager->resolveCloudId($participant->getAttendee()->getActorId()); | ||
|
|
||
| $success = $this->notifyParticipantModified($cloudId, $participant, $event); |
There was a problem hiding this comment.
This should only be sent to the instance of the user that is modified.
We do not tell non-moderators the permissions of other users?!
| @@ -69,6 +69,8 @@ public function sendRemoteShare( | |||
| $roomName = $room->getName(); | |||
| $roomType = $room->getType(); | |||
| $roomToken = $room->getToken(); | |||
| $roomCallPermissions = $room->getCallPermissions(); | |||
There was a problem hiding this comment.
| $roomCallPermissions = $room->getCallPermissions(); |
| @@ -101,6 +103,8 @@ public function sendRemoteShare( | |||
| $protocol['invitedCloudId'] = $invitedCloudId->getId(); | |||
| $protocol['roomName'] = $roomName; | |||
| $protocol['roomType'] = $roomType; | |||
| $protocol['roomCallPermissions'] = $roomCallPermissions; | |||
There was a problem hiding this comment.
| $protocol['roomCallPermissions'] = $roomCallPermissions; |
| } | ||
|
|
||
| if ($notification['changedProperty'] === AParticipantModifiedEvent::PROPERTY_PERMISSIONS) { | ||
| $this->participantService->updatePermissions($room, $participant, Attendee::PERMISSIONS_MODIFY_SET, $notification['newValue']); |
There was a problem hiding this comment.
this always updates the permissions of the recipient, independent of which users permissions were actually modified? :D
There was a problem hiding this comment.
The event includes the final permissions, no matter if they were set, added or removed, so the effect should be the same, no? 🤔
|
Replaced by #13092 |
Fix #12953
Requires (for the integration tests to pass) #13027
The frontend gets the permission for the current participant from the room data (as guest users can not get it from the participant list). However, permission changes were not propagated to federated servers, so the frontend of federated users always assumed that the user had the default participant permissions.
However, note that media related permissions (audio, video and screenshare) were correctly handled (at least in the WebUI), as when the permissions are modified a
participants->updatesignaling message is sent and the WebUI gets the media permissions directly from that signaling message rather than from the room data.Independently of that, note that it is not enough to just propagate participant permissions, room permissions and even general default permissions need to be propagated as well (but default permissions currently are not, see below), as when there are no custom permissions for a participant it falls back to the room permissions.
TODO
TALK_ROOM_RESOURCEand, therefore, theCloudFederationProviderTalkwere reused for participant related notifications. Should a newTALK_PARTICIPANT_RESOURCEand provider be added instead?How to test (scenario 1)
Result with this pull request
The new message area and the "Start call" button are disabled
Result without this pull request
Neither the new message area nor the "Start call" button are disabled
How to test (scenario 2)
Result with this pull request
The new message area and the "Start call" button are disabled
Result without this pull request
Neither the new message area nor the "Start call" button are disabled