backend: add error handling for disabled anonymous access in room member service

meet-ce/backend/src/models/error.model.ts

@@ -1,4 +1,4 @@
-import { MeetRoomDeletionErrorCode } from '@openvidu-meet/typings';
+import { MeetRoomDeletionErrorCode, MeetRoomMemberRole } from '@openvidu-meet/typings';
 import { Response } from 'express';
 import { z } from 'zod';
 import { container } from '../config/dependency-injector.config.js';
@@ -283,6 +283,14 @@ export const errorInvalidRoomSecret = (roomId: string, secret: string): OpenVidu
 	return new OpenViduMeetError('Room Error', `Secret '${secret}' is not recognized for room '${roomId}'`, 400);
 };
 
+export const errorAnonymousAccessDisabled = (roomId: string, role: MeetRoomMemberRole): OpenViduMeetError => {
+	return new OpenViduMeetError(
+		'Room Error',
+		`Anonymous access in room '${roomId}' is disabled for role '${role}'`,
+		403
+	);
+};
+
 export const errorDeletingRoom = (errorCode: MeetRoomDeletionErrorCode, message: string): OpenViduMeetError => {
 	return new OpenViduMeetError(errorCode, message, 409);
 };

meet-ce/backend/src/services/room-member.service.ts

@@ -20,6 +20,7 @@ import { uid } from 'uid/single';
 import { MEET_ENV } from '../environment.js';
 import { MeetRoomHelper } from '../helpers/room.helper.js';
 import {
+	errorAnonymousAccessDisabled,
 	errorInsufficientPermissions,
 	errorInvalidRoomSecret,
 	errorParticipantNotFound,
@@ -478,7 +479,7 @@ export class RoomMemberService {
 				const member = await this.getRoomMember(roomId, secret);
 
 				if (!member) {
-					throw errorInvalidRoomSecret(roomId, secret);
+					throw errorRoomMemberNotFound(roomId, secret);
 				}
 
 				memberId = member.memberId;
@@ -486,16 +487,15 @@ export class RoomMemberService {
 				customPermissions = member.customPermissions;
 				effectivePermissions = member.effectivePermissions;
 			} else {
-				const isValidSecret = await this.roomService.isValidRoomSecret(roomId, secret);
-
-				if (!isValidSecret) {
-					throw errorInvalidRoomSecret(roomId, secret);
-				}
-
 				// If secret matches anonymous access URL secret, assign role and permissions based on it
 				baseRole = await this.getRoomMemberRoleBySecret(roomId, secret);
-
 				const room = await this.roomService.getMeetRoom(roomId);
+
+				// Check that anonymous access is enabled for the role
+				if (!room.anonymous[baseRole].enabled) {
+					throw errorAnonymousAccessDisabled(roomId, baseRole);
+				}
+
 				effectivePermissions = room.roles[baseRole].permissions;
 			}
 		} else {

meet-ce/backend/src/services/room.service.ts

@@ -346,14 +346,14 @@ export class RoomService {
 	 * - If the user is an ADMIN, null is returned indicating access to all rooms.
 	 * - If the user is a USER, room IDs they own and are members of are returned.
 	 * - If the user is a ROOM_MEMBER, only room IDs they are members of are returned.
-	 * 
+	 *
 	 * @param permission - Optional permission to filter rooms (e.g., 'canRetrieveRecordings')
 	 * @returns A promise that resolves to an array of accessible room IDs, or null if user is ADMIN
 	 */
 	async getAccessibleRoomIds(permission?: keyof MeetRoomMemberPermissions): Promise<string[] | null> {
 		const memberRoomId = this.requestSessionService.getRoomIdFromMember();
 
-		// If request is made with room member token, 
+		// If request is made with room member token,
 		// the only accessible room is the one associated with the token
 		if (memberRoomId) {
 			// Check permissions from token if specified