feat: add admin setting to restrict rooms

fix #43

appinfo/routes.php

@@ -4,6 +4,7 @@
  'resources' => [
  'room' => ['url' => '/rooms'],
  'roomShare' => ['url' => '/roomShares'],
+ 'restriction' => ['url' => '/restrictions'],
  ],
  'routes' => [
  ['name' => 'page#index', 'url' => '/', 'verb' => 'GET'],
@@ -12,5 +13,6 @@
  ['name' => 'server#version', 'url' => '/server/version', 'verb' => 'GET'],
  ['name' => 'server#delete_record', 'url' => '/server/record/{recordId}', 'verb' => 'DELETE'],
  ['name' => 'join#index', 'url' => '/b/{token}', 'verb' => 'GET'],
+ ['name' => 'restriction#user', 'url' => '/restrictions/user', 'verb' => 'GET'],
  ]
 ];

lib/Controller/RestrictionController.php

@@ -0,0 +1,113 @@
+<?php
+
+namespace OCA\BigBlueButton\Controller;
+
+use OCA\BigBlueButton\Db\Restriction;
+use OCP\IRequest;
+use OCP\IGroupManager;
+use OCP\IUserManager;
+use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\DataResponse;
+use OCP\AppFramework\Controller;
+
+use OCA\BigBlueButton\Service\RestrictionService;
+
+class RestrictionController extends Controller {
+ /** @var RestrictionService */
+ private $service;
+
+ /** @var string */
+ private $userId;
+
+ /** @var IUserManager */
+ private $userManager;
+
+ /** @var IGroupManager */
+ private $groupManager;
+
+ use Errors;
+
+ public function __construct(
+ $appName,
+ IRequest $request,
+ RestrictionService $service,
+ IUserManager $userManager,
+ IGroupManager $groupManager,
+ $userId
+ ) {
+ parent::__construct($appName, $request);
+ $this->service = $service;
+ $this->userManager = $userManager;
+ $this->groupManager = $groupManager;
+ $this->userId = $userId;
+ }
+
+ /**
+ * @NoAdminRequired
+ */
+ public function user(): DataResponse {
+ $user = $this->userManager->get($this->userId);
+ $groupIds = $this->groupManager->getUserGroupIds($user);
+
+ return new DataResponse($this->service->findByGroupIds($groupIds));
+ }
+
+ public function index(): DataResponse {
+ $restrictions = $this->service->findAll();
+
+ if (!$this->service->existsByGroupId(Restriction::ALL_ID)) {
+ $defaultRestriction = new Restriction();
+ $defaultRestriction->setGroupId('');
+
+ $restrictions[] = $defaultRestriction;
+ }
+
+ return new DataResponse($restrictions);
+ }
+
+ public function create(
+ string $groupId
+ ): DataResponse {
+ if ($this->service->existsByGroupId($groupId)) {
+ return new DataResponse(null, Http::STATUS_CONFLICT);
+ }
+
+ return new DataResponse($this->service->create(
+ $groupId
+ ));
+ }
+
+ public function update(
+ int $id,
+ string $groupId,
+ int $maxRooms,
+ array $roomTypes,
+ int $maxParticipants,
+ bool $allowRecording
+ ): DataResponse {
+ return $this->handleNotFound(function () use (
+ $id,
+ $groupId,
+ $maxRooms,
+ $roomTypes,
+ $maxParticipants,
+ $allowRecording) {
+ return $this->service->update(
+ $id,
+ $groupId,
+ $maxRooms,
+ $roomTypes,
+ $maxParticipants,
+ $allowRecording
+ );
+ });
+ }
+
+ public function destroy(int $id): DataResponse {
+ return $this->handleNotFound(function () use ($id) {
+ $roomShare = $this->service->find($id);
+
+ return $this->service->delete($id);
+ });
+ }
+}

lib/Controller/RoomController.php

@@ -4,6 +4,7 @@
 
 use OCA\BigBlueButton\Service\RoomService;
 use OCA\BigBlueButton\Permission;
+use OCA\BigBlueButton\Db\Room;
 use OCP\IRequest;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\DataResponse;
@@ -63,13 +64,34 @@ public function create(
  string $name,
  string $welcome,
  int $maxParticipants,
- bool $record
+ bool $record,
+ string $access
  ): DataResponse {
+ if (!$this->permission->isAllowedToCreateRoom($this->userId)) {
+ return new DataResponse(null, Http::STATUS_FORBIDDEN);
+ }
+
+ $restriction = $this->permission->getRestriction($this->userId);
+
+ if ($restriction->getMaxParticipants() > -1 && ($maxParticipants > $restriction->getMaxParticipants() || $maxParticipants <= 0)) {
+ return new DataResponse('Max participants limit exceeded.', Http::STATUS_BAD_REQUEST);
+ }
+
+ if (!$restriction->getAllowRecording() && $record) {
+ return new DataResponse('Not allowed to enable recordings.', Http::STATUS_BAD_REQUEST);
+ }
+
+ $disabledRoomTypes = \json_decode($restriction->getRoomTypes());
+ if (in_array($access, $disabledRoomTypes) || !in_array($access, Room::ACCESS)) {
+ return new DataResponse('Access type not allowed.', Http::STATUS_BAD_REQUEST);
+ }
+
  return new DataResponse($this->service->create(
  $name,
  $welcome,
  $maxParticipants,
  $record,
+ $access,
  $this->userId
  ));
  }
@@ -92,6 +114,21 @@ public function update(
  return new DataResponse(null, Http::STATUS_FORBIDDEN);
  }
 
+ $restriction = $this->permission->getRestriction($this->userId);
+
+ if ($restriction->getMaxParticipants() > -1 && $maxParticipants !== $room->getMaxParticipants() && ($maxParticipants > $restriction->getMaxParticipants() || $maxParticipants <= 0)) {
+ return new DataResponse('Max participants limit exceeded.', Http::STATUS_BAD_REQUEST);
+ }
+
+ if (!$restriction->getAllowRecording() && $record !== $room->getRecord()) {
+ return new DataResponse('Not allowed to enable recordings.', Http::STATUS_BAD_REQUEST);
+ }
+
+ $disabledRoomTypes = \json_decode($restriction->getRoomTypes());
+ if ((in_array($access, $disabledRoomTypes) && $access !== $room->getAccess()) || !in_array($access, Room::ACCESS)) {
+ return new DataResponse('Access type not allowed.', Http::STATUS_BAD_REQUEST);
+ }
+
  return $this->handleNotFound(function () use ($id, $name, $welcome, $maxParticipants, $record, $everyoneIsModerator, $access) {
  return $this->service->update($id, $name, $welcome, $maxParticipants, $record, $access, $everyoneIsModerator);
  });

lib/Db/Restriction.php

@@ -0,0 +1,45 @@
+<?php
+
+namespace OCA\BigBlueButton\Db;
+
+use JsonSerializable;
+
+use OCP\AppFramework\Db\Entity;
+
+/**
+ * @method int getRoomId()
+ * @method int getMaxRooms()
+ * @method string getRoomTypes()
+ * @method int getMaxParticipants()
+ * @method bool getAllowRecording()
+ * @method void setRoomId(string $id)
+ * @method void setMaxRooms(int $number)
+ * @method void setMaxParticipants(int $number)
+ * @method void setAllowRecording(bool $allow)
+ */
+class Restriction extends Entity implements JsonSerializable {
+ public const ALL_ID = '';
+
+ protected $groupId;
+ protected $maxRooms = -1;
+ protected $roomTypes = '[]';
+ protected $maxParticipants = -1;
+ protected $allowRecording = true;
+
+ public function __construct() {
+ $this->addType('max_rooms', 'integer');
+ $this->addType('max_participants', 'integer');
+ $this->addType('allow_recording', 'boolean');
+ }
+
+ public function jsonSerialize(): array {
+ return [
+ 'id' => $this->id,
+ 'groupId' => $this->groupId,
+ 'maxRooms' => (int) $this->maxRooms,
+ 'roomTypes' => \json_decode($this->roomTypes),
+ 'maxParticipants' => (int) $this->maxParticipants,
+ 'allowRecording' => boolval($this->allowRecording),
+ ];
+ }
+}

lib/Db/RestrictionMapper.php

@@ -0,0 +1,69 @@
+<?php
+
+namespace OCA\BigBlueButton\Db;
+
+use OCP\AppFramework\Db\DoesNotExistException;
+use OCP\AppFramework\Db\QBMapper;
+use OCP\DB\QueryBuilder\IQueryBuilder;
+use OCP\IDBConnection;
+
+class RestrictionMapper extends QBMapper {
+ public function __construct(IDBConnection $db) {
+ parent::__construct($db, 'bbb_restrictions', Restriction::class);
+ }
+
+ /**
+ * @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException
+ * @throws DoesNotExistException
+ */
+ public function find(int $id): Restriction {
+ /* @var $qb IQueryBuilder */
+ $qb = $this->db->getQueryBuilder();
+ $qb->select('*')
+ ->from($this->tableName)
+ ->where($qb->expr()->eq('id', $qb->createNamedParameter($id, IQueryBuilder::PARAM_INT)));
+
+ return $this->findEntity($qb);
+ }
+
+ /**
+ * @throws \OCP\AppFramework\Db\MultipleObjectsReturnedException
+ * @throws DoesNotExistException
+ */
+ public function findByGroupId(string $groupId): Restriction {
+ /* @var $qb IQueryBuilder */
+ $qb = $this->db->getQueryBuilder();
+ $qb->select('*')
+ ->from($this->tableName)
+ ->where($qb->expr()->eq('group_id', $qb->createNamedParameter($groupId)));
+
+ return $this->findEntity($qb);
+ }
+
+ /**
+ * @return array<Restriction>
+ */
+ public function findByGroupIds(array $groupIds): array {
+ /* @var $qb IQueryBuilder */
+ $qb = $this->db->getQueryBuilder();
+ $qb->select('*')
+ ->from($this->tableName)
+ ->where($qb->expr()->in('group_id', $qb->createNamedParameter($groupIds, IQueryBuilder::PARAM_STR_ARRAY)));
+
+ /** @var array<Restriction> */
+ return $this->findEntities($qb);
+ }
+
+ /**
+ * @return array<Restriction>
+ */
+ public function findAll(): array {
+ /* @var $qb IQueryBuilder */
+ $qb = $this->db->getQueryBuilder();
+ $qb->select('*')
+ ->from($this->tableName);
+
+ /** @var array<Restriction> */
+ return $this->findEntities($qb);
+ }
+}

lib/Db/Room.php

@@ -37,6 +37,8 @@ class Room extends Entity implements JsonSerializable {
  public const ACCESS_INTERNAL = 'internal';
  public const ACCESS_INTERNAL_RESTRICTED = 'internal_restricted';
 
+ public const ACCESS = [self::ACCESS_PUBLIC, self::ACCESS_PASSWORD, self::ACCESS_WAITING_ROOM, self::ACCESS_INTERNAL, self::ACCESS_INTERNAL_RESTRICTED];
+
  public $uid;
  public $name;
  public $attendeePassword;

lib/Migration/Version000000Date20200826100844.php

@@ -0,0 +1,61 @@
+<?php
+
+declare(strict_types=1);
+
+namespace OCA\BigBlueButton\Migration;
+
+use Closure;
+use OCP\DB\ISchemaWrapper;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+
+/**
+ * Auto-generated migration step: Please modify to your needs!
+ */
+class Version000000Date20200826100844 extends SimpleMigrationStep {
+
+ /**
+ * @param IOutput $output
+ * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper`
+ * @param array $options
+ * @return null|ISchemaWrapper
+ */
+ public function changeSchema(IOutput $output, Closure $schemaClosure, array $options) {
+ /** @var ISchemaWrapper $schema */
+ $schema = $schemaClosure();
+
+ if (!$schema->hasTable('bbb_restrictions')) {
+ $table = $schema->createTable('bbb_restrictions');
+ $table->addColumn('id', 'integer', [
+ 'autoincrement' => true,
+ 'notnull' => true,
+ ]);
+ $table->addColumn('group_id', 'string', [
+ 'unique' => true,
+ 'notnull' => true,
+ 'length' => 200,
+ ]);
+ $table->addColumn('max_rooms', 'integer', [
+ 'notnull' => false,
+ 'default' => -1,
+ ]);
+ $table->addColumn('room_types', 'string', [
+ 'notnull' => true,
+ 'default' => '[]',
+ ]);
+ $table->addColumn('max_participants', 'integer', [
+ 'notnull' => false,
+ 'default' => -1,
+ ]);
+ $table->addColumn('allow_recording', 'boolean', [
+ 'notnull' => true,
+ 'default' => true,
+ ]);
+
+ $table->setPrimaryKey(['id']);
+ $table->addIndex(['group_id'], 'restrictions_group_id_index');
+ }
+
+ return $schema;
+ }
+}