- start implementing rights management

2017-10-17 11:41:05 -07:00 · 2017-10-17 11:41:05 -07:00 · 4a48a69c7f
commit 4a48a69c7f
parent 5c765072c4
4 changed files with 78 additions and 44 deletions
--- a/akka-bbb-apps/src/main/resources/application.conf
+++ b/akka-bbb-apps/src/main/resources/application.conf
@ -79,3 +79,7 @@ services {
  telizeHost = "www.telize.com"
  telizePort = 80
 }
+
+apps {
+  checkPermissions = true
+}
--- a/akka-bbb-apps/src/main/scala/org/bigbluebutton/SystemConfiguration.scala
+++ b/akka-bbb-apps/src/main/scala/org/bigbluebutton/SystemConfiguration.scala
@ -59,4 +59,6 @@ trait SystemConfiguration {
  lazy val httpPort = Try(config.getInt("http.port")).getOrElse(9090)
  lazy val telizeHost = Try(config.getString("services.telizeHost")).getOrElse("")
  lazy val telizePort = Try(config.getInt("services.telizePort")).getOrElse(80)
+
+  lazy val applyPermissionCheck = Try(config.getBoolean("apps.checkPermissions")).getOrElse(false)
 }
--- a/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/PermisssionCheck.scala
+++ b/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/PermisssionCheck.scala
@ -1,6 +1,8 @@
 package org.bigbluebutton.core.apps

-import org.bigbluebutton.core.models.{ Roles, UserState }
+import org.bigbluebutton.core.models.{Roles, UserState, Users2x}
+import org.bigbluebutton.core.running.OutMsgRouter
+import org.bigbluebutton.core2.message.senders.MsgBuilder

 object PermisssionCheck {

@ -12,8 +14,10 @@ object PermisssionCheck {
  val VIEWER_LEVEL = 0

  private def permissionToLevel(user: UserState): Int = {
-    if (user.authed) {
-      if (user.role == Roles.MODERATOR_ROLE) MOD_LEVEL else AUTHED_LEVEL
+    if (user.role == Roles.MODERATOR_ROLE) {
+      MOD_LEVEL
+    } else if (user.authed) {
+        AUTHED_LEVEL
    } else {
      GUEST_LEVEL
    }
@ -33,8 +37,17 @@ object PermisssionCheck {
   * @param roleLevel Lowest role needed to have access.
   * @return true allows API to execute, false denies executing API
   */
-  def isAllowed(permissionLevel: Int, roleLevel: Int, user: UserState): Boolean = {
-    (permissionLevel <= permissionToLevel(user) && roleLevel <= roleToLevel(user))
+  def isAllowed(permissionLevel: Int, roleLevel: Int, users: Users2x, userId: String): Boolean = {
+    Users2x.findWithIntId(users, userId) match {
+      case Some(user) => (permissionToLevel(user) >= permissionLevel && roleToLevel(user) >= roleLevel)
+      case None => false
+    }
+
  }

+  def ejectUserForFailedPermission(meetingId: String, userId: String, reason: String, outGW: OutMsgRouter):Unit = {
+    // send a system message to force disconnection
+    val ejectFromMeetingSystemEvent = MsgBuilder.buildDisconnectClientSysMsg(meetingId, userId, reason)
+    outGW.send(ejectFromMeetingSystemEvent)
+  }
 }
--- a/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/users/ChangeLockSettingsInMeetingCmdMsgHdlr.scala
+++ b/akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/users/ChangeLockSettingsInMeetingCmdMsgHdlr.scala
@ -1,58 +1,73 @@
 package org.bigbluebutton.core.apps.users

+import org.bigbluebutton.SystemConfiguration
 import org.bigbluebutton.common2.msgs._
 import org.bigbluebutton.core.api.Permissions
-import org.bigbluebutton.core.running.{ MeetingActor, OutMsgRouter }
+import org.bigbluebutton.core.apps.PermisssionCheck
+import org.bigbluebutton.core.models.Users2x
+import org.bigbluebutton.core.running.{MeetingActor, OutMsgRouter}
 import org.bigbluebutton.core.running.MeetingActor
 import org.bigbluebutton.core2.MeetingStatus2x

-trait ChangeLockSettingsInMeetingCmdMsgHdlr {
+trait ChangeLockSettingsInMeetingCmdMsgHdlr extends SystemConfiguration {
  this: MeetingActor =>

  val outGW: OutMsgRouter

  def handleSetLockSettings(msg: ChangeLockSettingsInMeetingCmdMsg): Unit = {
-    val settings = Permissions(
-      disableCam = msg.body.disableCam,
-      disableMic = msg.body.disableMic,
-      disablePrivChat = msg.body.disablePrivChat,
-      disablePubChat = msg.body.disablePubChat,
-      lockedLayout = msg.body.lockedLayout,
-      lockOnJoin = msg.body.lockOnJoin,
-      lockOnJoinConfigurable = msg.body.lockOnJoinConfigurable
-    )

-    if (!MeetingStatus2x.permissionsEqual(liveMeeting.status, settings) || !MeetingStatus2x.permisionsInitialized(liveMeeting.status)) {
-      MeetingStatus2x.initializePermissions(liveMeeting.status)
+    val isAllowed = PermisssionCheck.isAllowed(PermisssionCheck.MOD_LEVEL,
+      PermisssionCheck.PRESENTER_LEVEL, liveMeeting.users2x, msg.body.setBy)

-      MeetingStatus2x.setPermissions(liveMeeting.status, settings)
-
-      val routing = Routing.addMsgToClientRouting(
-        MessageTypes.BROADCAST_TO_MEETING,
-        props.meetingProp.intId,
-        msg.body.setBy
-      )
-      val envelope = BbbCoreEnvelope(
-        LockSettingsInMeetingChangedEvtMsg.NAME,
-        routing
-      )
-      val body = LockSettingsInMeetingChangedEvtMsgBody(
-        disableCam = settings.disableCam,
-        disableMic = settings.disableMic,
-        disablePrivChat = settings.disablePrivChat,
-        disablePubChat = settings.disablePubChat,
-        lockedLayout = settings.lockedLayout,
-        lockOnJoin = settings.lockOnJoin,
-        lockOnJoinConfigurable = settings.lockOnJoinConfigurable,
-        msg.body.setBy
-      )
-      val header = BbbClientMsgHeader(
-        LockSettingsInMeetingChangedEvtMsg.NAME,
-        props.meetingProp.intId,
-        msg.body.setBy
+    if (applyPermissionCheck && !isAllowed) {
+      val meetingId = liveMeeting.props.meetingProp.intId
+      val reason = "No permission to change lock settings"
+      PermisssionCheck.ejectUserForFailedPermission(meetingId, msg.body.setBy, reason, outGW)
+    } else {
+      val settings = Permissions(
+        disableCam = msg.body.disableCam,
+        disableMic = msg.body.disableMic,
+        disablePrivChat = msg.body.disablePrivChat,
+        disablePubChat = msg.body.disablePubChat,
+        lockedLayout = msg.body.lockedLayout,
+        lockOnJoin = msg.body.lockOnJoin,
+        lockOnJoinConfigurable = msg.body.lockOnJoinConfigurable
      )

-      outGW.send(BbbCommonEnvCoreMsg(envelope, LockSettingsInMeetingChangedEvtMsg(header, body)))
+      if (!MeetingStatus2x.permissionsEqual(liveMeeting.status, settings) || !MeetingStatus2x.permisionsInitialized(liveMeeting.status)) {
+        MeetingStatus2x.initializePermissions(liveMeeting.status)
+
+        MeetingStatus2x.setPermissions(liveMeeting.status, settings)
+
+        val routing = Routing.addMsgToClientRouting(
+          MessageTypes.BROADCAST_TO_MEETING,
+          props.meetingProp.intId,
+          msg.body.setBy
+        )
+        val envelope = BbbCoreEnvelope(
+          LockSettingsInMeetingChangedEvtMsg.NAME,
+          routing
+        )
+        val body = LockSettingsInMeetingChangedEvtMsgBody(
+          disableCam = settings.disableCam,
+          disableMic = settings.disableMic,
+          disablePrivChat = settings.disablePrivChat,
+          disablePubChat = settings.disablePubChat,
+          lockedLayout = settings.lockedLayout,
+          lockOnJoin = settings.lockOnJoin,
+          lockOnJoinConfigurable = settings.lockOnJoinConfigurable,
+          msg.body.setBy
+        )
+        val header = BbbClientMsgHeader(
+          LockSettingsInMeetingChangedEvtMsg.NAME,
+          props.meetingProp.intId,
+          msg.body.setBy
+        )
+
+        outGW.send(BbbCommonEnvCoreMsg(envelope, LockSettingsInMeetingChangedEvtMsg(header, body)))
+      }
    }
+
+
  }
 }