OF-1392 Add "No one can create a chat room"

[MilanTyagi2004]

Summary

Currently, room creation permissions support only two policies:

• Anyone can create a chat room.
• Only specific users/groups can create a chat room.

To completely prevent room creation, administrators must select the specific users/groups option and add a placeholder account (for example, an admin user) to the allowed list. This workaround is unintuitive and requires unnecessary configuration.

This PR introduces a third policy:

No one can create a chat room

This allows room creation to be completely disabled for regular users without requiring dummy users or groups. System administrators continue to bypass these restrictions and can always create rooms.

Changes

Internationalization

• Added the muc.create.permission.no_one_created translation key to openfire_i18n.properties.

UI & Backend Logic

Updated muc-create-permission.jsp to support three room creation policies:

• anyone
• specific
• none

Additional changes:

• Added a new radio button option: "No one can create a chat room."

• Updated permission handling to support the new none state.

• Updated page initialization logic to correctly reflect the selected policy when loading the page.

• Added dynamic visibility handling for the Allowed Users/Groups section:

  • Hidden when anyone is selected.
  • Hidden when none is selected.
  • Displayed when specific is selected.

• Updated audit log messages to accurately describe policy changes for all supported modes.

Verification

UI Verification

• Navigated to Group Chat → Room Creation Permissions.
• Verified that the new "No one can create a chat room" option is displayed.
• Verified that selecting "No one can create a chat room" hides the Allowed Users/Groups section.
• Verified that selecting "Only specific users/groups..." immediately displays the Allowed Users/Groups section.
• Verified that the correct state is restored after saving and reloading the page.

Functional Verification

• Verified that users without administrative privileges cannot create chat rooms when the "No one can create a chat room" policy is active.
• Verified that room creation remains restricted to configured users/groups when the "Only specific users/groups..." policy is active.
• Verified that system administrators can still create chat rooms regardless of the selected policy.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR converts the MUC room creation permission model from a boolean to a tri-state string representation (anyone, specific, none). The request parameter openPerms now reads raw string values. Server-side save logic branches on these three states to clear per-user creators, set room creation restricted/unrestricted, and toggle the “all registered users” allowance via mucService, logging and redirecting on success or recording an error for unexpected values. The UI radios now submit anyone/specific/none, and the allowed-users section is shown only when creation is restricted and there are explicit allowed users or all-registered-users is enabled. An i18n key muc.create.permission.no_one_created was added.

Possibly related PRs

• igniterealtime/Openfire#3239: Directly overlaps with this PR's tri-state permission handling and allowAllRegisteredUsers control in the same muc-create-permission.jsp save-flow and permission-radio UI behavior.

Suggested reviewers

• guusdk
• Fishbowler

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The PR description clearly explains the new 'No one can create a chat room' feature, the rationale, implementation details, and verification steps.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

xmppserver/src/main/webapp/muc-create-permission.jsp (1)

75-107: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Missing fallback when openPerms has an unexpected value.

If save is true but openPerms is null, empty, or an unrecognized value (e.g., from a tampered request), no branch matches and the save silently completes without any action or error feedback. Consider adding a fallback or error handling:

Proposed fix

         else if ("specific".equals(openPerms)) {
             mucService.setRoomCreationRestricted(true);
             mucService.setAllRegisteredUsersAllowedToCreate(allowAllRegisteredUsers);
             // Log the event
             webManager.logEvent("set MUC room creation to restricted for service "+mucname, null);
             response.sendRedirect("muc-create-permission.jsp?success=true&mucname="+URLEncoder.encode(mucname, StandardCharsets.UTF_8));
             return;
         }
+        else {
+            errors.put("openPerms", "openPerms");
+        }
     }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@xmppserver/src/main/webapp/muc-create-permission.jsp` around lines 75 - 107,
When save is true but openPerms is null/empty or an unexpected value, no branch
executes—add a fallback to handle invalid input: validate openPerms at the start
of the save block and if it's null/unknown, call webManager.logEvent with a
clear message mentioning mucname and the invalid openPerms, set a sensible
default on mucService (e.g., restrict creation or leave unchanged) or explicitly
return an error by redirecting via
response.sendRedirect("muc-create-permission.jsp?error=invalid_permission&mucname="+URLEncoder.encode(mucname,
UTF_8)); ensure this uses the existing mucService and response.sendRedirect flow
so the user receives feedback instead of a silent no-op.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@xmppserver/src/main/webapp/muc-create-permission.jsp`:
- Around line 75-107: When save is true but openPerms is null/empty or an
unexpected value, no branch executes—add a fallback to handle invalid input:
validate openPerms at the start of the save block and if it's null/unknown, call
webManager.logEvent with a clear message mentioning mucname and the invalid
openPerms, set a sensible default on mucService (e.g., restrict creation or
leave unchanged) or explicitly return an error by redirecting via
response.sendRedirect("muc-create-permission.jsp?error=invalid_permission&mucname="+URLEncoder.encode(mucname,
UTF_8)); ensure this uses the existing mucService and response.sendRedirect flow
so the user receives feedback instead of a silent no-op.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro Plus

Run ID: d853bbe6-9424-4684-9c95-426863462be7

📥 Commits

Reviewing files that changed from the base of the PR and between 75c25b0 and 75333ac.

📒 Files selected for processing (2)

• i18n/src/main/resources/openfire_i18n.properties
• xmppserver/src/main/webapp/muc-create-permission.jsp

[coderabbitai]

🧹 Nitpick comments (1)

xmppserver/src/main/webapp/muc-create-permission.jsp (1)

106-108: 💤 Low value

Good defensive error handling for invalid openPerms values.

This correctly catches cases where openPerms is null (e.g., form submitted without selection) or an unexpected value, preventing silent failures where the user clicks save but nothing happens.

Minor style nit: The formatting }else{ is inconsistent with the rest of the file (e.g., line 99 uses else if (...) { with spaces). Consider standardizing:

♻️ Optional style fix

-        }else{
+        } else {
             errors.put("openPerms", "openPerms");
         }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@xmppserver/src/main/webapp/muc-create-permission.jsp` around lines 106 - 108,
The style is inconsistent: change the brace spacing for the final conditional
block so it matches the project's style (use "} else {" instead of "}else{")
around the code that performs errors.put("openPerms", "openPerms");—locate the
conditional that sets openPerms errors in muc-create-permission.jsp and update
the spacing to align with the existing "else if (...) {" style.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@xmppserver/src/main/webapp/muc-create-permission.jsp`:
- Around line 106-108: The style is inconsistent: change the brace spacing for
the final conditional block so it matches the project's style (use "} else {"
instead of "}else{") around the code that performs errors.put("openPerms",
"openPerms");—locate the conditional that sets openPerms errors in
muc-create-permission.jsp and update the spacing to align with the existing
"else if (...) {" style.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro Plus

Run ID: f8651c28-408a-4509-a026-1838666c6060

📥 Commits

Reviewing files that changed from the base of the PR and between 75333ac and fdca48f.

📒 Files selected for processing (1)

• xmppserver/src/main/webapp/muc-create-permission.jsp