fix(permissions): Reset custom permissions on promotion

Signed-off-by: Joas Schilling <coding@schilljs.com>
2 years ago · 10b4e6ba23
4 changed files with 86 additions and 2 deletions
--- a/appinfo/info.xml
+++ b/appinfo/info.xml
@ -16,7 +16,7 @@ And in the works for the [coming versions](https://github.com/nextcloud/spreed/m

 	]]></description>

-	<version>17.0.0-dev</version>
+	<version>17.0.0-dev.1</version>
 	<licence>agpl</licence>

 	<author>Daniel Calviño Sánchez</author>
--- a/lib/Migration/Version16000Date20230502145340.php
+++ b/lib/Migration/Version16000Date20230502145340.php
@ -0,0 +1,59 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright Copyright (c) 2023 Joas Schilling <coding@schilljs.com>
+ *
+ * @author Joas Schilling <coding@schilljs.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+namespace OCA\Talk\Migration;
+
+use Closure;
+use OCA\Talk\Model\Attendee;
+use OCA\Talk\Participant;
+use OCP\DB\ISchemaWrapper;
+use OCP\DB\QueryBuilder\IQueryBuilder;
+use OCP\IDBConnection;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+
+class Version16000Date20230502145340 extends SimpleMigrationStep {
+	public function __construct(
+		protected IDBConnection $connection,
+	) {
+	}
+
+	/**
+	 * @param IOutput $output
+	 * @param Closure(): ISchemaWrapper $schemaClosure
+	 * @param array $options
+	 */
+	public function postSchemaChange(IOutput $output, Closure $schemaClosure, array $options): void {
+		$query = $this->connection->getQueryBuilder();
+
+		$query->update('talk_attendees')
+			->set('permissions', $query->createNamedParameter(Attendee::PERMISSIONS_DEFAULT, IQueryBuilder::PARAM_INT))
+			->where($query->expr()->eq('participant_type', $query->createNamedParameter(Participant::MODERATOR)))
+			->orWhere($query->expr()->eq('participant_type', $query->createNamedParameter(Participant::GUEST_MODERATOR)));
+		$fixed = $query->executeStatement();
+
+		$output->info('Fixed permissions of ' . $fixed . ' moderators');
+	}
+}
--- a/lib/Service/ParticipantService.php
+++ b/lib/Service/ParticipantService.php
@ -144,7 +144,6 @@ class ParticipantService {
 		$this->dispatcher->dispatch(Room::EVENT_BEFORE_PARTICIPANT_TYPE_SET, $event);

 		$attendee->setParticipantType($participantType);
-		$this->attendeeMapper->update($attendee);

 		$promotedToModerator = in_array($participantType, [
 			Participant::OWNER,
@ -155,6 +154,13 @@ class ParticipantService {
 			Participant::MODERATOR,
 		], true);

+		if ($promotedToModerator) {
+			// Reset permissions on promotion
+			$attendee->setPermissions(Attendee::PERMISSIONS_DEFAULT);
+		}
+
+		$this->attendeeMapper->update($attendee);
+
 		// XOR so we don't move the participant in and out when they are changed from moderator to owner or vice-versa
 		if (($promotedToModerator xor $demotedFromModerator) && $room->getBreakoutRoomMode() !== BreakoutRoom::MODE_NOT_CONFIGURED) {
 			/** @var Manager $manager */
--- a/tests/integration/features/conversation-2/promotion-demotion.feature
+++ b/tests/integration/features/conversation-2/promotion-demotion.feature
@ -33,14 +33,33 @@ Feature: conversation-2/promotion-demotion
      | room | 3    | 3               |
    And user "participant1" loads attendees attendee ids in room "room" (v4)
    And user "participant1" promotes "participant2" in room "room" with 200 (v4)
+    And user "participant1" sets permissions for "participant3" in room "room" to "L" with 200 (v4)
+    Then user "participant1" sees the following attendees in room "room" with 200 (v4)
+      | actorType  | actorId      | permissions |
+      | users      | participant1 | SJLAVPM     |
+      | users      | participant2 | SJLAVPM     |
+      | users      | participant3 | CL           |
+    Then user "participant3" is participant of the following rooms (v4)
+      | id   | type | participantType |
+      | room | 3    | 3               |
    When user "participant2" promotes "participant3" in room "room" with 200 (v4)
    Then user "participant3" is participant of the following rooms (v4)
      | id   | type | participantType |
      | room | 3    | 2               |
+    Then user "participant1" sees the following attendees in room "room" with 200 (v4)
+      | actorType  | actorId      | permissions |
+      | users      | participant1 | SJLAVPM     |
+      | users      | participant2 | SJLAVPM     |
+      | users      | participant3 | SJLAVPM     |
    When user "participant2" demotes "participant3" in room "room" with 200 (v4)
    Then user "participant3" is participant of the following rooms (v4)
      | id   | type | participantType |
      | room | 3    | 3               |
+    Then user "participant1" sees the following attendees in room "room" with 200 (v4)
+      | actorType  | actorId      | permissions |
+      | users      | participant1 | SJLAVPM     |
+      | users      | participant2 | SJLAVPM     |
+      | users      | participant3 | SJAVPM      |

  Scenario: User promotes/demotes moderator
    Given user "participant1" creates room "room" (v4)