check room owner's role_id instead of current user's for role restric…

…tions of tags / list of allowed tags
bigbluebutton · Jul 18, 2024 · ffcd972 · ffcd972
1 parent 2928003
commit ffcd972
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 11 deletions.
diff --git a/app/controllers/api/v1/server_tags_controller.rb b/app/controllers/api/v1/server_tags_controller.rb
@@ -19,14 +19,15 @@
 module Api
   module V1
     class ServerTagsController < ApiController
-      # GET /api/v1/server_tags.json
-      # Returns a list of all allowed tags&names for the current user
-      def index
+      # GET /api/v1/server_tags/:friendly_id
+      # Returns a list of all allowed tags&names for the room's owner
+      def show
+        room = Room.find_by!(friendly_id: params[:friendly_id])
         tag_names = Rails.configuration.server_tag_names
         tag_roles = Rails.configuration.server_tag_roles
-        tag_names.delete_if { |tag, _| tag_roles.key?(tag) && tag_roles[tag].exclude?(current_user.role_id) }
+        allowed_tag_names = tag_names.reject { |tag, _| tag_roles.key?(tag) && tag_roles[tag].exclude?(room.user.role_id) }
 
-        render_data data: tag_names, status: :ok
+        render_data data: allowed_tag_names, status: :ok
       end
     end
   end

diff --git a/app/javascript/components/rooms/room/room_settings/RoomSettings.jsx b/app/javascript/components/rooms/room/room_settings/RoomSettings.jsx
@@ -43,7 +43,7 @@ export default function RoomSettings() {
   const roomSetting = useRoomSettings(friendlyId);
   const { data: roomConfigs } = useRoomConfigs();
   const { data: room } = useRoom(friendlyId);
-  const serverTags = useServerTags();
+  const serverTags = useServerTags(friendlyId);
 
   const updateMutationWrapper = () => useUpdateRoomSetting(friendlyId);
   const deleteMutationWrapper = (args) => useDeleteRoom({ friendlyId, ...args });

diff --git a/app/javascript/hooks/queries/rooms/useServerTags.jsx b/app/javascript/hooks/queries/rooms/useServerTags.jsx
@@ -17,9 +17,9 @@
 import { useQuery } from 'react-query';
 import axios from '../../../helpers/Axios';
 
-export default function useServerTags() {
+export default function useServerTags(friendlyId) {
   return useQuery(
-    'getServerTags',
-    () => axios.get('/server_tags.json').then((resp) => resp.data.data),
+    ['getServerTags', friendlyId],
+    () => axios.get(`/server_tags/${friendlyId}.json`).then((resp) => resp.data.data),
   );
 }
diff --git a/app/services/meeting_starter.rb b/app/services/meeting_starter.rb
@@ -82,7 +82,7 @@ def handle_server_tag(meeting_options:)
       tag = meeting_options.delete('serverTag')
       tag_required = meeting_options.delete('serverTagRequired')
 
-      if tag_names.key?(tag) && !(tag_roles.key?(tag) && tag_roles[tag].exclude?(@current_user.role_id))
+      if tag_names.key?(tag) && !(tag_roles.key?(tag) && tag_roles[tag].exclude?(@room.user.role_id))
         tag_param = tag_required == 'true' ? "#{tag} !" : tag
         meeting_options.store('meta_server-tag', tag_param)
       end

diff --git a/config/routes.rb b/config/routes.rb
@@ -85,7 +85,7 @@
       resources :site_settings, only: :index
       resources :rooms_configurations, only: %i[index show], param: :name
       resources :locales, only: %i[index show], param: :name
-      resources :server_tags
+      resources :server_tags, only: :show, param: :friendly_id
 
       namespace :admin do
         resources :users, only: %i[update] do