From e4e8ba63db60c4c772142ebd5302a4b34c653dae Mon Sep 17 00:00:00 2001 From: jkjanetschek Date: Mon, 19 Jul 2021 12:26:01 +0200 Subject: [PATCH] BBB-167: possible solution for a permission check in getMeetings function based on BBBMeetingManager getMeeting method. --- .../tool/entity/BBBMeetingEntityProvider.java | 28 ++++++++++++++++++- 1 file changed, 27 insertions(+), 1 deletion(-) diff --git a/tool/src/java/org/sakaiproject/bbb/tool/entity/BBBMeetingEntityProvider.java b/tool/src/java/org/sakaiproject/bbb/tool/entity/BBBMeetingEntityProvider.java index 2fd95dcb..b7cada89 100644 --- a/tool/src/java/org/sakaiproject/bbb/tool/entity/BBBMeetingEntityProvider.java +++ b/tool/src/java/org/sakaiproject/bbb/tool/entity/BBBMeetingEntityProvider.java @@ -708,12 +708,38 @@ public ActionReturn getMeetings(Map params) { logger.debug("getMeetings"); try { - return new ActionReturn(meetingManager.getMeetings()); + Map response = meetingManager.getMeetings(); + checkPermissionsMeetings(response); + return new ActionReturn(response); } catch (BBBException e) { return new ActionReturn(new HashMap()); } } + private void checkPermissionsMeetings( Map response) { + try{ + Object meetings = response.get("meetings"); + if(meetings != "" && response.get("returncode").equals("SUCCESS")){ + List list =(List) meetings; + List listTmp = new ArrayList<>(list); + for(int i = 0; i < listTmp.size(); i++ ) { + Map map = (Map) listTmp.get(i); + String meetingID = (String) map.get("meetingID"); + BBBMeeting bbbMeeting = meetingManager.getMeeting(meetingID); + if(bbbMeeting == null){ + list.remove(map); + } + } + } + }catch(ClassCastException | NullPointerException | IndexOutOfBoundsException e){ + logger.error(e.getMessage(), e); + } catch (SecurityException e) { + logger.error(e.getMessage(), e); + }catch (Exception e){ + logger.error(e.getMessage(), e); + } + } + @EntityCustomAction(viewKey = EntityView.VIEW_SHOW) public ActionReturn getMeetingInfo(OutputStream out, EntityView view, EntityReference ref, Map params) { if (logger.isDebugEnabled())