Merge pull request #67 from sualko/feat-restrictions

feat: add admin setting to restrict rooms

Author: sualko

appinfo/routes.php

@@ -4,6 +4,7 @@
 	'resources' => [
 		'room' => ['url' => '/rooms'],
 		'roomShare' => ['url' => '/roomShares'],
+		'restriction' => ['url' => '/restrictions'],
 	],
 	'routes' => [
 		['name' => 'page#index', 'url' => '/', 'verb' => 'GET'],
@@ -12,5 +13,6 @@
 		['name' => 'server#version', 'url' => '/server/version', 'verb' => 'GET'],
 		['name' => 'server#delete_record', 'url' => '/server/record/{recordId}', 'verb' => 'DELETE'],
 		['name' => 'join#index', 'url' => '/b/{token}', 'verb' => 'GET'],
+		['name' => 'restriction#user', 'url' => '/restrictions/user', 'verb' => 'GET'],
 	]
 ];

lib/Controller/JoinController.php

@@ -120,10 +120,9 @@ public function index($displayname, $u = '', $filename = '', $password = '') {
 		\OCP\Util::addHeader('meta', ['http-equiv' => 'refresh', 'content' => '3;url='.$joinUrl]);
 
 		return new TemplateResponse($this->appName, 'forward', [
-			'room'             => $room->name,
-			'url' => $joinUrl,
+			'room' => $room->name,
+			'url'  => $joinUrl,
 		], 'guest');
-		;
 	}
 
 	private function getRoom(): ?Room {

lib/Controller/RestrictionController.php

@@ -0,0 +1,113 @@
+<?php
+
+namespace OCA\BigBlueButton\Controller;
+
+use OCA\BigBlueButton\Db\Restriction;
+use OCP\IRequest;
+use OCP\IGroupManager;
+use OCP\IUserManager;
+use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\DataResponse;
+use OCP\AppFramework\Controller;
+
+use OCA\BigBlueButton\Service\RestrictionService;
+
+class RestrictionController extends Controller {
+	/** @var RestrictionService */
+	private $service;
+
+	/** @var string */
+	private $userId;
+
+	/** @var IUserManager */
+	private $userManager;
+
+	/** @var IGroupManager */
+	private $groupManager;
+
+	use Errors;
+
+	public function __construct(
+		$appName,
+		IRequest $request,
+		RestrictionService $service,
+		IUserManager $userManager,
+		IGroupManager $groupManager,
+		$userId
+	) {
+		parent::__construct($appName, $request);
+		$this->service = $service;
+		$this->userManager = $userManager;
+		$this->groupManager = $groupManager;
+		$this->userId = $userId;
+	}
+
+	/**
+	 * @NoAdminRequired
+	 */
+	public function user(): DataResponse {
+		$user = $this->userManager->get($this->userId);
+		$groupIds = $this->groupManager->getUserGroupIds($user);
+
+		return new DataResponse($this->service->findByGroupIds($groupIds));
+	}
+
+	public function index(): DataResponse {
+		$restrictions = $this->service->findAll();
+
+		if (!$this->service->existsByGroupId(Restriction::ALL_ID)) {
+			$defaultRestriction = new Restriction();
+			$defaultRestriction->setGroupId('');
+
+			$restrictions[] = $defaultRestriction;
+		}
+
+		return new DataResponse($restrictions);
+	}
+
+	public function create(
+		string $groupId
+	): DataResponse {
+		if ($this->service->existsByGroupId($groupId)) {
+			return new DataResponse(null, Http::STATUS_CONFLICT);
+		}
+
+		return new DataResponse($this->service->create(
+			$groupId
+		));
+	}
+
+	public function update(
+		int $id,
+		string $groupId,
+		int $maxRooms,
+		array $roomTypes,
+		int $maxParticipants,
+		bool $allowRecording
+	): DataResponse {
+		return $this->handleNotFound(function () use (
+			$id,
+			$groupId,
+			$maxRooms,
+			$roomTypes,
+			$maxParticipants,
+			$allowRecording) {
+			return $this->service->update(
+				$id,
+				$groupId,
+				$maxRooms,
+				$roomTypes,
+				$maxParticipants,
+				$allowRecording
+			);
+		});
+	}
+
+	public function destroy(int $id): DataResponse {
+		return $this->handleNotFound(function () use ($id) {
+			$roomShare = $this->service->find($id);
+
+			return $this->service->delete($id);
+		});
+	}
+}

lib/Controller/RoomController.php

@@ -4,6 +4,7 @@
 
 use OCA\BigBlueButton\Service\RoomService;
 use OCA\BigBlueButton\Permission;
+use OCA\BigBlueButton\Db\Room;
 use OCP\IRequest;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\DataResponse;
@@ -63,13 +64,34 @@ public function create(
 		string $name,
 		string $welcome,
 		int $maxParticipants,
-		bool $record
+		bool $record,
+		string $access
 	): DataResponse {
+		if (!$this->permission->isAllowedToCreateRoom($this->userId)) {
+			return new DataResponse(null, Http::STATUS_FORBIDDEN);
+		}
+
+		$restriction = $this->permission->getRestriction($this->userId);
+
+		if ($restriction->getMaxParticipants() > -1 && ($maxParticipants > $restriction->getMaxParticipants() || $maxParticipants <= 0)) {
+			return new DataResponse('Max participants limit exceeded.', Http::STATUS_BAD_REQUEST);
+		}
+
+		if (!$restriction->getAllowRecording() && $record) {
+			return new DataResponse('Not allowed to enable recordings.', Http::STATUS_BAD_REQUEST);
+		}
+
+		$disabledRoomTypes = \json_decode($restriction->getRoomTypes());
+		if (in_array($access, $disabledRoomTypes) || !in_array($access, Room::ACCESS)) {
+			return new DataResponse('Access type not allowed.', Http::STATUS_BAD_REQUEST);
+		}
+
 		return new DataResponse($this->service->create(
 			$name,
 			$welcome,
 			$maxParticipants,
 			$record,
+			$access,
 			$this->userId
 		));
 	}
@@ -92,6 +114,21 @@ public function update(
 			return new DataResponse(null, Http::STATUS_FORBIDDEN);
 		}
 
+		$restriction = $this->permission->getRestriction($this->userId);
+
+		if ($restriction->getMaxParticipants() > -1 && $maxParticipants !== $room->getMaxParticipants() && ($maxParticipants > $restriction->getMaxParticipants() || $maxParticipants <= 0)) {
+			return new DataResponse('Max participants limit exceeded.', Http::STATUS_BAD_REQUEST);
+		}
+
+		if (!$restriction->getAllowRecording() && $record !== $room->getRecord()) {
+			return new DataResponse('Not allowed to enable recordings.', Http::STATUS_BAD_REQUEST);
+		}
+
+		$disabledRoomTypes = \json_decode($restriction->getRoomTypes());
+		if ((in_array($access, $disabledRoomTypes) && $access !== $room->getAccess()) || !in_array($access, Room::ACCESS)) {
+			return new DataResponse('Access type not allowed.', Http::STATUS_BAD_REQUEST);
+		}
+
 		return $this->handleNotFound(function () use ($id, $name, $welcome, $maxParticipants, $record, $everyoneIsModerator, $access) {
 			return $this->service->update($id, $name, $welcome, $maxParticipants, $record, $access, $everyoneIsModerator);
 		});

lib/Db/Restriction.php

@@ -0,0 +1,45 @@
+<?php
+
+namespace OCA\BigBlueButton\Db;
+
+use JsonSerializable;
+
+use OCP\AppFramework\Db\Entity;
+
+/**
+ * @method int getRoomId()
+ * @method int getMaxRooms()
+ * @method string getRoomTypes()
+ * @method int getMaxParticipants()
+ * @method bool getAllowRecording()
+ * @method void setRoomId(string $id)
+ * @method void setMaxRooms(int $number)
+ * @method void setMaxParticipants(int $number)
+ * @method void setAllowRecording(bool $allow)
+ */
+class Restriction extends Entity implements JsonSerializable {
+	public const ALL_ID = '';
+
+	protected $groupId;
+	protected $maxRooms = -1;
+	protected $roomTypes = '[]';
+	protected $maxParticipants = -1;
+	protected $allowRecording = true;
+
+	public function __construct() {
+		$this->addType('max_rooms', 'integer');
+		$this->addType('max_participants', 'integer');
+		$this->addType('allow_recording', 'boolean');
+	}
+
+	public function jsonSerialize(): array {
+		return [
+			'id'              => $this->id,
+			'groupId'         => $this->groupId,
+			'maxRooms'        => (int) $this->maxRooms,
+			'roomTypes'       => \json_decode($this->roomTypes),
+			'maxParticipants' => (int) $this->maxParticipants,
+			'allowRecording'  => boolval($this->allowRecording),
+		];
+	}
+}

lib/Db/RestrictionMapper.php

@@ -0,0 +1,69 @@
+<?php
+
+namespace OCA\BigBlueButton\Db;
+
+use OCP\AppFramework\Db\DoesNotExistException;
+use OCP\AppFramework\Db\QBMapper;
+use OCP\DB\QueryBuilder\IQueryBuilder;
+use OCP\IDBConnection;
+
+class RestrictionMapper extends QBMapper {
+	public function __construct(IDBConnection $db) {
+		parent::__construct($db, 'bbb_restrictions', Restriction::class);
+	}
+
+	/**
+	 * @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException
+	 * @throws DoesNotExistException
+	 */
+	public function find(int $id): Restriction {
+		/* @var $qb IQueryBuilder */
+		$qb = $this->db->getQueryBuilder();
+		$qb->select('*')
+			->from($this->tableName)
+			->where($qb->expr()->eq('id', $qb->createNamedParameter($id, IQueryBuilder::PARAM_INT)));
+
+		return $this->findEntity($qb);
+	}
+
+	/**
+	 * @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException
+	 * @throws DoesNotExistException
+	 */
+	public function findByGroupId(string $groupId): Restriction {
+		/* @var $qb IQueryBuilder */
+		$qb = $this->db->getQueryBuilder();
+		$qb->select('*')
+			->from($this->tableName)
+			->where($qb->expr()->eq('group_id', $qb->createNamedParameter($groupId)));
+
+		return $this->findEntity($qb);
+	}
+
+	/**
+	 * @return array<Restriction>
+	 */
+	public function findByGroupIds(array $groupIds): array {
+		/* @var $qb IQueryBuilder */
+		$qb = $this->db->getQueryBuilder();
+		$qb->select('*')
+			->from($this->tableName)
+			->where($qb->expr()->in('group_id', $qb->createNamedParameter($groupIds, IQueryBuilder::PARAM_STR_ARRAY)));
+
+		/** @var array<Restriction> */
+		return $this->findEntities($qb);
+	}
+
+	/**
+	 * @return array<Restriction>
+	 */
+	public function findAll(): array {
+		/* @var $qb IQueryBuilder */
+		$qb = $this->db->getQueryBuilder();
+		$qb->select('*')
+			->from($this->tableName);
+
+		/** @var array<Restriction> */
+		return $this->findEntities($qb);
+	}
+}

lib/Db/Room.php

@@ -37,6 +37,8 @@ class Room extends Entity implements JsonSerializable {
 	public const ACCESS_INTERNAL = 'internal';
 	public const ACCESS_INTERNAL_RESTRICTED = 'internal_restricted';
 
+	public const ACCESS = [self::ACCESS_PUBLIC, self::ACCESS_PASSWORD, self::ACCESS_WAITING_ROOM, self::ACCESS_INTERNAL, self::ACCESS_INTERNAL_RESTRICTED];
+
 	public $uid;
 	public $name;
 	public $attendeePassword;

lib/Migration/Version000000Date20200826100844.php

@@ -0,0 +1,61 @@
+<?php
+
+declare(strict_types=1);
+
+namespace OCA\BigBlueButton\Migration;
+
+use Closure;
+use OCP\DB\ISchemaWrapper;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+
+/**
+ * Auto-generated migration step: Please modify to your needs!
+ */
+class Version000000Date20200826100844 extends SimpleMigrationStep {
+
+	/**
+	 * @param IOutput $output
+	 * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper`
+	 * @param array $options
+	 * @return null|ISchemaWrapper
+	 */
+	public function changeSchema(IOutput $output, Closure $schemaClosure, array $options) {
+		/** @var ISchemaWrapper $schema */
+		$schema = $schemaClosure();
+
+		if (!$schema->hasTable('bbb_restrictions')) {
+			$table = $schema->createTable('bbb_restrictions');
+			$table->addColumn('id', 'integer', [
+				'autoincrement' => true,
+				'notnull'       => true,
+			]);
+			$table->addColumn('group_id', 'string', [
+				'unique'  => true,
+				'notnull' => true,
+				'length'  => 200,
+			]);
+			$table->addColumn('max_rooms', 'integer', [
+				'notnull' => false,
+				'default' => -1,
+			]);
+			$table->addColumn('room_types', 'string', [
+				'notnull' => true,
+				'default' => '[]',
+			]);
+			$table->addColumn('max_participants', 'integer', [
+				'notnull' => false,
+				'default' => -1,
+			]);
+			$table->addColumn('allow_recording', 'boolean', [
+				'notnull' => true,
+				'default' => true,
+			]);
+
+			$table->setPrimaryKey(['id']);
+			$table->addIndex(['group_id'], 'restrictions_group_id_index');
+		}
+
+		return $schema;
+	}
+}