Skip to content

fix(federation): Handle permission mismatches for reaction permissions#16948

Open
luflow wants to merge 1 commit intomainfrom
fix/federation-reaction-permissions
Open

fix(federation): Handle permission mismatches for reaction permissions#16948
luflow wants to merge 1 commit intomainfrom
fix/federation-reaction-permissions

Conversation

@luflow
Copy link
Contributor

@luflow luflow commented Jan 31, 2026

Summary

This PR fixes issues when federated instances are at different versions and have different permission bits (e.g., one instance has the new REACT permission from the migration, while the other doesn't yet).

Problem

When the reaction permission feature is deployed across federated Nextcloud instances at different version levels:

  1. Your instance (v34) updates before host (v33): Local permissions include PERMISSIONS_REACT due to migration, but host doesn't understand it. The middleware permission check fails locally even though the host would accept the request.

  2. Host updates after you: The host's migration adds REACT permission to federated attendees, but the remote participant's local copy doesn't get updated (migrations don't trigger federation notifications).

  3. Host updates before you: Your migration might accidentally grant REACT permission that a moderator had intentionally restricted.

Solution

  • Skip local permission checks for federated conversations: Since requests are proxied to the host server anyway, the host validates permissions authoritatively. This prevents false negatives from version mismatches.

  • Add permission healing on federated room join: When a user joins a federated room, sync local permissions with the host's authoritative permissions. This ensures permissions stay in sync across version differences.

Test plan

  • User on v34 instance can react in federated conversation hosted on v33 instance
  • User on v33 instance can react in federated conversation hosted on v34 instance
  • Permissions are synced when joining a federated room after either instance upgrades
  • Moderator permission restrictions are respected after both instances upgrade

Fixes: #16902

@luflow
fix(federation): Handle permission mismatches for reaction permissions
18dfa71 
This fixes issues when federated instances are at different versions and have
different permission bits (e.g., one has REACT permission from migration, other
doesn't yet).

Changes:
- Skip local permission checks for federated conversations in middleware, as
  the host server will validate permissions authoritatively when the request
  is proxied
- Add permission healing on federated room join: sync local permissions with
  host's authoritative permissions to handle version mismatches

Fixes: #16902
Signed-off-by: Florian Ludwig <florian.ludwig@uninow.de>
@luflow luflow force-pushed the fix/federation-reaction-permissions branch from e1c9316 to 18dfa71 Compare January 31, 2026 16:06
@luflow luflow requested a review from nickvergessen February 1, 2026 09:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

bug feature: api ๐Ÿ› ๏ธ OCS API for conversations, chats and participants feature: federation ๐ŸŒ

Projects

None yet

Milestone

๐Ÿ–๏ธ Next Major (34)

Development

Successfully merging this pull request may close these issues.

Add federation handling for new reaction permission

2 participants

@luflow @nickvergessen