From 91742a720765f618c8d28672f5f65d9b10a648b4 Mon Sep 17 00:00:00 2001 From: Robert Adam Date: Mon, 13 Jan 2025 14:01:20 +0100 Subject: [PATCH] CHANGE(server): Extended user stats now requires Ban ACL Previously, the Register ACL was required to get extended user statistics (which includes used Mumble version, IP address etc.). However, the Register ACL was deemed to be a rather arbitrary choice for this. Instead, the Ban ACL was chosen as access to information such as packet loss, IP address and used Mumble version and OS seem much more relevant in the case of banning clients than it is for registering them. Also, Ban permission is likely to be a better proxy for whether or not someone is a moderator/admin on a given server than Register privilege. Fixes #6697 (cherry picked from commit 19950b2628941b081d2c3460c3077057dbd2876d) --- src/murmur/Messages.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/murmur/Messages.cpp b/src/murmur/Messages.cpp index 718bbeb3db..bd5b26932d 100644 --- a/src/murmur/Messages.cpp +++ b/src/murmur/Messages.cpp @@ -2251,7 +2251,7 @@ void Server::msgUserStats(ServerUser *uSource, MumbleProto::UserStats &msg) { const BandwidthRecord &bwr = pDstServerUser->bwr; const QList< QSslCertificate > &certs = pDstServerUser->peerCertificateChain(); - bool extend = (uSource == pDstServerUser) || hasPermission(uSource, qhChannels.value(0), ChanACL::Register); + bool extend = (uSource == pDstServerUser) || hasPermission(uSource, qhChannels.value(0), ChanACL::Ban); if (!extend && !hasPermission(uSource, pDstServerUser->cChannel, ChanACL::Enter)) { PERM_DENIED(uSource, pDstServerUser->cChannel, ChanACL::Enter);