From cb700404f3521591081a515457bca3414523d181 Mon Sep 17 00:00:00 2001
From: Ahmad Farhat <ahmad.af.farhat@gmail.com>
Date: Wed, 2 Sep 2020 13:45:29 -0400
Subject: [PATCH] Fixed bug allowing users to access their own room when they
 aren't allowed (#2054)

---
 app/controllers/rooms_controller.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/controllers/rooms_controller.rb b/app/controllers/rooms_controller.rb
index be09e6ee..3cf560e0 100644
--- a/app/controllers/rooms_controller.rb
+++ b/app/controllers/rooms_controller.rb
@@ -70,6 +70,11 @@ class RoomsController < ApplicationController
 
     # If its the current user's room
     if current_user && (@room.owned_by?(current_user) || @shared_room)
+      # If the user is trying to access their own room but is not allowed to
+      if @room.owned_by?(current_user) && !current_user.role.get_permission("can_create_rooms")
+        return redirect_to cant_create_rooms_path
+      end
+
       # User is allowed to have rooms
       @search, @order_column, @order_direction, recs =
         recordings(@room.bbb_id, params.permit(:search, :column, :direction), true)