A lot of small issues on the backend arose while finalizing the frontend VMR feature.
Proposal
Refactor room accesses to RBAC and open a specific API endpoint. The API endpoints for room accesses were nested under the room endpoint which lead to access control issues and was unnecessarily complicated. We take the opportunity to switch to RBAC so we can differentiate owners from administrators and from simple members of a room.
Hide Jitsi configuration for non admin users. It includes the conference password when it is set so only administrators should be allowed to see it.
On the user API endpoint, allow searching users with case insensitive username/email
Add "distinct" clause to the room API list endpoint query to avoid duplicates
Allow administrators to modify the public status of a room
Purpose
A lot of small issues on the backend arose while finalizing the frontend VMR feature.
Proposal