✨(backend,frontend) add configurable recording permissions#794
✨(backend,frontend) add configurable recording permissions#794gigi206 wants to merge 2 commits intosuitenumerique:mainfrom
Conversation
gigi206
force-pushed
the
feat/recording-permissions
branch
2 times, most recently
from
482dfee to
2d84953
Compare
|
|
Hi team 👋 Friendly bump on this PR — it's been open for about two months now without any review. Quick recap:
The branch is up to date and ready to review. I'd appreciate any feedback or guidance on what might be needed to move this forward. |
|
Hi @gigi206 👋 Thanks for the PR and the detailed recap! I’ve quickly reviewed it, it does add a bit of complexity, and doesn't seem aligned with the product’s direction and potential benefits. That said, I’d personally lean towards shipping the room with multiple admin/owner roles rather than loosening permissions around features that are critical for data retention and consent. In other words, I’d prefer to give the owner the ability to add more owners/admins rather than allowing anyone to perform these actions (I know my phrasing is a bit caricatural 😅). Happy to discuss further if needed! P.S.: Our both teams should align before working on PR or a feature to make sure we don't lose time on both sides. Join Matrix, let's chat |
|
Hi, I think giving "admin rights" to other people is an interesting feature, but this is not the exact same use case. In a company, it happens a lot of time that a person create a meeting, cannot attend for any reason, so someone else leads the meeting. In this case, it might be ok to give rights to someone else. But now, let's think of hundreds of meetings created by a secretary for a member of the direction. You need to go on each meeting and give rights ? This is a huge loss of time. Having this kind of parameter that companies can activate or not depending on their usecase and ONLY for logged in users (so people from the company) seems to be perfectly fine in the product without adding too much complexity (well, we could create user roles, and some roles could have access to all meeting et cetera, but I think it adds way more complexity to maintain). Please reconsider accepting the feature, this is a real need for us and it is probably for all the structures. Thanks |
|
If a secretary generates a meeting link on behalf of someone else, they should grant admin rights to that person when creating the link. We have ongoing works refactoring the home page. In some deployments, authenticated users are not necessarily part of the same company. Since we do not yet support multi-tenant deployments, we cannot reliably assume that all logged-in users belong to the same organization. Because of that limitation, automatically enabling recording (or broader permissions) for all users from the same company is not currently something we can properly support. But that something we totally want to support. That said, I could review and merge your proposal as a temporary or custom solution for your use case, until we implement a more advanced and properly designed feature. Thanks. |
|
@gigi206 CI is failing |
gigi206
force-pushed
the
feat/recording-permissions
branch
2 times, most recently
from
f14f087 to
1e52555
Compare
|
@lebaudantoine All CI checks are now passing. |
gigi206
force-pushed
the
feat/recording-permissions
branch
from
6248dc1 to
0312971
Compare
gigi206
force-pushed
the
feat/recording-permissions
branch
from
0312971 to
2539fe0
Compare
Add two new environment variables to control who can start/stop recordings: - RECORDING_SCREEN_PERMISSION: controls screen recording access - RECORDING_TRANSCRIPT_PERMISSION: controls transcript access Each variable accepts two values: - admin_owner (default): only room administrators or owners - authenticated: any authenticated user Shared permission logic is extracted into a useRecordingPermission hook consumed by both useHasRecordingAccess and useHasFeatureWithoutAdminRights. Includes backend permissions, frontend UI logic, tests, and documentation.
gigi206
force-pushed
the
feat/recording-permissions
branch
from
2539fe0 to
642051d
Compare
…el controls Allow room admins to override global recording permissions (screen recording and transcription) on a per-room basis via the admin panel. Non-admin users see the effective permission through a read-only recording_permissions field. Adds RecordingPermissionField component in admin panel, notification system for permission changes, input validation via serializer, and i18n support (en, fr, de, nl).
gigi206
force-pushed
the
feat/recording-permissions
branch
from
642051d to
557e683
Compare
|
|
This PR has been rebased on upstream/main to resolve merge conflicts. The SonarCloud analysis seems to be based on a stale version of the code. The duplicated JSX pattern (RACSeparator + H + Text) reported in Admin.tsx has been refactored into a shared AdminSection component in the latest push (557e683). |
Design spec for a lightweight recording delegation system as an alternative approach to PR #794's global permission model. Instead of opening recording rights to all authenticated users, this proposes granular per-user delegation with request/approve flow and auto-approval when no admin is present.
3 participants
Summary
RECORDING_SCREEN_PERMISSIONandRECORDING_TRANSCRIPT_PERMISSIONto control who can start/stop recordingsadmin_owner(default, current behavior) andauthenticated(any logged-in user)Changes
Backend:
RECORDING_SCREEN_PERMISSIONandRECORDING_TRANSCRIPT_PERMISSIONsettings insettings.pyHasRecordingPermissionpermission class replacingHasPrivilegesOnRoomon recording endpointsrecording_permissionsconfiguration with input validationrecording_permissionsfield in room API response (falls back to global settings)Frontend:
RecordingPermissionenum and shareduseRecordingPermissionhookuseHasRecordingAccessanduseHasFeatureWithoutAdminRightsrefactored as thin wrappersRecordingPermissionFieldradio groupsRecordingPermissionsChangednotification to sync permission changes across participantsConfiguration:
recording.mdandkubernetes.md