Skip to content

Commit

Permalink
squash: Moves more logic to is_feature_allowed.
Browse files Browse the repository at this point in the history
  • Loading branch information
@damencho
damencho committed Sep 4, 2024
1 parent 87a7311 commit 47ee211
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 45 deletions.
29 changes: 8 additions & 21 deletions resources/prosody-plugins/mod_filter_iq_jibri.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,30 +15,17 @@ module:hook("pre-iq/full", function(event)
if jibri then
local session = event.origin;
local token = session.auth_token;
local room = get_room_from_jid(room_jid_match_rewrite(jid_bare(stanza.attr.to)));
local occupant = room:get_occupant_by_real_jid(stanza.attr.from);
local feature = jibri.attr.recording_mode == 'file' and 'recording' or 'livestreaming';
local is_allowed = is_feature_allowed(session.jitsi_meet_context_features, feature);

-- if current user is not allowed, but was granted moderation by a user
-- that is allowed by its features we want to allow it
local is_granting_allowed = false;
if session.granted_jitsi_meet_context_features then
is_granting_allowed = is_feature_allowed(session.granted_jitsi_meet_context_features, feature);
end
local is_allowed = is_feature_allowed(
feature,
session.jitsi_meet_context_features,
session.granted_jitsi_meet_context_features,
occupant.role == 'moderator');

if jibri.attr.action == 'start' then
if token == nil or not (is_allowed or is_granting_allowed)
then
if not session.jitsi_meet_context_features and not session.granted_jitsi_meet_context_features then
-- we need to check for moderator rights
-- when there are no features and the occupant is moderator we allow recording
local room = get_room_from_jid(room_jid_match_rewrite(jid_bare(stanza.attr.to)));
local occupant = room:get_occupant_by_real_jid(stanza.attr.from);

if occupant.role == 'moderator' then
return;
end
end

if token == nil or not is_allowed then
module:log("info",
"Filtering jibri start recording, stanza:%s", tostring(stanza));
session.send(st.error_reply(stanza, "auth", "forbidden"));
Expand Down
36 changes: 16 additions & 20 deletions resources/prosody-plugins/mod_filter_iq_rayo.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,27 +70,19 @@ module:hook("pre-iq/full", function(event)
end
end

local feature = dial.attr.to == 'jitsi_meet_transcribe' and 'transcription' or 'outbound-call';
local is_session_allowed = is_feature_allowed(session.jitsi_meet_context_features, feature);

-- if current user is not allowed, but was granted moderation by a user
-- that is allowed by its features we want to allow it
local is_granting_session_allowed = false;
if session.granted_jitsi_meet_context_features then
is_granting_session_allowed = is_feature_allowed(session.granted_jitsi_meet_context_features, feature);
end

local room_real_jid = room_jid_match_rewrite(roomName);
local room = main_muc_service.get_room_from_jid(room_real_jid);

if not session.jitsi_meet_context_features and not session.granted_jitsi_meet_context_features then
-- if there is no features in the token we need to check whether the participants is moderator
local room = main_muc_service.get_room_from_jid(room_real_jid);
is_session_allowed = room:get_affiliation(stanza.attr.from) == 'owner';
end
local feature = dial.attr.to == 'jitsi_meet_transcribe' and 'transcription' or 'outbound-call';
local is_session_allowed = is_feature_allowed(
feature,
session.jitsi_meet_context_features,
session.granted_jitsi_meet_context_features,
room:get_affiliation(stanza.attr.from) == 'owner');

if (roomName == nil
if roomName == nil
or (token ~= nil and not token_util:verify_room(session, room_real_jid))
or not (is_session_allowed or is_granting_session_allowed))
or not is_session_allowed
then
module:log("warn", "Filtering stanza dial, stanza:%s", tostring(stanza));
session.send(st.error_reply(stanza, "auth", "forbidden"));
Expand Down Expand Up @@ -275,15 +267,19 @@ module:hook('jitsi-metadata-allow-moderation', function (event)
local data, key, occupant, session = event.data, event.key, event.actor, event.session;

if key == 'recording' and data and data.isTranscribingEnabled ~= nil then
-- if it is recording we want to allow setting in metadata if not moderator but features
-- are present
if session.jitsi_meet_context_features
and occupant.role ~= 'moderator'
and is_feature_allowed(session.jitsi_meet_context_features, 'transcription')
and is_feature_allowed(session.jitsi_meet_context_features, 'recording') then
and is_feature_allowed('transcription', session.jitsi_meet_context_features)
and is_feature_allowed('recording', session.jitsi_meet_context_features) then
local res = {};
res.isTranscribingEnabled = data.isTranscribingEnabled;
return res;
elseif occupant.role == 'moderator' then
elseif not session.jitsi_meet_context_features and occupant.role == 'moderator' then
return data;
else
return nil;
end
end

Expand Down
12 changes: 8 additions & 4 deletions resources/prosody-plugins/util.lib.lua
View file
Original file line number Diff line number Diff line change
Expand Up @@ -250,11 +250,15 @@ end
-- Utility function to check whether feature is present and enabled. Allow
-- a feature if there are features present in the session(coming from
-- the token) and the value of the feature is true.
function is_feature_allowed(features, ft)
if features ~= nil and (features[ft] == "true" or features[ft] == true) then
return true;
-- If features are missing but we have granted_features check that
-- if features are missing from the token we check whether it is moderator
function is_feature_allowed(ft, features, granted_features, is_moderator)
if features then
return features[ft] == "true" or features[ft] == true;
elseif granted_features then
return granted_features[ft] == "true" or granted_features[ft] == true;
else
return false;
return is_moderator;
end
end

Expand Down

0 comments on commit 47ee211

Please sign in to comment.