feat: custom end meeting url with restriction#202
feat: custom end meeting url with restriction#202SpechtD wants to merge 7 commits intolittleredbutton:masterfrom
Conversation
sualko
left a comment
sualko
left a comment
There was a problem hiding this comment.
Looks good, but needs some changes until we can merge it.
| bool $cleanLayout, | ||
| bool $joinMuted | ||
| bool $joinMuted, | ||
| string $logoutURL |
There was a problem hiding this comment.
We need some type of validation for the logoutURL. At least it has to start with http:// or https://.
There was a problem hiding this comment.
This validation should also be done on the server side, otherwise an attacker could bypass the client logic.
lib/Controller/RoomController.php
Outdated
| return new DataResponse(['message' => 'Not allowed to enable recordings.'], Http::STATUS_BAD_REQUEST); | ||
| } | ||
|
|
||
| if (!$restriction->getallowLogoutURL() && $logoutURL !== $room->getlogoutURL()) { |
There was a problem hiding this comment.
Is the value of allowLogoutURL determined somewhere? You should probably look into the Permission class 😉
There was a problem hiding this comment.
The value of allowLogoutURL is determined in the Restriction class, together with the other restrictions.
| $restriction1->setMaxRooms(10); | ||
| $restriction1->setMaxParticipants(100); | ||
| $restriction1->setAllowRecording(true); | ||
| $restriction1->setAllowRecording(true); |
There was a problem hiding this comment.
Should probably setAllowLogoutURL.
| bool $cleanLayout, | ||
| bool $joinMuted | ||
| bool $joinMuted, | ||
| string $logoutURL |
There was a problem hiding this comment.
This validation should also be done on the server side, otherwise an attacker could bypass the client logic.
| $invitationUrl = $this->urlHelper->linkToInvitationAbsolute($room); | ||
| $createMeetingParams->setModeratorOnlyMessage($this->l10n->t('To invite someone to the meeting, send them this link: %s', [$invitationUrl])); | ||
|
|
||
| if (!empty($room->logoutURL)) { |
There was a problem hiding this comment.
Should probably check if the logoutURL is empty. Anyway I would prefer to have the assignment at one place. Maybe
$createMeetingParams->setLogoutURL($room->logoutURL || $this->urlGenerator->getBaseUrl());
2 participants
closes #162