Open normen opened 1 year ago
I'm also struggling with this, anybody can kick everyone out and take over the room, is there a way to share the meeting URL without granting moderator rights?
You can use the URL that Jitsi itself gives you (in the meeting), that one doesn't have mod rights. But as I said, if the user knows about this they can elevate their rights by changing the URL.
it seems that the internal link to the conference grants moderator rights to users that are not even logged into NextCloud. Is this intended behavior?
Currently, this is the expected behaviour. Sharing rooms and permission management are planned for future releases. But this may still take a while.
Thanks for the answer. In the absence of actual user management it would be nice to at least use a different uuid for the Nextcloud chat URL so that one can use the actual Jitsi URL as a user URL without the danger of somebody elevating their rights by changing the URL prefix.
Hi,
it seems that the internal link to the conference grants moderator rights to users that are not even logged into NextCloud. Is this intended behavior? Given that there is no JWT token in the URL it seems that this lowers the security for moderator connections? An additional issue is that anyone knowing about this can "upgrade" their internal User link to a Moderator link..
The internal links from Jitsi yield user rights, which is what IMO the links from the Nextcloud-Jitsi plugin should do as well..?
NextCloud Link (No Token!)
https://<my-cloud.com>/apps/jitsi/rooms/XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/RoomName
-> Moderator rights (No NextCloud login needed!)Jitsi Link (No Token)
https://<my-jitsi.com>/XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
-> User rightsJitsi Link + Token
https://<my-jitsi.com>/XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX?jwt=XXXXXXXXXXXXXX..
-> Moderator rightsThanks for this plugin & the attention!
Edit: Note that I have "guest" access enabled in Jitsi via
JWT_ALLOW_EMPTY=1
andENABLE_GUESTS=1
to allow user level access.Edit2: Running on NextCloud 24, PHP-FPM Docker version