From 16ed5131c43b11fd9080a643c6d7c782710402f7 Mon Sep 17 00:00:00 2001
From: Jose Olarte III <jose.anomalist.design@gmail.com>
Date: Fri, 24 Oct 2025 15:23:39 +0800
Subject: [PATCH] feat: restrict dialog access based on user roles

- AdmitPendingMembersDialog now only triggers for meeting organizers
- SetBulkVisibilityDialog now only triggers for members who can see other members
- Removes overly restrictive admission status check for visibility dialog
- Ensures proper role-based access control for meeting management features
---
 src/components/MembersList.vue | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/components/MembersList.vue b/src/components/MembersList.vue
index 9b082312..65170a2e 100644
--- a/src/components/MembersList.vue
+++ b/src/components/MembersList.vue
@@ -549,6 +549,16 @@ export default class MembersList extends Vue {
    * - This is a manual refresh (isManualRefresh flag is set)
    */
   shouldShowVisibilityDialog(): boolean {
+    // Only show for members who can see other members (i.e., they are in the decrypted members list)
+    const currentUserMember = this.decryptedMembers.find(
+      (member) => member.did === this.activeDid,
+    );
+
+    // If the current user is not in the decrypted members list, they can't see anyone
+    if (!currentUserMember) {
+      return false;
+    }
+
     const currentMembers = this.getMembersForVisibility();
 
     if (currentMembers.length === 0) {
@@ -595,6 +605,11 @@ export default class MembersList extends Vue {
       return false;
     }
 
+    // Only show for the organizer of the meeting
+    if (!this.isOrganizer) {
+      return false;
+    }
+
     const pendingMembers = this.getPendingMembers();
     return pendingMembers.length > 0;
   }