feat(permissions): Split chat and reaction permissions

[luflow]

☑️ Resolves

• Fix Split "can post messages and reaction permissions" #11329

Summary

This PR separates the combined "chat" permission into two distinct permissions:

• PERMISSIONS_CHAT (128): For posting messages
• PERMISSIONS_REACT (256): For adding/removing reactions

This allows admins to create "announcement channels" where only moderators can post messages, but all users can still react to those messages.

Backend Changes

• Added PERMISSIONS_REACT = 256 constant to Attendee model
• Added REACT permission attribute in RequirePermission
• Added REACT permission check in InjectionMiddleware
• Updated ReactionController to use REACT permission instead of CHAT
• Added database migration to grant REACT permission to all users who have CHAT permission
• Fixed hardcoded 255 validation in RoomService to use PERMISSIONS_MAX_CUSTOM

Frontend Changes

• Added REACT: 256 constant to constants.ts
• Updated MAX_DEFAULT to 510 and MAX_CUSTOM to 511
• Split PermissionsEditor checkbox "Can post messages and reactions" into two separate checkboxes:
  • "Can post messages" (CHAT)
  • "Can add reactions" (REACT)
• Updated MessageItem.vue to check REACT permission for canReact

Migration Strategy

The migration ensures backward compatibility:

• All existing records with CHAT (128) permission automatically get REACT (256) added
• Old clients continue to work because they ignore unknown permission bits
• No frontend fallbacks needed - the UI will work correctly after data migration

🖌️ UI Checklist

🖼️ Screenshots / Screencasts

🏚️ Before	🏡 After

🚧 Tasks

• Frontend constants updated
• Frontend UI split into two checkboxes

🏁 Checklist

• 🌏 Tested with different browsers / clients:
  • Chromium (Chrome / Edge / Opera / Brave)
  • Firefox
  • Safari
  • Talk Desktop
  • Integrations with Files sidebar and other apps
  • Not risky to browser differences / client
• 🖌️ Design was reviewed, approved or inspired by the design team
• ⛑️ Tests are included or not possible
• 📗 User documentation in https://github.com/nextcloud/documentation/tree/master/user_manual/talk has been updated or is not required

---

🛠️ API Checklist

🚧 Tasks

• Backend permission constant added
• Backend permission check implemented
• New permission constant PERMISSIONS_REACT = 256 added
• Migration preserves backward compatibility
• Database migration for existing data
• Integration tests updated

🏁 Checklist

• ⛑️ Tests (unit and/or integration) are included or not possible
• 📘 API documentation in docs/ has been updated or is not required
• 🔖 Capability is added or not needed

[nickvergessen]

Thanks a lot, looks pretty good.

[nickvergessen]

The sharing tests are unrelated and on my todo

[luflow]

We should add an entry to the capabilities, so clients know when to show the new permission and send it to the backend, as well as which permission should be checked when showing the reactions action.

@nickvergessen I was already wondering how we handle this breaking change - capabilities is a good solution for that :) was already tinkering with version numbers… which felt wrong.

what name would you suggest? Something like „react-permission“?

Will create/edit PRs in Android, iOS, desktop clients accordingly.

[nickvergessen]

what name would you suggest? Something like „react-permission“?

Sounds good

Will create/edit PRs in Android, iOS, desktop clients accordingly.

If you can that's cool, otherwise we raise an issue on the platform.
Desktop is not needed, as it reuses the web frontend from this repo's src/ folder

[nickvergessen]

• features/federation/permissions.feature:14 seems to have an error when testing against 32
• But we can ignore this for now, I will try to find a way to solve this.

[luflow]

@Antreesy found the error - don't know why it worked before in my tests, but the annotations and openai yamls were still having the old limits, thats why the middleware threw a 400 error

Not it works flawlessly. I also fixed the already existing bug that the action menu (send later, etc) and voice button were not disabled when permission "chat" was not given. Now the whole buttons and input row is correctly disabled.

The "react only" also works without issues :)

If there is already a reaction though and you click without permission on the button, the warning "reactions are not permitted" is still shown. I think thats ok? Otherwise we have to make the reactions there also "read only" - I think though its a good ux to have feedback there, when you are normally used to be able to react. Then its actionable for you "aaah, I dont have permission here, good to know"

[Antreesy]

Otherwise good from my side!

[nickvergessen]

Fine for now, but we need a follow up.

---

Follow up:

• Permission check in middleware does not account for federation
• Your instance is 34 but the host is 33
  • On update of your instance your permissions expend to add reaction permission
  • If the host changes your permission still on 33, it does not know reaction permission and will make you set your permissiions without reaction
  • Options:
    • 🐌 check in middleware if the server knows the permission via capability (very bad performance wise)
    • Do math when getting permissions update and check capabilities there (still not good, but less often)
    • Add the list of known permissions (max_custom number would be enough) to the request, so the instance can judge from there if it contains all numbers or needs to do some healing
• Host updates from 33 to 34 after you
  • We should let instances know that the users permissions got modified, but doing that in the migration might not work:
    • Server could be "not reachable" so requests could fail, etc
    • Sending many requests during the update is also not good
    • Next join of the participant should be good enough (we just need to make sure to track and notice the changed permission and store it locally?)
• Host updates from 33 to 34 before you
  • Currently the migration would simply change your permissions to now include the reaction permission
  • But what if the moderator took that away from you already?
  • Same as above we can/should heal the permissions when joining the room, that is most likely the most important moment and good enough

[nickvergessen]

Can you add @skip33 to the test for now, similarly

spreed/tests/integration/features/federation/chat.feature

Line 560 in 5766393

@skip32

That should allow CI to pass in the federation case against an older version for now.

[luflow]

done

[luflow]

@nickvergessen open-api regenerate did not run correctly locally, now fixed! Also eslint was failing because of this. I hope now the important things are green ^^

[nickvergessen]

I added you to our org and would create a guest account for you on our instance to improve the communication options. If you don't mind, send me the email address we should invite to <my github username>@nextcloud.com

[luflow]

I added you to our org and would create a guest account for you on our instance to improve the communication options. If you don't mind, send me the email address we should invite to <my github username>@nextcloud.com

Sounds good :) Done.

[nickvergessen]

I sent an invite, in case you didnt get the email, simply try a password reset on cloud.nextcloud.com with the email you sent me

[nickvergessen]

Follow up moved to #16902

[luflow]

Work continues in #16920