Acl refactor working

bigbluebutton-html5/imports/api/acl/Acl.js

@@ -1,4 +1,5 @@
 import { check } from 'meteor/check';
+import Users from '/imports/api/users/'
 
 export class Acl {
 
@@ -9,13 +10,9 @@ export class Acl {
 
   subscribe(channel,credentials){
     check(channel, String);
-    console.log("Channell",channel);
-    console.log("credentials",credentials);
 
     let subscriptions = this.getSubscriptions(credentials);
 
-    console.log("subscriptions",subscriptions);
-
     if (subscriptions) {
       return !!this.checkPermission(channel, subscriptions);
     }
@@ -25,23 +22,14 @@ export class Acl {
   getSubscriptions(credentials){
     let role = this.getRole(credentials);
 
-    if(!role.subscribe){
+    if(!role.subscriptions){
       return [];
     }
     return role.subscriptions;
   }
 
-  checkSubscription(channel, subscriptions) {
-    check(channel, String);
-    
-    const isInList = subscriptions.some((perm)=> perm.indexOf(permission) > -1 );
-
-    return isInList;
-  }
-
   getMethods(credentials){
     let role = this.getRole(credentials);
-
     if(!role.methods){
       return [];
     }
@@ -62,10 +50,9 @@ export class Acl {
     if(!credentials){
       return false;
     }
-
-    const meetingId = credentials.meetingId;
-    const userId = credentials.requesterUserId;
-    const authToken = credentials.requesterToken;
+    let meetingId = credentials.meetingId;
+    let userId = credentials.requesterUserId;
+    let authToken = credentials.requesterToken;
 
     const user = this.Users.findOne({
       meetingId,
@@ -73,7 +60,6 @@ export class Acl {
     });
 
     if(!user){
-      console.log("Usuario vazio");
       return false;
     }
     return this.roleExist(this.aclConfig, user.user.role);

bigbluebutton-html5/imports/startup/mapToAcl.js

@@ -18,7 +18,7 @@ const injectAclActionCheck = (name, handler) => {
 const injectAclSubscribeCheck = (name,handler) => {
   return (...args) => {
     const credentials = args[args.length - 1];
-    if (!Acl.subscribe(name, credentials)) {
+    if (!Acl.subscribe(name, ...credentials)) {
       Logger.error(`acl-not-allowed, the user can't perform the subscription "${name}".`);
       return emptyCollection.find();
     }

bigbluebutton-html5/imports/startup/server/userPermissions.js

@@ -1,176 +0,0 @@
-import Users from '/imports/api/users';
-import Meetings from '/imports/api/meetings';
-import { logger } from '/imports/startup/server/logger';
-
-const presenter = {
-  switchSlide: true,
-
-  //poll
-  subscribePoll: true,
-  subscribeAnswers: true,
-
-};
-
-// holds the values for whether the moderator user is allowed to perform an action (true)
-// or false if not allowed. Some actions have dynamic values depending on the current lock settings
-const moderator = {
-  // audio listen only
-  joinListenOnly: true,
-  leaveListenOnly: true,
-
-  // join audio with mic cannot be controlled on the server side as it is
-  // a client side only functionality
-
-  // raising/lowering hand
-  raiseOwnHand: true,
-  lowerOwnHand: true,
-
-  // muting
-  muteSelf: true,
-  unmuteSelf: true,
-  muteOther: true,
-  unmuteOther: true,
-
-  logoutSelf: true,
-
-  //subscribing
-  subscribeUsers: true,
-  subscribeChat: true,
-
-  //chat
-  chatPublic: true,
-  chatPrivate: true,
-
-  //poll
-  subscribePoll: true,
-  subscribeAnswers: false,
-
-  //emojis
-  setEmojiStatus: true,
-  clearEmojiStatus: true,
-
-  //user control
-  kickUser: true,
-  setPresenter: true,
-
-  //captions
-  subscribeCaptions: true,
-};
-
-// holds the values for whether the viewer user is allowed to perform an action (true)
-// or false if not allowed. Some actions have dynamic values depending on the current lock settings
-const viewer = function (meetingId, userId) {
-  let meeting;
-  let user;
-
-  return {
-
-    // listen only
-    joinListenOnly: true,
-    leaveListenOnly: true,
-
-    // join audio with mic cannot be controlled on the server side as it is
-    // a client side only functionality
-
-    // raising/lowering hand
-    raiseOwnHand: true,
-    lowerOwnHand: true,
-
-    // muting
-    muteSelf: true,
-    unmuteSelf:
-      !((meeting = Meetings.findOne({ meetingId })) != null &&
-        meeting.roomLockSettings.disableMic) ||
-      !((user = Users.findOne({ meetingId, userId })) != null &&
-        user.user.locked),
-
-    logoutSelf: true,
-
-    //subscribing
-    subscribeUsers: true,
-    subscribeChat: true,
-
-    //chat
-    chatPublic: !((meeting = Meetings.findOne({ meetingId })) != null &&
-      meeting.roomLockSettings.disablePublicChat) ||
-      !((user = Users.findOne({ meetingId, userId })) != null &&
-      user.user.locked) ||
-      (user != null && user.user.presenter),
-
-    chatPrivate: !((meeting = Meetings.findOne({ meetingId })) != null &&
-      meeting.roomLockSettings.disablePrivateChat) ||
-      !((user = Users.findOne({ meetingId, userId })) != null &&
-      user.user.locked) ||
-      (user != null && user.user.presenter),
-
-    //poll
-    subscribePoll: true,
-    subscribeAnswers: false,
-
-    //emojis
-    setEmojiStatus: true,
-    clearEmojiStatus: true,
-
-    //captions
-    subscribeCaptions: true,
-  };
-};
-
-// carries out the decision making for actions affecting users. For the list of
-// actions and the default value - see 'viewer' and 'moderator' in the beginning of the file
-export function isAllowedTo(action, credentials) {
-  const meetingId = credentials.meetingId;
-  const userId = credentials.requesterUserId;
-  const authToken = credentials.requesterToken;
-
-  const user = Users.findOne({
-    meetingId,
-    userId,
-  });
-
-  const allowedToInitiateRequest =
-    user &&
-    user.authToken === authToken &&
-    user.validated &&
-    user.clientType === 'HTML5' &&
-    user.user &&
-    user.user.connection_status === 'online';
-
-  const listOfSafeActions = [
-    'logoutSelf',
-  ];
-
-  const requestIsSafe = listOfSafeActions.includes(action);
-
-  if (requestIsSafe) {
-    logger.info(`permissions: requestIsSafe for ${action} by userId=${userId} allowed`);
-    return true;
-  }
-
-  if (allowedToInitiateRequest) {
-    let result = false;
-
-    // check role specific actions
-    if ('MODERATOR' === user.user.role) {
-      logger.debug('user permissions moderator case');
-      result = result || moderator[action];
-    } else if ('VIEWER' === user.user.role) {
-      logger.debug('user permissions viewer case');
-      result = result || viewer(meetingId, userId)[action];
-    }
-
-    // check presenter actions
-    if (user.user.presenter) {
-      logger.debug('user permissions presenter case');
-      result = result || presenter[action];
-    }
-
-    logger.debug(`attempt from userId=${userId} to perform:${action}, allowed=${result}`);
-
-    return result;
-  } else {
-    logger.error(`FAILED due to permissions:${action} ${JSON.stringify(credentials)}`);
-    return false;
-  }
-
-};

bigbluebutton-html5/private/config/public/acl.yaml

@@ -6,6 +6,7 @@ acl:
       - 'cursor'
       - 'deskshare'
       - 'meetings'
+      - 'polls'
       - 'presentations'
       - 'shapes'
       - 'slides'

bigbluebutton-html5/server/main.js

@@ -13,4 +13,3 @@ import '/imports/api/users/server';
 import '/imports/api/log-client/server';
 import '/imports/api/common/server/helpers';
 import '/imports/startup/server/logger';
-import '/imports/startup/server/userPermissions';