fix(transcriptions,recording): Allows non moderators with features to dial, record or transcribe. #15074
Conversation
|
Hum, I'm getting forbidden when I'm a moderator without a token. It still needs more testing. |
It is fixed now. |
damencho
force-pushed
the
non-moderator-features
branch
from
b99a1de
to
9ca166e
Compare
| /** | ||
| * The dial command to use for starting a transcriber. | ||
| */ | ||
| const TRANSCRIBER_DIAL_COMMAND = 'jitsi_meet_transcribe'; |
There was a problem hiding this comment.
Suggest something other than "command" which we already used for other things. I looked it up and we use "number" (in the ljm API), "to" (in the rayo xml), and "destination" (in our java rayo impl).
|
|
||
| -- if current user is not allowed, but was granted moderation by a user | ||
| -- that is allowed by its features we want to allow it | ||
| local is_granting_allowed = false; |
There was a problem hiding this comment.
I don't think you care about the distinction of whether it was "naturally" allowed or because the features were granted. I suggest simplifying to something like
local is_allowed = is_feature_allowed(session.jitsi_meet_context_features, feature) or
is_feature_allowed(session.granted_jitsi_meet_context_features, feature)
There was a problem hiding this comment.
But I want to check that only if there are features set.
There was a problem hiding this comment.
A right, we have changed behavior of is_feature_allowed, so this will work.
There was a problem hiding this comment.
Nope, this is not correct as it will check for moderator rights if you have the feature = "false".
so we have two cases, are features available and is the feature set to false.
| then | ||
| if not session.jitsi_meet_context_features and not session.granted_jitsi_meet_context_features then | ||
| -- we need to check for moderator rights | ||
| -- when there are no features and the occupant is moderator we allow recording |
There was a problem hiding this comment.
Why don't we extract the set of features in a central place? I think it would be less error prone. For example, we can do it at token verification time. We can read the token and set the features accordingly. If the moderator flag is raised and no features are specified we can populate the defaults. That would also be the place to set features to an empty set when no token is present. Then, everywhere else we can assume that the set of features is set accordingly, and we don't have to know the details.
This whole section would simplify to:
local is_allowed = ...
if ~is_allowed then
module:log(...)
session.send(st.error_reply(stanza, "auth", "forbidden"));
end
There was a problem hiding this comment.
We do not have a common rule for defining moderator, and ther rules we use in deploments are outside of this project.
The extraction time of features is before we know whether it is a moderator.
There was a problem hiding this comment.
I see. Then can we extract a utility function like is_feature_allowed(feature, features, granted_features, isModerator)? So that all that logic is consistent and in one place?
There was a problem hiding this comment.
I think I addressed that now.
There was a problem hiding this comment.
We lost some small optimizations cause before we were looking up the room to search for the occupant to check the role only when needed.
| local data, key, occupant, session = event.data, event.key, event.actor, event.session; | ||
|
|
||
| if occupant.role == 'moderator' then | ||
| return data; |
There was a problem hiding this comment.
What about the case of a moderator which doesn't have transcription rights?
| @@ -37,9 +37,11 @@ class StartRecordingDialogContent extends AbstractStartRecordingDialogContent { | |||
| * @returns {React$Component} | |||
| */ | |||
| render() { | |||
| const _renderRecording = this.props._isModerator || this.props._hasRecordingFeature; | |||
There was a problem hiding this comment.
Similar as above, it should be based on the content of features, with the moderator flag only being used to infer defaults
| @@ -267,8 +267,8 @@ export function getRecordButtonProps(state: IReduxState) { | |||
|
|
|||
| if (localRecordingEnabled) { | |||
| visible = true; | |||
| } else if (isModerator) { | |||
| visible = recordingEnabled ? isJwtFeatureEnabled(state, 'recording', true) : false; | |||
| } else if (isModerator || isJwtFeatureEnabled(state, 'recording', false, false)) { | |||
| if (localParticipantIsModerator && !isInBreakoutRoom) { | ||
| visible = liveStreamingEnabled ? liveStreamingEnabledInJwt : false; | ||
| if (!isInBreakoutRoom) { | ||
| visible = liveStreamingEnabled ? localParticipantIsModerator || liveStreamingEnabledInJwt : false; |
| if (enabled && conference?.getTranscriptionStatus() === 'off') { | ||
| const featureAllowed = isJwtFeatureEnabled(getState(), 'transcription', false, false); | ||
|
|
||
| if (isLocalParticipantModerator(state) || featureAllowed) { |
|
|
||
| if (!transcription?.enabled) { | ||
| return false; | ||
| } | ||
|
|
||
| if (isJwtTranscribingEnabled) { | ||
| if (isLocalParticipantModerator(state) || isJwtTranscribingEnabled) { |
damencho
force-pushed
the
non-moderator-features
branch
3 times, most recently
from
c373ff7
to
47ee211
Compare
| or not is_feature_allowed(session.jitsi_meet_context_features, | ||
| (jibri.attr.recording_mode == 'file' and 'recording' or 'livestreaming') | ||
| ) then | ||
| if token == nil or not is_allowed then |
There was a problem hiding this comment.
Do we still need to check token here? What are we supposed to do if the user is a moderator with no token? Or if the user was granted features, but has no token?
If some form of check for token is necessary can we move it to is_feature_allowed?
There was a problem hiding this comment.
What are we supposed to do if the user is a moderator with no token?
The case when you are not using jwt for authentication, but you are moderator. Hum but this is explicit check if there is no token ... I will drop it.
Or if the user was granted features, but has no token?
Most of the cases are like this, you grant moderation to guests that has no token.
… dial, record or transcribe.
It works now and without a token and no features, but being moderator.
…tering metadata service.
damencho
force-pushed
the
non-moderator-features
branch
from
655f283
to
bccbb5b
Compare
react/features/base/jwt/constants.ts
Outdated
| @@ -20,10 +20,10 @@ export const MEET_FEATURES = { | |||
|
|
|||
| /** | |||
| * A mapping between jwt features and toolbar buttons keys. | |||
| * We don't need recording in here, as it will disable and local recording. | |||
There was a problem hiding this comment.
Not sure I understand the message. Can you elaborate?
There was a problem hiding this comment.
Cause even when feature recording(the feature is for server-side recording) is disabled you see local recording.
| })) { | ||
| && !_isInBreakoutRoom | ||
| && liveStreaming?.enabled | ||
| && liveStreamingAllowed) { |
There was a problem hiding this comment.
Why did we remove the isLiveStreamingButtonVisible function isn't the condition the same here and in the component?
There was a problem hiding this comment.
Nope, as it depends on the isModerator only if the token is missing or there are no features in the token.
damencho
force-pushed
the
non-moderator-features
branch
from
baea250
to
d00219c
Compare
damencho
dismissed
bgrozev’s stale review
The changes requested have been implemented.
No description provided.