Add access code for public recordings #6064
Conversation
sebclemens
force-pushed
the
add-access-code-for-public-recordings
branch
from
5a1acba to
d6dd1cc
Compare
sebclemens
force-pushed
the
add-access-code-for-public-recordings
branch
from
fafbe31 to
40c676d
Compare
|
|
Related: #6136 |
|
| if option.nil? && is_access_code | ||
| option = RoomMeetingOption.create!( | ||
| room_id: @room.id, | ||
| meeting_option_id: MeetingOption.find_by(name: name).id, | ||
| value: value | ||
| ) | ||
| return render_data status: :ok | ||
| end |
There was a problem hiding this comment.
Its better to do this in a data migration
| recordings_access_code = RoomMeetingOption.joins(:meeting_option) | ||
| .where(room_id: @room.id, meeting_options: { name: 'glRecordingsAccessCode' }) | ||
| .first&.value |
There was a problem hiding this comment.
It's better to get the value using the RoomSettingsGetter (similar to this)
viewer_code = RoomSettingsGetter.new(
room_id: @room.id,
provider: @room.user.provider,
current_user: @current_user,
show_codes: true,
settings: 'glViewerAccessCode'
).call
|
|
||
| # If a recordings access code exists and the provided code doesn't match, require access code | ||
| if recordings_access_code.present? && params[:access_code] != recordings_access_code | ||
| return render_data data: [], meta: { requires_access_code: true }, status: :ok |
There was a problem hiding this comment.
I would rather we return something like this instead
return render_error status: :forbidden
| pagy, recordings = pagy(@room.public_recordings.order(sort_config, recorded_at: :desc).public_search(params[:search])) | ||
|
|
||
| render_data data: recordings, meta: pagy_metadata(pagy), serializer: PublicRecordingSerializer, status: :ok | ||
| render_data data: recordings, meta: pagy_metadata(pagy).merge(requires_access_code: false), serializer: PublicRecordingSerializer, status: :ok |
There was a problem hiding this comment.
Not quite sure what this is doing, but it shouldn't be doing it
| {publicRoom?.data.name} | ||
| </h1> | ||
| { (recordValue !== 'false') && recordings?.data?.length > 0 && ( | ||
| { (recordValue !== 'false') && (recordings?.data?.length > 0 || recordings?.meta?.requires_access_code === true) && ( |
There was a problem hiding this comment.
Oh - I would look at how the viewer access code works and implement something similar
3 participants
This pull request adds support for protecting public recordings with a dedicated access code.
Here is my first request to this feature:
#6043
Feature Demo
Below is a short demonstration of the new functionality in action:
What this adds
This improves security and flexibility for sharing content with external audiences.