How can a moderator mute (unpublish) the audio for another user (who is a publisher), and for this user to be muted to all other users.
I’ve managed to session.forceUnpublish(); using the stream object for the particular user, but unpublishing the audio only I can’t find examples of.
Just by chance, how do you handle permissions in your apps? Say I’m a moderator and I do manage to unpublish the audio for a particular publisher, how do you prevent that user from re-publishing their audio to everyone? I have a control for the session user to publish and unpublish their audio, but I don’t want an unpublish action by the moderator to be overridden. Is there anything in Openvidu, or do you need to manage this in your own serverside code?
I managed to set up a system through session.signal to run the publisher.publishAudio(audioEnabled); on the specific publisher, and I’m guessing I can disable the click events they usually use to re-enable audio and video.
Not sure it’s the right way, but it works (for now)
Sure, it is a way of doing it. It is not “perfect”, as a client with some JavaScript hacking abilities could technically still call the method to re-enable their audio. Because the only role-protected operations in OpenVidu Server side are the ones defined by user roles (see them in openvidu-node-client API reference).
But still is a good enough solution for most cases.
Regards
Are you saying that there’s nothing I can do to make sure that a publisher can’t reactivate their audio?
Not sure if you’re saying that my approach is the best option I have, albeit circumventable, or if you’re saying there’s another option that does prevent users from overriding moderator actions.
You will always have to adapt your users interfaces to allow them do whatever they are supposed to be able to do. So: if a user must be able to unmute his audio, an unmute button should show up. If it is not, then no button should be available for him to click on. That’s the way you “secure” this kind of operations.
When I say there’s no way right now to be 100% sure someone non-authorized unmutes their audio when they are not supposed to, I mean that an advanced user with JS knowledge could aways “hack” you frontend code in the browser’s console to force the audio. But that is not really a concern in most use cases.
OpenVidu only provides secure operations (those which even a JS hacker couldn’t overcome) for the ones defined in user roles. Those are the operations with the gratest impact. So: you can make sure a user cannot publish audio to a session, but if you allow a user publish audio to a session, there’s no role to tell the user when he can or cannot mute or unmute his audio, IYKWIM.
Thank you. That’s clear. That was my approach- to disable/remove buttons that trigger js functions that I don’t want a user having access to.
And it is good enough for my use case.