зеркало из https://github.com/nextcloud/spreed.git
Prevent access to some APIs for non-moderators if lobby is enabled
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling
Daniel Calviño Sánchez
Родитель
d59725e0f9
Коммит
6b6f42dde3
|
|
@ -48,6 +48,7 @@ class CallController extends AEnvironmentAwareController {
|
|||
* @PublicPage
|
||||
* @RequireParticipant
|
||||
* @RequireReadWriteConversation
|
||||
* @RequireModeratorOrNoLobby
|
||||
*
|
||||
* @return DataResponse
|
||||
*/
|
||||
|
|
@ -75,6 +76,7 @@ class CallController extends AEnvironmentAwareController {
|
|||
* @PublicPage
|
||||
* @RequireParticipant
|
||||
* @RequireReadWriteConversation
|
||||
* @RequireModeratorOrNoLobby
|
||||
*
|
||||
* @param int|null $flags
|
||||
* @return DataResponse
|
||||
|
|
@ -100,6 +102,7 @@ class CallController extends AEnvironmentAwareController {
|
|||
/**
|
||||
* @PublicPage
|
||||
* @RequireParticipant
|
||||
* @RequireModeratorOrNoLobby
|
||||
*
|
||||
* @return DataResponse
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -112,6 +112,7 @@ class ChatController extends AEnvironmentAwareController {
|
|||
* @PublicPage
|
||||
* @RequireParticipant
|
||||
* @RequireReadWriteConversation
|
||||
* @RequireModeratorOrNoLobby
|
||||
*
|
||||
* Sends a new chat message to the given room.
|
||||
*
|
||||
|
|
@ -193,6 +194,7 @@ class ChatController extends AEnvironmentAwareController {
|
|||
/**
|
||||
* @PublicPage
|
||||
* @RequireParticipant
|
||||
* @RequireModeratorOrNoLobby
|
||||
*
|
||||
* Receives chat messages from the given room.
|
||||
*
|
||||
|
|
@ -369,6 +371,7 @@ class ChatController extends AEnvironmentAwareController {
|
|||
* @PublicPage
|
||||
* @RequireParticipant
|
||||
* @RequireReadWriteConversation
|
||||
* @RequireModeratorOrNoLobby
|
||||
*
|
||||
* @param string $search
|
||||
* @param int $limit
|
||||
|
|
|
|||
|
|
@ -569,6 +569,7 @@ class RoomController extends AEnvironmentAwareController {
|
|||
/**
|
||||
* @PublicPage
|
||||
* @RequireParticipant
|
||||
* @RequireModeratorOrNoLobby
|
||||
*
|
||||
* @return DataResponse
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -0,0 +1,31 @@
|
|||
<?php
|
||||
declare(strict_types=1);
|
||||
/**
|
||||
* @copyright Copyright (c) 2019 Joas Schilling <coding@schilljs.com>
|
||||
*
|
||||
* @license GNU AGPL version 3 or any later version
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as
|
||||
* published by the Free Software Foundation, either version 3 of the
|
||||
* License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCA\Spreed\Middleware\Exceptions;
|
||||
|
||||
use OCP\AppFramework\Http;
|
||||
|
||||
class LobbyException extends \Exception {
|
||||
public function __construct() {
|
||||
parent::__construct('The conversation is not open to join right now', Http::STATUS_FORBIDDEN);
|
||||
}
|
||||
}
|
||||
|
|
@ -28,10 +28,12 @@ use OCA\Spreed\Controller\EnvironmentAwareTrait;
|
|||
use OCA\Spreed\Exceptions\ParticipantNotFoundException;
|
||||
use OCA\Spreed\Exceptions\RoomNotFoundException;
|
||||
use OCA\Spreed\Manager;
|
||||
use OCA\Spreed\Middleware\Exceptions\LobbyException;
|
||||
use OCA\Spreed\Middleware\Exceptions\NotAModeratorException;
|
||||
use OCA\Spreed\Middleware\Exceptions\ReadOnlyException;
|
||||
use OCA\Spreed\Room;
|
||||
use OCA\Spreed\TalkSession;
|
||||
use OCA\Spreed\Webinary;
|
||||
use OCP\AppFramework\Controller;
|
||||
use OCP\AppFramework\Http;
|
||||
use OCP\AppFramework\Http\Response;
|
||||
|
|
@ -74,6 +76,7 @@ class InjectionMiddleware extends Middleware {
|
|||
* @throws ParticipantNotFoundException
|
||||
* @throws NotAModeratorException
|
||||
* @throws ReadOnlyException
|
||||
* @throws LobbyException
|
||||
*/
|
||||
public function beforeController($controller, $methodName): void {
|
||||
if (!$controller instanceof AEnvironmentAwareController) {
|
||||
|
|
@ -99,6 +102,10 @@ class InjectionMiddleware extends Middleware {
|
|||
if ($this->reflector->hasAnnotation('RequireReadWriteConversation')) {
|
||||
$this->checkReadOnlyState($controller);
|
||||
}
|
||||
|
||||
if ($this->reflector->hasAnnotation('RequireModeratorOrNoLobby')) {
|
||||
$this->checkLobbyState($controller);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -109,37 +116,38 @@ class InjectionMiddleware extends Middleware {
|
|||
protected function getLoggedIn(AEnvironmentAwareController $controller, bool $moderatorRequired): void {
|
||||
$token = $this->request->getParam('token');
|
||||
$room = $this->manager->getRoomForParticipantByToken($token, $this->userId);
|
||||
$controller->setRoom($room);
|
||||
|
||||
$participant = $room->getParticipant($this->userId);
|
||||
$controller->setParticipant($participant);
|
||||
|
||||
if ($moderatorRequired && !$participant->hasModeratorPermissions(false)) {
|
||||
throw new NotAModeratorException();
|
||||
}
|
||||
|
||||
$controller->setRoom($room);
|
||||
$controller->setParticipant($participant);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param AEnvironmentAwareController $controller
|
||||
* @param bool $moderatorRequired
|
||||
* @throws NotAModeratorException
|
||||
* @throws ParticipantNotFoundException
|
||||
*/
|
||||
protected function getLoggedInOrGuest(AEnvironmentAwareController $controller, bool $moderatorRequired): void {
|
||||
$token = $this->request->getParam('token');
|
||||
$room = $this->manager->getRoomForParticipantByToken($token, $this->userId);
|
||||
$controller->setRoom($room);
|
||||
|
||||
if ($this->userId !== null) {
|
||||
$participant = $room->getParticipant($this->userId);
|
||||
} else {
|
||||
$sessionId = $this->talkSession->getSessionForRoom($token);
|
||||
$participant = $room->getParticipantBySession($sessionId);
|
||||
}
|
||||
$controller->setParticipant($participant);
|
||||
|
||||
if ($moderatorRequired && !$participant->hasModeratorPermissions()) {
|
||||
throw new NotAModeratorException();
|
||||
}
|
||||
|
||||
$controller->setRoom($room);
|
||||
$controller->setParticipant($participant);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -153,6 +161,24 @@ class InjectionMiddleware extends Middleware {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param AEnvironmentAwareController $controller
|
||||
* @throws LobbyException
|
||||
*/
|
||||
protected function checkLobbyState(AEnvironmentAwareController $controller): void {
|
||||
try {
|
||||
$this->getLoggedInOrGuest($controller, true);
|
||||
return;
|
||||
} catch (NotAModeratorException $e) {
|
||||
} catch (ParticipantNotFoundException $e) {
|
||||
}
|
||||
|
||||
$room = $controller->getRoom();
|
||||
if (!$room instanceof Room || $room->getLobbyState() !== Webinary::ALL_PARTICIPANTS) {
|
||||
throw new LobbyException();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param Controller $controller
|
||||
* @param string $methodName
|
||||
|
|
@ -171,7 +197,8 @@ class InjectionMiddleware extends Middleware {
|
|||
}
|
||||
|
||||
if ($exception instanceof NotAModeratorException ||
|
||||
$exception instanceof ReadOnlyException) {
|
||||
$exception instanceof ReadOnlyException ||
|
||||
$exception instanceof LobbyException) {
|
||||
if ($controller instanceof OCSController) {
|
||||
throw new OCSException('', Http::STATUS_FORBIDDEN);
|
||||
}
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче