From b416dffbc93952391a0f7cfcbc8d3f676ce263a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Calvi=C3=B1o=20S=C3=A1nchez?= <danxuliu@gmail.com>
Date: Thu, 15 Aug 2024 08:37:27 +0200
Subject: [PATCH] fix: Propagate permission changes of conversations to
 federated servers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When a participant does not have custom permissions the permissions are
got from the conversation, so they need to be propagated as well
to the federated servers to correctly calculate the participant
permissions.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
---
 .../CloudFederationProviderTalk.php           |  2 +
 .../TalkV1/Notifier/RoomModifiedListener.php  |  1 +
 .../features/federation/permissions.feature   | 64 ++++++++++++++++++-
 3 files changed, 65 insertions(+), 2 deletions(-)

diff --git a/lib/Federation/CloudFederationProviderTalk.php b/lib/Federation/CloudFederationProviderTalk.php
index a172d4fa0e7..72c0811316f 100644
--- a/lib/Federation/CloudFederationProviderTalk.php
+++ b/lib/Federation/CloudFederationProviderTalk.php
@@ -362,6 +362,8 @@ private function roomModified(int $remoteAttendeeId, array $notification): array
 			$this->roomService->setAvatar($room, $notification['newValue']);
 		} elseif ($notification['changedProperty'] === ARoomModifiedEvent::PROPERTY_CALL_RECORDING) {
 			$this->roomService->setCallRecording($room, $notification['newValue']);
+		} elseif ($notification['changedProperty'] === ARoomModifiedEvent::PROPERTY_DEFAULT_PERMISSIONS) {
+			$this->roomService->setDefaultPermissions($room, $notification['newValue']);
 		} elseif ($notification['changedProperty'] === ARoomModifiedEvent::PROPERTY_DESCRIPTION) {
 			$this->roomService->setDescription($room, $notification['newValue']);
 		} elseif ($notification['changedProperty'] === ARoomModifiedEvent::PROPERTY_IN_CALL) {
diff --git a/lib/Federation/Proxy/TalkV1/Notifier/RoomModifiedListener.php b/lib/Federation/Proxy/TalkV1/Notifier/RoomModifiedListener.php
index a81fedd34f9..a5cc88d7f5a 100644
--- a/lib/Federation/Proxy/TalkV1/Notifier/RoomModifiedListener.php
+++ b/lib/Federation/Proxy/TalkV1/Notifier/RoomModifiedListener.php
@@ -50,6 +50,7 @@ public function handle(Event $event): void {
 			ARoomModifiedEvent::PROPERTY_ACTIVE_SINCE,
 			ARoomModifiedEvent::PROPERTY_AVATAR,
 			ARoomModifiedEvent::PROPERTY_CALL_RECORDING,
+			ARoomModifiedEvent::PROPERTY_DEFAULT_PERMISSIONS,
 			ARoomModifiedEvent::PROPERTY_DESCRIPTION,
 			ARoomModifiedEvent::PROPERTY_IN_CALL,
 			ARoomModifiedEvent::PROPERTY_LOBBY,
diff --git a/tests/integration/features/federation/permissions.feature b/tests/integration/features/federation/permissions.feature
index cb63352c6b2..5ee60fdce5e 100644
--- a/tests/integration/features/federation/permissions.feature
+++ b/tests/integration/features/federation/permissions.feature
@@ -3,12 +3,12 @@ Feature: federation/permissions
   Background:
     Given user "participant1" exists
     And user "participant2" exists
-    And user "participant3" exists
     And the following "spreed" app config is set
       | federation_enabled | yes |
 
   Scenario: set participant permissions
-    Given user "participant1" creates room "room" (v4)
+    Given user "participant3" exists
+    And user "participant1" creates room "room" (v4)
       | roomType | 2 |
       | roomName | room name |
     And user "participant1" adds federated_user "participant2" to room "room" with 200 (v4)
@@ -32,3 +32,63 @@ Feature: federation/permissions
     Then user "participant3" is participant of room "LOCAL::room" (v4)
       | permissions | attendeePermissions |
       | SJAVPM      | D                  |
+
+  Scenario: set default permissions
+    Given user "participant1" creates room "room" (v4)
+      | roomType | 2 |
+      | roomName | room name |
+    And user "participant1" adds federated_user "participant2" to room "room" with 200 (v4)
+    And user "participant2" has the following invitations (v1)
+      | remoteServerUrl | remoteToken | state | inviterCloudId                     | inviterDisplayName       |
+      | LOCAL           | room        | 0     | participant1@http://localhost:8080 | participant1-displayname |
+    And user "participant2" accepts invite to room "room" of server "LOCAL" with 200 (v1)
+      | id          | name      | type | remoteServer | remoteToken |
+      | LOCAL::room | room name | 2    | LOCAL        | room        |
+    When user "participant1" sets default permissions for room "room" to "LM" with 200 (v4)
+    Then user "participant2" is participant of room "LOCAL::room" (v4)
+      | defaultPermissions | attendeePermissions | permissions |
+      | CLM                | D                   | CLM         |
+
+  Scenario: set default permissions before federated user accepts invitation
+    Given user "participant1" creates room "room" (v4)
+      | roomType | 2 |
+      | roomName | room name |
+    And user "participant1" adds federated_user "participant2" to room "room" with 200 (v4)
+    And user "participant2" has the following invitations (v1)
+      | remoteServerUrl | remoteToken | state | inviterCloudId                     | inviterDisplayName       |
+      | LOCAL           | room        | 0     | participant1@http://localhost:8080 | participant1-displayname |
+    When user "participant1" sets default permissions for room "room" to "LM" with 200 (v4)
+    And user "participant2" accepts invite to room "room" of server "LOCAL" with 200 (v1)
+      | id          | name      | type | remoteServer | remoteToken |
+      | LOCAL::room | room name | 2    | LOCAL        | room        |
+    Then user "participant2" is participant of room "LOCAL::room" (v4)
+      | defaultPermissions | attendeePermissions | permissions |
+      | CLM                | D                   | CLM         |
+
+  Scenario: set participant permissions after setting conversation permissions and then invite another federated user
+    Given user "participant3" exists
+    And user "participant1" creates room "room" (v4)
+      | roomType | 2 |
+      | roomName | room name |
+    And user "participant1" adds federated_user "participant2" to room "room" with 200 (v4)
+    And user "participant2" has the following invitations (v1)
+      | remoteServerUrl | remoteToken | state | inviterCloudId                     | inviterDisplayName       |
+      | LOCAL           | room        | 0     | participant1@http://localhost:8080 | participant1-displayname |
+    And user "participant2" accepts invite to room "room" of server "LOCAL" with 200 (v1)
+      | id          | name      | type | remoteServer | remoteToken |
+      | LOCAL::room | room name | 2    | LOCAL        | room        |
+    And user "participant1" sets default permissions for room "room" to "AVP" with 200 (v4)
+    And user "participant1" sets permissions for "participant2@{$LOCAL_REMOTE_URL}" in room "room" to "S" with 200 (v4)
+    When user "participant1" adds federated_user "participant3" to room "room" with 200 (v4)
+    And user "participant3" has the following invitations (v1)
+      | remoteServerUrl | remoteToken | state | inviterCloudId                     | inviterDisplayName       |
+      | LOCAL           | room        | 0     | participant1@http://localhost:8080 | participant1-displayname |
+    And user "participant3" accepts invite to room "room" of server "LOCAL" with 200 (v1)
+      | id          | name      | type | remoteServer | remoteToken |
+      | LOCAL::room | room name | 2    | LOCAL        | room        |
+    Then user "participant2" is participant of room "LOCAL::room" (v4)
+      | permissions |
+      | CS          |
+    And user "participant3" is participant of room "LOCAL::room" (v4)
+      | permissions |
+      | CAVP        |