diff --git a/meet-ce/backend/src/models/error.model.ts b/meet-ce/backend/src/models/error.model.ts index 49b9cc10..4348efdd 100644 --- a/meet-ce/backend/src/models/error.model.ts +++ b/meet-ce/backend/src/models/error.model.ts @@ -1,4 +1,4 @@ -import { MeetRoomDeletionErrorCode } from '@openvidu-meet/typings'; +import { MeetRoomDeletionErrorCode, MeetRoomMemberRole } from '@openvidu-meet/typings'; import { Response } from 'express'; import { z } from 'zod'; import { container } from '../config/dependency-injector.config.js'; @@ -283,6 +283,14 @@ export const errorInvalidRoomSecret = (roomId: string, secret: string): OpenVidu return new OpenViduMeetError('Room Error', `Secret '${secret}' is not recognized for room '${roomId}'`, 400); }; +export const errorAnonymousAccessDisabled = (roomId: string, role: MeetRoomMemberRole): OpenViduMeetError => { + return new OpenViduMeetError( + 'Room Error', + `Anonymous access in room '${roomId}' is disabled for role '${role}'`, + 403 + ); +}; + export const errorDeletingRoom = (errorCode: MeetRoomDeletionErrorCode, message: string): OpenViduMeetError => { return new OpenViduMeetError(errorCode, message, 409); }; diff --git a/meet-ce/backend/src/services/room-member.service.ts b/meet-ce/backend/src/services/room-member.service.ts index c436387b..3658d3f8 100644 --- a/meet-ce/backend/src/services/room-member.service.ts +++ b/meet-ce/backend/src/services/room-member.service.ts @@ -20,6 +20,7 @@ import { uid } from 'uid/single'; import { MEET_ENV } from '../environment.js'; import { MeetRoomHelper } from '../helpers/room.helper.js'; import { + errorAnonymousAccessDisabled, errorInsufficientPermissions, errorInvalidRoomSecret, errorParticipantNotFound, @@ -478,7 +479,7 @@ export class RoomMemberService { const member = await this.getRoomMember(roomId, secret); if (!member) { - throw errorInvalidRoomSecret(roomId, secret); + throw errorRoomMemberNotFound(roomId, secret); } memberId = member.memberId; @@ -486,16 +487,15 @@ export class RoomMemberService { customPermissions = member.customPermissions; effectivePermissions = member.effectivePermissions; } else { - const isValidSecret = await this.roomService.isValidRoomSecret(roomId, secret); - - if (!isValidSecret) { - throw errorInvalidRoomSecret(roomId, secret); - } - // If secret matches anonymous access URL secret, assign role and permissions based on it baseRole = await this.getRoomMemberRoleBySecret(roomId, secret); - const room = await this.roomService.getMeetRoom(roomId); + + // Check that anonymous access is enabled for the role + if (!room.anonymous[baseRole].enabled) { + throw errorAnonymousAccessDisabled(roomId, baseRole); + } + effectivePermissions = room.roles[baseRole].permissions; } } else { diff --git a/meet-ce/backend/src/services/room.service.ts b/meet-ce/backend/src/services/room.service.ts index eba522af..4e866ab7 100644 --- a/meet-ce/backend/src/services/room.service.ts +++ b/meet-ce/backend/src/services/room.service.ts @@ -346,14 +346,14 @@ export class RoomService { * - If the user is an ADMIN, null is returned indicating access to all rooms. * - If the user is a USER, room IDs they own and are members of are returned. * - If the user is a ROOM_MEMBER, only room IDs they are members of are returned. - * + * * @param permission - Optional permission to filter rooms (e.g., 'canRetrieveRecordings') * @returns A promise that resolves to an array of accessible room IDs, or null if user is ADMIN */ async getAccessibleRoomIds(permission?: keyof MeetRoomMemberPermissions): Promise { const memberRoomId = this.requestSessionService.getRoomIdFromMember(); - // If request is made with room member token, + // If request is made with room member token, // the only accessible room is the one associated with the token if (memberRoomId) { // Check permissions from token if specified