From 24c8dee026972c4f677bee0c0069f2f878bba89f Mon Sep 17 00:00:00 2001 From: Anton Alexeyev Date: Fri, 10 Oct 2025 21:13:17 +0700 Subject: [PATCH 1/2] Forbid anonymous invites & join requests Signed-off-by: Anton Alexeyev --- plugins/love-resources/src/invites.ts | 5 ++++- plugins/love-resources/src/joinRequests.ts | 6 +++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/plugins/love-resources/src/invites.ts b/plugins/love-resources/src/invites.ts index 50e617e6455..cca74396733 100644 --- a/plugins/love-resources/src/invites.ts +++ b/plugins/love-resources/src/invites.ts @@ -13,7 +13,7 @@ // limitations under the License. // -import { type Ref } from '@hcengineering/core' +import { AccountRole, getCurrentAccount, type Ref } from '@hcengineering/core' import { getCurrentEmployee, type Person } from '@hcengineering/contact' import { type PopupResult, showPopup } from '@hcengineering/ui' import { type UnsubscribeCallback } from '@hcengineering/hulypulse-client' @@ -68,6 +68,7 @@ export async function unsubscribeInviteResponses (): Promise { } export function sendInvites (persons: Array>): void { + if (getCurrentAccount().role === AccountRole.ReadOnlyGuest) return closeInvitesPopup() requestPersons = persons const myParticipation = get(myInfo) @@ -86,6 +87,7 @@ export function closeInvitesPopup (): void { } export async function updateInvites (persons: Array>, meetingId: string): Promise { + if (getCurrentAccount().role === AccountRole.ReadOnlyGuest) return const client = await createPulseClient() const currentPerson = getCurrentEmployee() @@ -143,6 +145,7 @@ let activeRequestKey: string | undefined let activeRequestsMap: Map export async function subscribeInviteRequests (): Promise { + if (getCurrentAccount().role === AccountRole.ReadOnlyGuest) return const client = await createPulseClient() if (client === undefined) return diff --git a/plugins/love-resources/src/joinRequests.ts b/plugins/love-resources/src/joinRequests.ts index 88e77630e3d..10d0b911c60 100644 --- a/plugins/love-resources/src/joinRequests.ts +++ b/plugins/love-resources/src/joinRequests.ts @@ -13,7 +13,7 @@ // limitations under the License. // -import { type Ref } from '@hcengineering/core' +import { AccountRole, getCurrentAccount, readOnlyGuestAccountUuid, type Ref } from '@hcengineering/core' import { getCurrentEmployee, type Person } from '@hcengineering/contact' import { type PopupResult, showPopup } from '@hcengineering/ui' import { type UnsubscribeCallback } from '@hcengineering/hulypulse-client' @@ -23,6 +23,7 @@ import { type Room } from '@hcengineering/love' import { joinOrCreateMeetingByInvite } from './meetings' import JoinRequestPopup from './components/meeting/invites/JoinRequestPopup.svelte' import JoinResponsePopup from './components/meeting/invites/JoinResponsePopup.svelte' +import { getPersonByPersonRef } from '@hcengineering/contact-resources' export const joinRequestSecondsToLive = 5 const responseSecondsToLive = 2 @@ -65,6 +66,7 @@ export async function unsubscribeJoinResponses (): Promise { } export function sendJoinRequest (meetingId: string): void { + if (getCurrentAccount().role === AccountRole.ReadOnlyGuest) return closeJoinRequestPopup() requestMeetingId = meetingId requestPopup = showPopup(JoinRequestPopup, { meetingId }, undefined, undefined, undefined, { @@ -80,6 +82,7 @@ export function closeJoinRequestPopup (): void { } export async function updateJoinRequest (): Promise { + if (getCurrentAccount().role === AccountRole.ReadOnlyGuest) return const client = await createPulseClient() const currentPerson = getCurrentEmployee() @@ -135,6 +138,7 @@ let activeRequestKey: string | undefined let activeRequestsMap: Map | undefined export async function subscribeJoinRequests (meetingId: string | undefined): Promise { + if (getCurrentAccount().role === AccountRole.ReadOnlyGuest) return if (meetingId === undefined) return const client = await createPulseClient() From 3df6847ce6d6827eae86bfbe90be78d5ffe33e6b Mon Sep 17 00:00:00 2001 From: Anton Alexeyev Date: Fri, 10 Oct 2025 21:46:56 +0700 Subject: [PATCH 2/2] Fix formatting Signed-off-by: Anton Alexeyev --- plugins/love-resources/src/joinRequests.ts | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/plugins/love-resources/src/joinRequests.ts b/plugins/love-resources/src/joinRequests.ts index 10d0b911c60..b6cdc8d66b3 100644 --- a/plugins/love-resources/src/joinRequests.ts +++ b/plugins/love-resources/src/joinRequests.ts @@ -13,7 +13,7 @@ // limitations under the License. // -import { AccountRole, getCurrentAccount, readOnlyGuestAccountUuid, type Ref } from '@hcengineering/core' +import { AccountRole, getCurrentAccount, type Ref } from '@hcengineering/core' import { getCurrentEmployee, type Person } from '@hcengineering/contact' import { type PopupResult, showPopup } from '@hcengineering/ui' import { type UnsubscribeCallback } from '@hcengineering/hulypulse-client' @@ -23,7 +23,6 @@ import { type Room } from '@hcengineering/love' import { joinOrCreateMeetingByInvite } from './meetings' import JoinRequestPopup from './components/meeting/invites/JoinRequestPopup.svelte' import JoinResponsePopup from './components/meeting/invites/JoinResponsePopup.svelte' -import { getPersonByPersonRef } from '@hcengineering/contact-resources' export const joinRequestSecondsToLive = 5 const responseSecondsToLive = 2