feat(permissions): Contract part for conversation-permissions-v2

Signed-off-by: Joas Schilling <coding@schilljs.com>

docs/capabilities.md

@@ -162,3 +162,6 @@
 * `download-call-participants` - Whether the endpoints for moderators to download the call participants is available
 * `config => call => start-without-media` (local) - Boolean, whether media should be disabled when starting or joining a conversation
 * `config => call => max-duration` - Integer, maximum call duration in seconds. Please note that this should only be used with system cron and with a reasonable high value, due to the expended duration until the background job ran.
+
+## 21
+* `conversation-permissions-v2` - The chat permission was split into individual permissions for writing a message, reacting to a message, viewing and sharing attachments, editing whiteboards. Additionally new permissions for moderating a call and seeing the participant list where introduced.

docs/constants.md

@@ -103,7 +103,13 @@
 * `16` Can publish audio stream
 * `32` Can publish video stream
 * `64` Can publish screen sharing stream
-* `128` Can post chat message, share items and do reactions
+* `128` Can post chat message (Was split into 128, 256, 512, 1024 and 2048 with the `conversation-permissions-v2` capability)
+* `256` Can react to chat messages (Only with the `conversation-permissions-v2` capability, otherwise check `128`)
+* `512` Can see attachments in chat messages (Only with the `conversation-permissions-v2` capability, otherwise check `128`)
+* `1024` Can share items (Only with the `conversation-permissions-v2` capability, otherwise check `128`)
+* `2048` Can edit whiteboards (Only with the `conversation-permissions-v2` capability, otherwise check `128`)
+* `4096` Can see the participants list (Only with the `conversation-permissions-v2` capability, otherwise granted)
+* `8192` Can moderate the call (but not other participants), e.g. starting and stopping the lobby, will survive setting conversation permissions for all other users (Only with the `conversation-permissions-v2` capability, otherwise not-granted)
 
 ### Attendee permission modifications
 * `set` - Setting this permission set.

lib/Capabilities.php

@@ -106,6 +106,7 @@ class Capabilities implements IPublicCapability {
 		'archived-conversations',
 		'talk-polls-drafts',
 		'download-call-participants',
+		'conversation-permissions-v2',
 	];
 
 	public const LOCAL_FEATURES = [

lib/Config.php

@@ -277,8 +277,8 @@ public function getDefaultPermissions(): int {
 			return min(Attendee::PERMISSIONS_MAX_CUSTOM, max(Attendee::PERMISSIONS_DEFAULT, (int)$configurableDefault));
 		}
 
-		// Falling back to an unrestricted set of permissions, only ignoring the lobby is off
-		return Attendee::PERMISSIONS_MAX_DEFAULT & ~Attendee::PERMISSIONS_LOBBY_IGNORE;
+		// Falling back to an unrestricted set of permissions, only ignoring the lobby is off and moderating calls
+		return Attendee::PERMISSIONS_MAX_DEFAULT & ~Attendee::PERMISSIONS_LOBBY_IGNORE & ~Attendee::PERMISSIONS_CALL_MODERATE;
 	}
 
 	public function getAttachmentFolder(string $userId): string {

lib/Model/Attendee.php

@@ -87,6 +87,12 @@ class Attendee extends Entity {
 	public const PERMISSIONS_PUBLISH_VIDEO = 32;
 	public const PERMISSIONS_PUBLISH_SCREEN = 64;
 	public const PERMISSIONS_CHAT = 128;
+	public const PERMISSIONS_CHAT_REACTION = 256;
+	public const PERMISSIONS_FILE_VIEW = 512;
+	public const PERMISSIONS_FILE_SHARE = 1024;
+	public const PERMISSIONS_WHITEBOARD = 2048;
+	public const PERMISSIONS_PARTICIPANTS_VIEW = 4096;
+	public const PERMISSIONS_CALL_MODERATE = 8192;
 	public const PERMISSIONS_MAX_DEFAULT = // Max int (when all permissions are granted as default)
 		self::PERMISSIONS_CALL_START
 		| self::PERMISSIONS_CALL_JOIN
@@ -95,6 +101,12 @@ class Attendee extends Entity {
 		| self::PERMISSIONS_PUBLISH_VIDEO
 		| self::PERMISSIONS_PUBLISH_SCREEN
 		| self::PERMISSIONS_CHAT
+		| self::PERMISSIONS_CHAT_REACTION
+		| self::PERMISSIONS_FILE_VIEW
+		| self::PERMISSIONS_FILE_SHARE
+		| self::PERMISSIONS_WHITEBOARD
+		| self::PERMISSIONS_PARTICIPANTS_VIEW
+		| self::PERMISSIONS_CALL_MODERATE
 	;
 	public const PERMISSIONS_MAX_CUSTOM = self::PERMISSIONS_MAX_DEFAULT | self::PERMISSIONS_CUSTOM; // Max int (when all permissions are granted as custom)