Merge pull request #13117 from jfsiebel/breakout-url-request

Constraint  viewer capability of request breakout url

akka-bbb-apps/src/main/scala/org/bigbluebutton/core/apps/breakout/RequestBreakoutJoinURLReqMsgHdlr.scala

@@ -4,6 +4,7 @@ import org.bigbluebutton.common2.msgs._
 import org.bigbluebutton.core.domain.MeetingState2x
 import org.bigbluebutton.core.running.{ MeetingActor, OutMsgRouter }
 import org.bigbluebutton.core.apps.{ PermissionCheck, RightsManagementTrait }
+import org.bigbluebutton.core.models.{ Users2x, Roles }
 
 trait RequestBreakoutJoinURLReqMsgHdlr extends RightsManagementTrait {
   this: MeetingActor =>
@@ -19,15 +20,22 @@ trait RequestBreakoutJoinURLReqMsgHdlr extends RightsManagementTrait {
       for {
         model <- state.breakout
         room <- model.find(msg.body.breakoutId)
+        requesterUser <- Users2x.findWithIntId(liveMeeting.users2x, msg.header.userId)
       } yield {
-        BreakoutHdlrHelpers.sendJoinURL(
-          liveMeeting,
-          outGW,
-          msg.body.userId,
-          room.externalId,
-          room.sequence.toString(),
-          room.id
-        )
+        if (requesterUser.role == Roles.MODERATOR_ROLE || room.freeJoin) {
+          BreakoutHdlrHelpers.sendJoinURL(
+            liveMeeting,
+            outGW,
+            msg.body.userId,
+            room.externalId,
+            room.sequence.toString(),
+            room.id
+          )
+        } else {
+          val meetingId = liveMeeting.props.meetingProp.intId
+          val reason = "No permission to request breakout room URL for meeting."
+          PermissionCheck.ejectUserForFailedPermission(meetingId, msg.header.userId, reason, outGW, liveMeeting)
+        }
       }
     }