Restrict /topic command to allowed users

3d3d97e7 · JC Brand · aa86a8be · 3d3d97e7 · 3d3d97e7
Commit 3d3d97e7 authored Jan 16, 2020 by JC Brand
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 6 deletions

docs/source/session.rst docs/source/session.rst +1 -1

src/converse-muc-views.js src/converse-muc-views.js +5 -5

No files found.
--- a/docs/source/session.rst
+++ b/docs/source/session.rst
@@ -154,7 +154,7 @@ URL from which Converse should fetch the username and token.
 Keeping users logged-in across page reloads
 ===========================================

-If you're properly set up :ref:`shared session support <session-support>`, then
+If you've properly set up :ref:`shared session support <session-support>`, then
 your users will stay logged-in to the XMPP server upon page reloads.

 However, if users are logging in manually, then users might get logged out between requests.

--- a/src/converse-muc-views.js
+++ b/src/converse-muc-views.js
@@ -1373,11 +1373,10 @@ converse.plugins.add('converse-muc-views', {
            },

            getAllowedCommands () {
-                // FIXME: The availability of some of these commands
-                // depend on the MUCs configuration (e.g. whether it's
-                // moderated or not). We need to take that into
-                // consideration.
-                let allowed_commands = ['clear', 'help', 'me', 'nick', 'subject', 'topic', 'register'];
+                let allowed_commands = ['clear', 'help', 'me', 'nick', 'register'];
+                if (this.model.config.get('changesubject') || this.model.getOwnAffiliation() === 'owner') {
+                    allowed_commands = [...allowed_commands, ...['subject', 'topic']];
+                }
                const occupant = this.model.occupants.findWhere({'jid': _converse.bare_jid});
                if (this.verifyAffiliations(['owner'], occupant, false)) {
                    allowed_commands = allowed_commands.concat(OWNER_COMMANDS).concat(ADMIN_COMMANDS);
@@ -1389,6 +1388,7 @@ converse.plugins.add('converse-muc-views', {
                } else if (!this.verifyRoles(['visitor', 'participant', 'moderator'], occupant, false)) {
                    allowed_commands = allowed_commands.concat(VISITOR_COMMANDS);
                }
+                allowed_commands.sort();
                return allowed_commands;
            },