diff --git a/akka-bbb-apps/src/main/resources/application.conf b/akka-bbb-apps/src/main/resources/application.conf index f53ba26d85..d7c9e9de65 100755 --- a/akka-bbb-apps/src/main/resources/application.conf +++ b/akka-bbb-apps/src/main/resources/application.conf @@ -79,3 +79,7 @@ services { telizeHost = "www.telize.com" telizePort = 80 } + +apps { + checkPermissions = true +} \ No newline at end of file diff --git a/akka-bbb-apps/src/main/scala/org/bigbluebutton/SystemConfiguration.scala b/akka-bbb-apps/src/main/scala/org/bigbluebutton/SystemConfiguration.scala index 9c3ec7515e..fc33700250 100755 --- a/akka-bbb-apps/src/main/scala/org/bigbluebutton/SystemConfiguration.scala +++ b/akka-bbb-apps/src/main/scala/org/bigbluebutton/SystemConfiguration.scala @@ -59,4 +59,6 @@ trait SystemConfiguration { lazy val httpPort = Try(config.getInt("http.port")).getOrElse(9090) lazy val telizeHost = Try(config.getString("services.telizeHost")).getOrElse("") lazy val telizePort = Try(config.getInt("services.telizePort")).getOrElse(80) + + lazy val applyPermissionCheck = Try(config.getBoolean("apps.checkPermissions")).getOrElse(false) } diff --git a/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/PermisssionCheck.scala b/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/PermisssionCheck.scala index a571e34db1..f48ac26a12 100755 --- a/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/PermisssionCheck.scala +++ b/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/PermisssionCheck.scala @@ -1,6 +1,8 @@ package org.bigbluebutton.core.apps -import org.bigbluebutton.core.models.{ Roles, UserState } +import org.bigbluebutton.core.models.{Roles, UserState, Users2x} +import org.bigbluebutton.core.running.OutMsgRouter +import org.bigbluebutton.core2.message.senders.MsgBuilder object PermisssionCheck { @@ -12,8 +14,10 @@ object PermisssionCheck { val VIEWER_LEVEL = 0 private def permissionToLevel(user: UserState): Int = { - if (user.authed) { - if (user.role == Roles.MODERATOR_ROLE) MOD_LEVEL else AUTHED_LEVEL + if (user.role == Roles.MODERATOR_ROLE) { + MOD_LEVEL + } else if (user.authed) { + AUTHED_LEVEL } else { GUEST_LEVEL } @@ -33,8 +37,17 @@ object PermisssionCheck { * @param roleLevel Lowest role needed to have access. * @return true allows API to execute, false denies executing API */ - def isAllowed(permissionLevel: Int, roleLevel: Int, user: UserState): Boolean = { - (permissionLevel <= permissionToLevel(user) && roleLevel <= roleToLevel(user)) + def isAllowed(permissionLevel: Int, roleLevel: Int, users: Users2x, userId: String): Boolean = { + Users2x.findWithIntId(users, userId) match { + case Some(user) => (permissionToLevel(user) >= permissionLevel && roleToLevel(user) >= roleLevel) + case None => false + } + } + def ejectUserForFailedPermission(meetingId: String, userId: String, reason: String, outGW: OutMsgRouter):Unit = { + // send a system message to force disconnection + val ejectFromMeetingSystemEvent = MsgBuilder.buildDisconnectClientSysMsg(meetingId, userId, reason) + outGW.send(ejectFromMeetingSystemEvent) + } } diff --git a/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/users/ChangeLockSettingsInMeetingCmdMsgHdlr.scala b/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/users/ChangeLockSettingsInMeetingCmdMsgHdlr.scala index 6da0a9e763..01604cb904 100755 --- a/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/users/ChangeLockSettingsInMeetingCmdMsgHdlr.scala +++ b/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/users/ChangeLockSettingsInMeetingCmdMsgHdlr.scala @@ -1,58 +1,73 @@ package org.bigbluebutton.core.apps.users +import org.bigbluebutton.SystemConfiguration import org.bigbluebutton.common2.msgs._ import org.bigbluebutton.core.api.Permissions -import org.bigbluebutton.core.running.{ MeetingActor, OutMsgRouter } +import org.bigbluebutton.core.apps.PermisssionCheck +import org.bigbluebutton.core.models.Users2x +import org.bigbluebutton.core.running.{MeetingActor, OutMsgRouter} import org.bigbluebutton.core.running.MeetingActor import org.bigbluebutton.core2.MeetingStatus2x -trait ChangeLockSettingsInMeetingCmdMsgHdlr { +trait ChangeLockSettingsInMeetingCmdMsgHdlr extends SystemConfiguration { this: MeetingActor => val outGW: OutMsgRouter def handleSetLockSettings(msg: ChangeLockSettingsInMeetingCmdMsg): Unit = { - val settings = Permissions( - disableCam = msg.body.disableCam, - disableMic = msg.body.disableMic, - disablePrivChat = msg.body.disablePrivChat, - disablePubChat = msg.body.disablePubChat, - lockedLayout = msg.body.lockedLayout, - lockOnJoin = msg.body.lockOnJoin, - lockOnJoinConfigurable = msg.body.lockOnJoinConfigurable - ) - if (!MeetingStatus2x.permissionsEqual(liveMeeting.status, settings) || !MeetingStatus2x.permisionsInitialized(liveMeeting.status)) { - MeetingStatus2x.initializePermissions(liveMeeting.status) + val isAllowed = PermisssionCheck.isAllowed(PermisssionCheck.MOD_LEVEL, + PermisssionCheck.PRESENTER_LEVEL, liveMeeting.users2x, msg.body.setBy) - MeetingStatus2x.setPermissions(liveMeeting.status, settings) - - val routing = Routing.addMsgToClientRouting( - MessageTypes.BROADCAST_TO_MEETING, - props.meetingProp.intId, - msg.body.setBy - ) - val envelope = BbbCoreEnvelope( - LockSettingsInMeetingChangedEvtMsg.NAME, - routing - ) - val body = LockSettingsInMeetingChangedEvtMsgBody( - disableCam = settings.disableCam, - disableMic = settings.disableMic, - disablePrivChat = settings.disablePrivChat, - disablePubChat = settings.disablePubChat, - lockedLayout = settings.lockedLayout, - lockOnJoin = settings.lockOnJoin, - lockOnJoinConfigurable = settings.lockOnJoinConfigurable, - msg.body.setBy - ) - val header = BbbClientMsgHeader( - LockSettingsInMeetingChangedEvtMsg.NAME, - props.meetingProp.intId, - msg.body.setBy + if (applyPermissionCheck && !isAllowed) { + val meetingId = liveMeeting.props.meetingProp.intId + val reason = "No permission to change lock settings" + PermisssionCheck.ejectUserForFailedPermission(meetingId, msg.body.setBy, reason, outGW) + } else { + val settings = Permissions( + disableCam = msg.body.disableCam, + disableMic = msg.body.disableMic, + disablePrivChat = msg.body.disablePrivChat, + disablePubChat = msg.body.disablePubChat, + lockedLayout = msg.body.lockedLayout, + lockOnJoin = msg.body.lockOnJoin, + lockOnJoinConfigurable = msg.body.lockOnJoinConfigurable ) - outGW.send(BbbCommonEnvCoreMsg(envelope, LockSettingsInMeetingChangedEvtMsg(header, body))) + if (!MeetingStatus2x.permissionsEqual(liveMeeting.status, settings) || !MeetingStatus2x.permisionsInitialized(liveMeeting.status)) { + MeetingStatus2x.initializePermissions(liveMeeting.status) + + MeetingStatus2x.setPermissions(liveMeeting.status, settings) + + val routing = Routing.addMsgToClientRouting( + MessageTypes.BROADCAST_TO_MEETING, + props.meetingProp.intId, + msg.body.setBy + ) + val envelope = BbbCoreEnvelope( + LockSettingsInMeetingChangedEvtMsg.NAME, + routing + ) + val body = LockSettingsInMeetingChangedEvtMsgBody( + disableCam = settings.disableCam, + disableMic = settings.disableMic, + disablePrivChat = settings.disablePrivChat, + disablePubChat = settings.disablePubChat, + lockedLayout = settings.lockedLayout, + lockOnJoin = settings.lockOnJoin, + lockOnJoinConfigurable = settings.lockOnJoinConfigurable, + msg.body.setBy + ) + val header = BbbClientMsgHeader( + LockSettingsInMeetingChangedEvtMsg.NAME, + props.meetingProp.intId, + msg.body.setBy + ) + + outGW.send(BbbCommonEnvCoreMsg(envelope, LockSettingsInMeetingChangedEvtMsg(header, body))) + } } + + } }