feat: custom end meeting url with restriction #202
Conversation
| @@ -119,7 +119,8 @@ public function update( | |||
| bool $listenOnly, | |||
| bool $mediaCheck, | |||
| bool $cleanLayout, | |||
| bool $joinMuted | |||
| bool $joinMuted, | |||
| string $logoutURL | |||
There was a problem hiding this comment.
We need some type of validation for the logoutURL. At least it has to start with http:// or https://.
There was a problem hiding this comment.
This validation should also be done on the server side, otherwise an attacker could bypass the client logic.
lib/Controller/RoomController.php
Outdated
| @@ -137,13 +138,17 @@ public function update( | |||
| return new DataResponse(['message' => 'Not allowed to enable recordings.'], Http::STATUS_BAD_REQUEST); | |||
| } | |||
|
|
|||
| if (!$restriction->getallowLogoutURL() && $logoutURL !== $room->getlogoutURL()) { | |||
There was a problem hiding this comment.
Is the value of allowLogoutURL determined somewhere? You should probably look into the Permission class 😉
There was a problem hiding this comment.
The value of allowLogoutURL is determined in the Restriction class, together with the other restrictions.
|
|
||
| $restriction1 = new Restriction(); | ||
| $restriction1->setRoomTypes(\json_encode([Room::ACCESS_INTERNAL, Room::ACCESS_INTERNAL_RESTRICTED])); | ||
| $restriction1->setMaxRooms(10); | ||
| $restriction1->setMaxParticipants(100); | ||
| $restriction1->setAllowRecording(true); | ||
| $restriction1->setAllowRecording(true); |
There was a problem hiding this comment.
Should probably setAllowLogoutURL.
| @@ -119,7 +119,8 @@ public function update( | |||
| bool $listenOnly, | |||
| bool $mediaCheck, | |||
| bool $cleanLayout, | |||
| bool $joinMuted | |||
| bool $joinMuted, | |||
| string $logoutURL | |||
There was a problem hiding this comment.
This validation should also be done on the server side, otherwise an attacker could bypass the client logic.
| @@ -188,6 +188,10 @@ private function buildMeetingParams(Room $room, Presentation $presentation = nul | |||
| $invitationUrl = $this->urlHelper->linkToInvitationAbsolute($room); | |||
| $createMeetingParams->setModeratorOnlyMessage($this->l10n->t('To invite someone to the meeting, send them this link: %s', [$invitationUrl])); | |||
|
|
|||
| if (!empty($room->logoutURL)) { | |||
There was a problem hiding this comment.
Should probably check if the logoutURL is empty. Anyway I would prefer to have the assignment at one place. Maybe
$createMeetingParams->setLogoutURL($room->logoutURL || $this->urlGenerator->getBaseUrl());
closes #162