Confusing UX around element call being partially de-labsed

[muabada]

In rooms where users lack permission to initiate Video Call or Voice Call (based on room settings if element calls is disabled), the top-right call icons correctly display a tooltip:

"You do not have permission to start video calls" (or voice calls).

However, these users are still shown the “Call back” button in chat history under missed call messages. Clicking this button allows them to bypass call restrictions and initiate calls, which contradicts the permission logic.

Impacts:

• Bypasses intended role-based access control for initiating calls.
• Causes inconsistent behavior between top navigation buttons and chat-based actions.
• Can lead to unauthorized or unexpected calls from restricted users.

Steps to Reproduce:

• Create a new room and invite one user to the room.
• Navigate to room settings > Voice & Video > Toggle App Element Calls button to disable element calls for the other users.
• Initiate a call as an admin.
• End the call and notice the call-back button on the remote side visible for the other user.
• Click on the call back button and notice that the call will get initiated, although the a lack of permission on the user side.

Actual Result:

Outcome

Expected Result:

• The “Call back” button should be hidden or disabled for users who do not have permission to start calls.

• All call initiation methods should respect the same permission rules across the UI.

#### What happened instead?
User can initiate a video or voice call via “Call back” even when call permissions are denied.

Operating system

Windows

Browser information

Version 138.0.7204.170

URL for webapp

https://app.element.io/

Application version

Element version: 1.11.108 Crypto version: Rust SDK 0.12.0 (b30f1f3), Vodozemac 0.9.0

Homeserver

matrix.org

Will you send logs?

No

[t3chguy]

This is unrelated to Element Call, as you have that option disabled and it does not support Voice calls. Element call is still in labs so that option is simply confusing here as EC is not even available on app.element.io.

The permission error you are seeing is also misguided by it thinking Element Call is enabled, that is a bug. There is no UI to forbid calls in 1:1 rooms, though this is possible via the Matrix API.

The permissions to control calls in non-1:1 rooms is in Roles & Permissions

Conference calls (pre-Element Call) use Jitsi which is a widget so follows widget permissions.

[muabada]

@t3chguy This applies to both Video and Audio calls, as you can figure out from the screenshots provided.

The issue is that while element calls are disabled and the user doesn't have permission to start an audio or video call, if the admin tried calling him/her and the call is missed or ended, he/she still having the option to Call Back although on the toltip it clealy states that they don't have permission to intiate the calls.

[t3chguy]

Keep in mind Element Call is a standalone project - https://github.com/element-hq/element-call/ - the integration of which is still under labs. This integration is what you are toggling on/off in Room Settings>Voice & Video, this is only changing the permissions for making EC calls, not Matrix specced calls.

The issue is that while element calls are disabled and the user doesn't have permission to start an audio or video call

As I said, this is a bug due to the EC code leaking out of the labs flag, this needs to be addressed or the EC integration expedited.

The calls you are showing in the timeline are "Legacy" 1:1 calls. They have nothing to do with "Element Call" the project linked before.

This is the labs flag on develop.element.io to opt into the Element Call integration, it is not enabled on app.element.io

In a room of exactly 2 participants, as in your example, legacy calls are available and there is no permission in Element to forbid those, though as I stated, it may be possible to control via the Matrix spec around the permissions for m.call.invite events.

In a room with more than 2 participants you can control calling permissions, as stated in my original response.

Without the EC labs flag enabled you should have observe (but do not due to a bug):

1. no option in Room Settings to turn Element Call on/off
2. no "You do not have permission..." tooltip on the call buttons

Both of those are caused by wrongly-gated labs code for the Element Call integration which is wrongly applying here.

[t3chguy]

With Element Call (labs) enabled you see this interaction when trying to start a video call

If the option you found in room settings was turned off then the participants do not have permission to start "Element Call" calls, doesn't affect calls other than Element Call, e.g. Jitsi, Legacy

[muabada]

This is unrelated to Element Call, as you have that option disabled and it does not support Voice calls. Element call is still in labs so that option is simply confusing here as EC is not even available on app.element.io.

The permission error you are seeing is also misguided by it thinking Element Call is enabled, that is a bug. There is no UI to forbid calls in 1:1 rooms, though this is possible via the Matrix API.

The permissions to control calls in non-1:1 rooms is in Roles & Permissions

Conference calls (pre-Element Call) use Jitsi which is a widget so follows widget permissions.

Thanks @t3chguy.

Is there a way to adjust the Modify Widget permission over config.js or somewhere else?

[t3chguy]

its a per-room setting so config.json doesn't influence it, you can disable widgets on a config-wide level, iirc its UIFeature.widget or UIFeature.voip or something. You might be able to specify on the server to set the widget permission level in all new rooms as per your liking though looks like you're using matrix.org where you won't be able to do that.

[t3chguy]

Actually, turns out you are seeing the Voice & Video settings tab because Element Call is force-enabled on app.element.io even though it is in labs. Writing a fix for the incorrect "No permissions" message on the button for legacy calls.