diff --git a/CHANGELOG.md b/CHANGELOG.md index 5b16ceb2..181a3125 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,7 @@ and this project adheres to ### Fixed - 🔒️(backend) fix email disclosure in room invitation endpoint #1200 +- 🐛(backend) fix regression in update-participant endpoint #1204 ## [1.12.0] - 2026-03-24 diff --git a/src/backend/core/api/serializers.py b/src/backend/core/api/serializers.py index aaedd743..f7db2125 100644 --- a/src/backend/core/api/serializers.py +++ b/src/backend/core/api/serializers.py @@ -303,6 +303,9 @@ class MuteParticipantSerializer(BaseParticipantsManagementSerializer): ) +TrackSource = Literal["SCREEN_SHARE", "SCREEN_SHARE_AUDIO", "CAMERA", "MICROPHONE"] + + class ParticipantPermission(BaseModel): """Mirror the LiveKit ParticipantPermission protobuf. @@ -313,9 +316,7 @@ class ParticipantPermission(BaseModel): can_subscribe: bool | None = None can_publish: bool | None = None can_publish_data: bool | None = None - can_publish_sources: list[int] = Field( - default_factory=list - ) # TrackSource enum values + can_publish_sources: list[TrackSource] = Field(default_factory=list) hidden: bool | None = None recorder: bool | None = None can_update_metadata: bool | None = None @@ -366,14 +367,6 @@ class UpdateParticipantSerializer(BaseParticipantsManagementSerializer): f"Setting the following participant permissions is not allowed: " f"{', '.join(suspicious_fields)}." ) - if permission.can_subscribe_metrics is not None: - raise serializers.ValidationError( - { - "permission": { - "can_subscribe_metrics": "This permission is not implemented." - } - } - ) return permission diff --git a/src/backend/core/tests/rooms/test_api_rooms_participants_management.py b/src/backend/core/tests/rooms/test_api_rooms_participants_management.py index 6d51f17d..f6a67da5 100644 --- a/src/backend/core/tests/rooms/test_api_rooms_participants_management.py +++ b/src/backend/core/tests/rooms/test_api_rooms_participants_management.py @@ -130,10 +130,11 @@ def test_update_participant_success(mock_livekit_client): "can_publish": True, "can_publish_data": True, "can_publish_sources": [ - 1, - 2, - ], # [TrackSource.CAMERA, TrackSource.MICROPHONE] + "CAMERA", + "MICROPHONE", + ], "can_update_metadata": True, + "can_subscribe_metrics": True, }, "name": "John Doe", } @@ -155,8 +156,14 @@ def test_update_participant_success(mock_livekit_client): {"can_subscribe": True}, {"can_publish": True}, {"can_publish_data": True}, - {"can_publish_sources": [1, 2]}, + { + "can_publish_sources": [ + "CAMERA", + "MICROPHONE", + ] + }, {"can_update_metadata": True}, + {"can_subscribe_metrics": False}, ], ) def test_update_participant_permission_fields_are_optional( @@ -264,35 +271,6 @@ def test_update_participant_suspicious_permission_multiple(mock_suspicious): ) -@pytest.mark.parametrize("value", (False, True)) -def test_update_participant_unimplemented_can_subscribe_metrics(value): - """Test update participant raises 400 when can_subscribe_metrics is set.""" - client = APIClient() - room = RoomFactory() - user = UserFactory() - UserResourceAccessFactory( - resource=room, user=user, role=random.choice(["administrator", "owner"]) - ) - client.force_authenticate(user=user) - - payload = { - "participant_identity": str(uuid4()), - "permission": { - "can_subscribe": True, - "can_publish": True, - "can_publish_data": True, - "can_update_metadata": False, - "can_subscribe_metrics": value, - }, - } - - url = reverse("rooms-update-participant", kwargs={"pk": room.id}) - response = client.post(url, payload, format="json") - - assert response.status_code == status.HTTP_400_BAD_REQUEST - assert "can_subscribe_metrics" in str(response.data) - - def test_update_participant_forbidden_without_access(): """Test update participant returns 403 when user lacks room privileges.""" client = APIClient()