From 63a30ed4c4061d68ac7de5027762f06744637e7f Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Wed, 13 Nov 2024 12:08:43 +0100 Subject: [PATCH] feat(permissions): Contract part for conversation-permissions-v2 Signed-off-by: Joas Schilling --- docs/capabilities.md | 3 +++ docs/constants.md | 8 +++++++- lib/Capabilities.php | 1 + lib/Config.php | 4 ++-- lib/Model/Attendee.php | 12 ++++++++++++ 5 files changed, 25 insertions(+), 3 deletions(-) diff --git a/docs/capabilities.md b/docs/capabilities.md index f8bebf371cd..ac9ad34f2d8 100644 --- a/docs/capabilities.md +++ b/docs/capabilities.md @@ -162,3 +162,6 @@ * `download-call-participants` - Whether the endpoints for moderators to download the call participants is available * `config => call => start-without-media` (local) - Boolean, whether media should be disabled when starting or joining a conversation * `config => call => max-duration` - Integer, maximum call duration in seconds. Please note that this should only be used with system cron and with a reasonable high value, due to the expended duration until the background job ran. + +## 21 +* `conversation-permissions-v2` - The chat permission was split into individual permissions for writing a message, reacting to a message, viewing and sharing attachments, editing whiteboards. Additionally new permissions for moderating a call and seeing the participant list where introduced. diff --git a/docs/constants.md b/docs/constants.md index 91c2bfe421e..d4d7b668e4b 100644 --- a/docs/constants.md +++ b/docs/constants.md @@ -103,7 +103,13 @@ * `16` Can publish audio stream * `32` Can publish video stream * `64` Can publish screen sharing stream -* `128` Can post chat message, share items and do reactions +* `128` Can post chat message (Was split into 128, 256, 512, 1024 and 2048 with the `conversation-permissions-v2` capability) +* `256` Can react to chat messages (Only with the `conversation-permissions-v2` capability, otherwise check `128`) +* `512` Can see attachments in chat messages (Only with the `conversation-permissions-v2` capability, otherwise check `128`) +* `1024` Can share items (Only with the `conversation-permissions-v2` capability, otherwise check `128`) +* `2048` Can edit whiteboards (Only with the `conversation-permissions-v2` capability, otherwise check `128`) +* `4096` Can see the participants list (Only with the `conversation-permissions-v2` capability, otherwise granted) +* `8192` Can moderate the call (but not other participants), e.g. starting and stopping the lobby, will survive setting conversation permissions for all other users (Only with the `conversation-permissions-v2` capability, otherwise not-granted) ### Attendee permission modifications * `set` - Setting this permission set. diff --git a/lib/Capabilities.php b/lib/Capabilities.php index cb30c4bb443..4ca18fd710a 100644 --- a/lib/Capabilities.php +++ b/lib/Capabilities.php @@ -106,6 +106,7 @@ class Capabilities implements IPublicCapability { 'archived-conversations', 'talk-polls-drafts', 'download-call-participants', + 'conversation-permissions-v2', ]; public const LOCAL_FEATURES = [ diff --git a/lib/Config.php b/lib/Config.php index 2019731d976..9c786d51237 100644 --- a/lib/Config.php +++ b/lib/Config.php @@ -277,8 +277,8 @@ public function getDefaultPermissions(): int { return min(Attendee::PERMISSIONS_MAX_CUSTOM, max(Attendee::PERMISSIONS_DEFAULT, (int)$configurableDefault)); } - // Falling back to an unrestricted set of permissions, only ignoring the lobby is off - return Attendee::PERMISSIONS_MAX_DEFAULT & ~Attendee::PERMISSIONS_LOBBY_IGNORE; + // Falling back to an unrestricted set of permissions, only ignoring the lobby is off and moderating calls + return Attendee::PERMISSIONS_MAX_DEFAULT & ~Attendee::PERMISSIONS_LOBBY_IGNORE & ~Attendee::PERMISSIONS_CALL_MODERATE; } public function getAttachmentFolder(string $userId): string { diff --git a/lib/Model/Attendee.php b/lib/Model/Attendee.php index 02ce13bcae2..d857df01c7c 100644 --- a/lib/Model/Attendee.php +++ b/lib/Model/Attendee.php @@ -87,6 +87,12 @@ class Attendee extends Entity { public const PERMISSIONS_PUBLISH_VIDEO = 32; public const PERMISSIONS_PUBLISH_SCREEN = 64; public const PERMISSIONS_CHAT = 128; + public const PERMISSIONS_CHAT_REACTION = 256; + public const PERMISSIONS_FILE_VIEW = 512; + public const PERMISSIONS_FILE_SHARE = 1024; + public const PERMISSIONS_WHITEBOARD = 2048; + public const PERMISSIONS_PARTICIPANTS_VIEW = 4096; + public const PERMISSIONS_CALL_MODERATE = 8192; public const PERMISSIONS_MAX_DEFAULT = // Max int (when all permissions are granted as default) self::PERMISSIONS_CALL_START | self::PERMISSIONS_CALL_JOIN @@ -95,6 +101,12 @@ class Attendee extends Entity { | self::PERMISSIONS_PUBLISH_VIDEO | self::PERMISSIONS_PUBLISH_SCREEN | self::PERMISSIONS_CHAT + | self::PERMISSIONS_CHAT_REACTION + | self::PERMISSIONS_FILE_VIEW + | self::PERMISSIONS_FILE_SHARE + | self::PERMISSIONS_WHITEBOARD + | self::PERMISSIONS_PARTICIPANTS_VIEW + | self::PERMISSIONS_CALL_MODERATE ; public const PERMISSIONS_MAX_CUSTOM = self::PERMISSIONS_MAX_DEFAULT | self::PERMISSIONS_CUSTOM; // Max int (when all permissions are granted as custom)