How to Add User A to Given MUC created by another User B

[mahmadmujtaba]

MongooseIM version: 6.2.1

Installed from: Official Docker

Erlang/OTP version: 25

Not able to modify User Affiliation to a MUC.
Steps to reproduce:

Create a Users A, B: (OK) as Admin User

mutation register_user {
	account {
		registerUser(
			domain: "DOMAIN"
			password: "PASSWORD"
			username: "USER-A/USER-B"
		) {
			jid
			message
		}
	}
}

Create a MUC: (OK) as User B

mutation create_room {
  muc {
    createInstantRoom(
      nick: "USERNICK",
      room: "[email protected]"
    ) {
      jid
      title
      private
      usersNumber
    }
  }
}

Update MUC properties: (OK) as User B

mutation change_room_configuration {
	muc {
		changeRoomConfiguration(
			room: "[email protected]"
			config: {
				title: "TITLE"
				description: "DESCRIPTION"
				allowChangeSubject: true
				allowQueryUsers: true
				allowPrivateMessages: true
				allowVisitorStatus: true
				allowVisitorNickchange: true
				public: true
				publicList: true
				persistent: true
				moderated: false
				membersByDefault: true
				membersOnly: false
				allowUserInvites: true
				allowMultipleSession: true
				passwordProtected: false
				password: null
				anonymous: false
				mayGetMemberList: ["member"]
				maxUsers: 30
				logging: true
			}
		) {
			title
			description
			allowChangeSubject
			allowQueryUsers
			allowPrivateMessages
			allowVisitorStatus
			allowVisitorNickchange
			public
			publicList
			persistent
			moderated
			membersByDefault
			membersOnly
			allowUserInvites
			allowMultipleSession
			passwordProtected
			password
			anonymous
			mayGetMemberList
			maxUsers
			logging
		}
	}
}

Add User A to MUC with Affiliation as MEMBER: (NOT WORKING)

# called from GraphiQL with auth of User B within Request params (DOES NOT WORK)
# called from GraphiQL with auth of Admin within Request params (DOES NOT WORK)
mutation muc {
  muc {
    setUserAffiliation(
      affiliation: MEMBER,
      room: "[email protected]",
      user: "user-a@localhost"
    )
  }
}

Error details:

{
  "errors": [
    {
      "path": [
        "muc",
        "setUserAffiliation"
      ],
      "message": "Given user does not have permission to set the member affiliation",
      "extensions": {
        "room": "[email protected]",
        "code": "not_allowed"
      }
    }
  ],
  "data": {
    "muc": {
      "setUserAffiliation": null
    }
  }
}

[JanuszJakubiec]

Hi,
I've followed the steps you provided, but was unable to reproduce the error you're encountering. Everything seems to be working correctly on my end. Could you please share your configuration, so I can investigate further?

[mahmadmujtaba]

Thanks @JanuszJakubiec for reading onto the issue. We still have the issue, please have a look on TOML config.

[general]
  loglevel = "notice"
  hosts = ["localhost", "mongooseim-1"]
  host_types = ["game"]
  default_server_domain = "localhost"
  registration_timeout = "infinity"
  language = "en"
  max_fsm_queue = 1000
  rdbms_server_type = "pgsql"
  sm_backend = "mnesia"
  s2s_backend = "mnesia"
  component_backend = "mnesia"

[[listen.http]]
  port = 5280
  transport.num_acceptors = 10
  transport.max_connections = 1024

  [[listen.http.handlers.mod_bosh]]
    host = "_"
    path = "/http-bind"

  [[listen.http.handlers.mod_websockets]]
    host = "_"
    path = "/ws-xmpp"

[[listen.http]]
  ip_address = "0.0.0.0"
  port = 8088
  transport.num_acceptors = 10
  transport.max_connections = 1024

  [[listen.http.handlers.mongoose_admin_api]]
    host = "_"
    path = "/api"
    username = "admin"
    password = "secret"

[[listen.http]]
  port = 8089
  transport.num_acceptors = 10
  transport.max_connections = 1024
  protocol.compress = true
  tls.verify_mode = "none"
  tls.certfile = "priv/ssl/fake_cert.pem"
  tls.keyfile = "priv/ssl/fake_key.pem"
  tls.password = ""

  [[listen.http.handlers.mongoose_client_api]]
    host = "_"
    path = "/api"

[[listen.http]]
  ip_address = "0.0.0.0"
  port = 5551
  transport.num_acceptors = 10
  transport.max_connections = 1024

  [[listen.http.handlers.mongoose_graphql_handler]]
    host = "_"
    path = "/api/graphql"
    schema_endpoint = "admin"
    username = "admin"
    password = "secret"

[[listen.http]]
  ip_address = "0.0.0.0"
  port = 5541
  transport.num_acceptors = 10
  transport.max_connections = 1024

  [[listen.http.handlers.mongoose_graphql_handler]]
    host = "_"
    path = "/api/graphql"
    schema_endpoint = "domain_admin"

[[listen.http]]
  ip_address = "0.0.0.0"
  port = 5561
  transport.num_acceptors = 10
  transport.max_connections = 1024

  [[listen.http.handlers.mongoose_graphql_handler]]
    host = "_"
    path = "/api/graphql"
    schema_endpoint = "user"

[[listen.c2s]]
  port = 5222
  access = "c2s"
  shaper = "c2s_shaper"
  max_stanza_size = 65536
  tls.verify_mode = "none"
  tls.certfile = "priv/ssl/fake_server.pem"

[[listen.s2s]]
  port = 5269
  shaper = "s2s_shaper"
  max_stanza_size = 131072

[[listen.service]]
  port = 8888
  access = "all"
  shaper_rule = "fast"
  ip_address = "127.0.0.1"
  password = "secret"

[auth]
  methods = ["rdbms", "internal"]
  max_users_per_domain = "infinity"

  password.format = 'scram'
  password.hash = ["sha512"]
  password.scram_iterations = 20000

  [auth.rdbms]
    users_number_estimate = true
  
  [auth.internal]

[internal_databases.mnesia]

[outgoing_pools.rdbms.default]
 scope = "global"
 workers = 5

 [outgoing_pools.rdbms.default.connection]
   driver = "pgsql"
   host = "postgresql"
   database = "mongooseimdb"
   username = "mongooseim"
   password = "mongooseim1234"
   tls.verify_mode = "none"
   tls.required = true
  #  tls.cacertfile = "priv/ssl/cacert.pem"
  #  tls.server_name_indication.enabled = false

[services.service_mongoose_system_metrics]
  report = true
  initial_report = 300_000
  periodic_report = 108_000_000
  tracking_id.id = "g-123456789"
  tracking_id.secret = "secret"

[services.service_domain_db]
  db_pool = "global"
  event_cleaning_interval = 1800
  event_max_age = 7200

[modules.mod_adhoc]

[modules.mod_csi]

[modules.mod_disco]
  users_can_see_hidden_services = false

[modules.mod_stream_management]

[modules.mod_register]
  ip_access = [
    {address = "127.0.0.0/8", policy = "allow"},
    {address = "0.0.0.0/0", policy = "deny"}
  ]
  access = "register"

[modules.mod_presence]

[modules.mod_sic]

[modules.mod_vcard]
  host = "vjud.@HOST@"
  backend = "rdbms"

[modules.mod_private]
  backend = "rdbms"

[modules.mod_last]
  backend = "rdbms"

[modules.mod_bosh]
  inactivity = 20
  max_wait = "infinity"
  server_acks = true
  max_pause = 120

[modules.mod_carboncopy]

[modules.mod_roster]
  versioning = true
  store_current_id = true
  iqdisc.type = "one_queue"
  backend = "rdbms"

[modules.mod_mam]
  backend = "rdbms"
  no_stanzaid_element = true
  is_archivable_message = "mod_mam_utils"
  send_message = "mod_mam_utils"
  archive_chat_markers = true
  message_retraction = true
  pm.backend = "rdbms"
  muc.backend = "rdbms"
  muc.host = "group.@HOST@"
  user_prefs_store = "mnesia"
  full_text_search = false

[modules.mod_muc]
  host = "group.@HOST@"
  backend = "rdbms"
  online_backend = "mnesia"
  access = "all"
  access_create = "all"
  access_admin = "all"
  access_persistent = "all"
  history_size = 30
  room_shaper = "muc_room_shaper"
  max_room_id = 30
  max_room_name = 30
  max_room_desc = 140
  min_message_interval = 1
  min_presence_interval = 1
  max_users = 100
  max_users_admin_threshold = 10
  user_message_shaper = "muc_user_msg_shaper"
  user_presence_shaper = "muc_user_presence_shaper"
  max_user_conferences = 5
  http_auth_pool = "none" # todo: setup external or internal auth for rooms.
  load_permanent_rooms_at_startup = true
  hibernate_timeout = 60000
  hibernated_room_check_interval = 120000
  hibernated_room_timeout = 120000

  default_room.title = "Default Room"
  default_room.description = "Default room for user alice."
  default_room.allow_change_subj = true
  default_room.allow_query_users = true
  default_room.allow_private_messages = true
  default_room.allow_visitor_status = true
  default_room.allow_visitor_nickchange = true
  default_room.public = true
  default_room.public_list = true
  default_room.persistent = true
  default_room.moderated = false
  default_room.members_by_default = true
  default_room.members_only = false
  default_room.allow_user_invites = true
  default_room.allow_multiple_sessions = true
  default_room.password_protected = true
  default_room.password = "secret"
  default_room.anonymous = false
  default_room.max_users = 200
  default_room.logging = true
  default_room.maygetmemberlist = ["moderator"]
  default_room.subject = "New Subject"
  default_room.subject_author = "MongooseIM Admin"

  # [[modules.mod_muc.default_room.affiliations]]
  #   user = "alice"
  #   server = "localhost"
  #   resource = ""
  #   affiliation = "owner"

[shaper.normal]
  max_rate = 1000

[shaper.fast]
  max_rate = 50_000

[shaper.mam_shaper]
  max_rate = 1

[shaper.mam_global_shaper]
  max_rate = 1000

[acl]
  local = [{}]

[access]
  max_user_sessions = [
    {acl = "all", value = 10}
  ]

  max_user_offline_messages = [
    {acl = "admin", value = 5000},
    {acl = "all", value = 100}
  ]

  local = [
    {acl = "local", value = "allow"}
  ]

  c2s = [
    {acl = "blocked", value = "deny"},
    {acl = "all", value = "allow"}
  ]

  c2s_shaper = [
    {acl = "admin", value = "none"},
    {acl = "all", value = "normal"}
  ]

  s2s_shaper = [
    {acl = "all", value = "fast"}
  ]

  muc_admin = [
    {acl = "admin", value = "allow"}
  ]

  muc_create = [
    {acl = "local", value = "allow"}
  ]

  muc = [
    {acl = "all", value = "allow"}
  ]

  register = [
    {acl = "all", value = "allow"}
  ]

  mam_set_prefs = [
    {acl = "all", value = "default"}
  ]

  mam_get_prefs = [
    {acl = "all", value = "default"}
  ]

  mam_lookup_messages = [
    {acl = "all", value = "default"}
  ]

  mam_set_prefs_shaper = [
    {acl = "all", value = "mam_shaper"}
  ]

  mam_get_prefs_shaper = [
    {acl = "all", value = "mam_shaper"}
  ]

  mam_lookup_messages_shaper = [
    {acl = "all", value = "mam_shaper"}
  ]

  mam_set_prefs_global_shaper = [
    {acl = "all", value = "mam_global_shaper"}
  ]

  mam_get_prefs_global_shaper = [
    {acl = "all", value = "mam_global_shaper"}
  ]

  mam_lookup_messages_global_shaper = [
    {acl = "all", value = "mam_global_shaper"}
  ]

[s2s]
  use_starttls = "optional"
  certfile = "priv/ssl/fake_server.pem"
  default_policy = "deny"
  outgoing.port = 5269

#[[host_config]]
#  host = "anonymous.localhost"
#
#  [host_config.auth.anonymous]
#    allow_multiple_connections = true
#    protocol = "both"

[JanuszJakubiec]

Hi, after investigating, we found that the error only occurs when the access_admin option is set to "all." This appears to be a bug, and we'll add it to our backlog. When the option is not set, everything works properly.

[mahmadmujtaba]

Thank you. @JanuszJakubiec For now, we will keep using default as per docs.