admin setting to hide room owner on join of unauthenticated users

CHANGELOG.md

@@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Accessibility statement URL setting for the admin UI and footer ([#2873], [#2874])
 - Greenlight v3 import command ([#2664], [#2665])
 - Greenlight v2 import command now supports importing room presentations ([#2879], [#2880])
+- Admin setting to hide room owner from unauthenticated users ([#2843], [#2844])
 
 ### Changed
 

app/Http/Controllers/api/v1/SettingsController.php

@@ -184,6 +184,7 @@ public function update(UpdateSettings $request)
         $roomSettings->auto_delete_never_used_period = $request->enum('room_auto_delete_never_used_period', TimePeriod::class);
         $roomSettings->auto_delete_deadline_period = $request->enum('room_auto_delete_deadline_period', TimePeriod::class);
         $roomSettings->file_terms_of_use = $request->input('room_file_terms_of_use');
+        $roomSettings->hide_owner_from_guests = $request->boolean('room_hide_owner_from_guests');
 
         $userSettings->password_change_allowed = $request->boolean('user_password_change_allowed');
 

app/Http/Requests/UpdateSettings.php

@@ -70,6 +70,7 @@ public function rules()
             'room_auto_delete_never_used_period' => ['required', 'numeric', Rule::enum(TimePeriod::class)],
             'room_auto_delete_deadline_period' => ['required', 'numeric', Rule::enum(TimePeriod::class)->only([TimePeriod::ONE_WEEK, TimePeriod::TWO_WEEKS, TimePeriod::ONE_MONTH])],
             'room_file_terms_of_use' => ['nullable', 'string', 'max:65000'],
+            'room_hide_owner_from_guests' => ['required', 'boolean'],
 
             'user_password_change_allowed' => ['required', 'boolean'],
 

app/Http/Resources/Room.php

@@ -4,6 +4,7 @@
 
 use App\Http\Resources\User as UserResource;
 use App\Models\RoomPersonalizedLink;
+use App\Settings\RoomSettings;
 use Illuminate\Http\Resources\Json\JsonResource;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Context;
@@ -81,13 +82,18 @@ public function toArray($request)
             $latestMeeting->setRelation('room', $this->resource);
         }
 
+        $roomSettings = app(RoomSettings::class);
+
+        // Check if user is authenticated or room owner should be shown to everyone
+        $showOwner = Auth::check() || ! $roomSettings->hide_owner_from_guests;
+
         return [
             'id' => $this->id,
             'name' => $this->name,
-            'owner' => [
+            'owner' => $this->when($showOwner, fn () => [
                 'id' => $this->owner->id,
                 'name' => $this->owner->fullname,
-            ],
+            ]),
             'last_meeting' => new LastMeeting($latestMeeting),
             'type' => new RoomType($this->roomType)->withFeatures(),
             'model_name' => $this->model_name,

app/Http/Resources/Settings.php

@@ -65,6 +65,7 @@ public function toArray($request)
             'room_auto_delete_deadline_period' => $roomSettings->auto_delete_deadline_period,
             'room_personalized_link_expiration' => $roomSettings->personalized_link_expiration,
             'room_file_terms_of_use' => $roomSettings->file_terms_of_use,
+            'room_hide_owner_from_guests' => $roomSettings->hide_owner_from_guests,
             'user_password_change_allowed' => $userSettings->password_change_allowed,
             'recording_server_usage_enabled' => $recordingSettings->server_usage_enabled,
             'recording_server_usage_retention_period' => $recordingSettings->server_usage_retention_period,

app/Settings/RoomSettings.php

@@ -19,6 +19,8 @@ class RoomSettings extends Settings
 
     public ?string $file_terms_of_use;
 
+    public bool $hide_owner_from_guests;
+
     public static function group(): string
     {
         return 'room';

database/settings/2026_02_16_085258_add_room_hide_owner_for_guests_to_room_settings.php

@@ -0,0 +1,16 @@
+<?php
+
+use Spatie\LaravelSettings\Migrations\SettingsMigration;
+
+return new class extends SettingsMigration
+{
+    public function up(): void
+    {
+        $this->migrator->add('room.hide_owner_from_guests', false);
+    }
+
+    public function down(): void
+    {
+        $this->migrator->delete('room.hide_owner_from_guests');
+    }
+};

lang/en/admin.php

@@ -392,6 +392,7 @@
             'description' => 'Time period since last usage, after which personalized room links get automatically removed.',
             'title' => 'Expiration time for personalized room links',
         ],
+        'room_hide_owner_from_guests' => 'Hide room owner from unauthenticated users',
         'six_month' => '6 Months (180 Days)',
         'statistics' => [
             'meetings' => [

lang/en/validation.php

@@ -130,6 +130,7 @@
         'room_auto_delete_inactive_period' => 'Period until inactive rooms are deleted',
         'room_auto_delete_never_used_period' => 'Period until never used rooms are deleted',
         'room_file_terms_of_use' => 'Terms of use for file download',
+        'room_hide_owner_from_guests' => 'Hide room owner from unauthenticated users',
         'room_limit' => 'Room limit',
         'room_personalized_link_expiration' => 'Expiration time for personalized room links',
         'room_type' => 'Room type',

resources/js/components/RoomDetailsList.vue

@@ -4,7 +4,7 @@
     :class="{ 'md:flex-row': props.inline }"
   >
     <!--owner name-->
-    <div class="flex">
+    <div v-if="props.room.owner" class="flex">
       <div class="room-details__icon">
         <i class="fa-solid fa-user" />
       </div>

resources/js/policies/RoomPolicy.js

@@ -29,7 +29,7 @@ export default {
   viewInvitation(user, model) {
     return !user
       ? false
-      : model.owner.id === user.id ||
+      : model.owner?.id === user.id ||
           model.is_moderator ||
           model.is_co_owner ||
           user.permissions.includes("rooms.viewAll");
@@ -44,7 +44,8 @@ export default {
   delete(user, model) {
     return !user
       ? false
-      : model.owner.id === user.id || user.permissions.includes("rooms.manage");
+      : model.owner?.id === user.id ||
+          user.permissions.includes("rooms.manage");
   },
   /**
    * Is user allowed to transfer this room to a different user
@@ -55,7 +56,8 @@ export default {
   transfer(user, model) {
     return !user
       ? false
-      : model.owner.id === user.id || user.permissions.includes("rooms.manage");
+      : model.owner?.id === user.id ||
+          user.permissions.includes("rooms.manage");
   },
 
   /**
@@ -67,7 +69,7 @@ export default {
   viewSettings(user, model) {
     return !user
       ? false
-      : model.owner.id === user.id ||
+      : model.owner?.id === user.id ||
           model.is_co_owner ||
           user.permissions.includes("rooms.viewAll");
   },
@@ -81,7 +83,7 @@ export default {
   manageSettings(user, model) {
     return !user
       ? false
-      : model.owner.id === user.id ||
+      : model.owner?.id === user.id ||
           model.is_co_owner ||
           user.permissions.includes("rooms.manage");
   },
@@ -96,6 +98,6 @@ export default {
       ? false
       : model.allow_membership &&
           !model.is_member &&
-          model.owner.id !== user.id;
+          model.owner?.id !== user.id;
   },
 };

resources/js/views/AdminSettings.vue

@@ -1063,6 +1063,31 @@
                 />
               </div>
             </div>
+            <fieldset
+              class="grid grid-cols-12 gap-4"
+              data-test="room-hide-owner-field"
+            >
+              <legend class="col-span-12 md:col-span-4 md:mb-0">
+                {{ $t("admin.settings.room_hide_owner_from_guests") }}
+              </legend>
+              <div class="col-span-12 flex flex-col gap-1 md:col-span-8">
+                <div class="flex items-center gap-2">
+                  <ToggleSwitch
+                    v-model="settings.room_hide_owner_from_guests"
+                    input-id="room-hide-owner"
+                    binary
+                    :disabled="disabled"
+                    :invalid="
+                      formErrors.fieldInvalid('room_hide_owner_from_guests')
+                    "
+                  />
+                  <label for="room-hide-owner">{{ $t("app.enable") }}</label>
+                </div>
+                <FormError
+                  :errors="formErrors.fieldError('room_hide_owner_from_guests')"
+                />
+              </div>
+            </fieldset>
           </AdminPanel>
 
           <AdminPanel :title="$t('app.users')">

tests/Backend/Feature/api/v1/Room/RoomTest.php

@@ -589,6 +589,51 @@ public function test_disable_guest_access()
             ->assertJsonFragment(['message' => CustomErrorMessages::ROOM_GUESTS_NOT_ALLOWED->value]);
     }
 
+    /**
+     * Test visibility of room owner for unauthenticated users based on settings.
+     */
+    public function test_hide_owner_from_guests()
+    {
+        // Create a room allowing guests
+        $room = Room::factory()->create([
+            'allow_guests' => true,
+        ]);
+
+        // Case 1: The setting is enabled.
+        // Guests should NOT see the owner information.
+        $this->roomSettings->hide_owner_from_guests = true;
+        $this->roomSettings->save();
+
+        $this->getJson(route('api.v1.rooms.show', ['room' => $room]))
+            ->assertStatus(200)
+            ->assertJsonMissingPath('data.owner');
+
+        // Case 2: The setting is enabled, but the user is authenticated.
+        // Authenticated users should always see the owner information.
+        $this->actingAs($this->user)->getJson(route('api.v1.rooms.show', ['room' => $room]))
+            ->assertStatus(200)
+            ->assertJsonStructure(['data' => [
+                'owner' => [
+                    'id',
+                    'name',
+                ],
+            ]]);
+
+        // Case 3: The setting is disabled.
+        // Guests should see the owner information.
+        $this->roomSettings->hide_owner_from_guests = false;
+        $this->roomSettings->save();
+
+        $this->getJson(route('api.v1.rooms.show', ['room' => $room]))
+            ->assertStatus(200)
+            ->assertJsonStructure(['data' => [
+                'owner' => [
+                    'id',
+                    'name',
+                ],
+            ]]);
+    }
+
     /**
      * Test how guests can log into room with or without valid access code
      */

tests/Backend/Feature/api/v1/SettingsTest.php

@@ -83,6 +83,7 @@ public function test_view_settings()
         $this->roomSettings->auto_delete_deadline_period = TimePeriod::ONE_MONTH;
         $this->roomSettings->personalized_link_expiration = TimePeriod::ONE_WEEK;
         $this->roomSettings->file_terms_of_use = 'test';
+        $this->roomSettings->hide_owner_from_guests = false;
         $this->roomSettings->save();
 
         $this->userSettings->password_change_allowed = true;
@@ -157,6 +158,7 @@ public function test_view_settings()
                     'room_auto_delete_deadline_period' => 30,
                     'room_personalized_link_expiration' => 7,
                     'room_file_terms_of_use' => 'test',
+                    'room_hide_owner_from_guests' => false,
 
                     'user_password_change_allowed' => true,
 
@@ -219,6 +221,7 @@ public function test_update_settings()
             'room_auto_delete_never_used_period' => 30,
             'room_auto_delete_deadline_period' => 7,
             'room_file_terms_of_use' => 'test',
+            'room_hide_owner_from_guests' => true,
 
             'user_password_change_allowed' => 1,
 
@@ -281,6 +284,7 @@ public function test_update_settings()
                     'room_auto_delete_never_used_period' => 30,
                     'room_auto_delete_deadline_period' => 7,
                     'room_file_terms_of_use' => 'test',
+                    'room_hide_owner_from_guests' => true,
 
                     'user_password_change_allowed' => 1,
 
@@ -358,6 +362,7 @@ public function test_update_with_valid_inputs_image_file()
             'room_auto_delete_inactive_period' => 14,
             'room_auto_delete_never_used_period' => 30,
             'room_auto_delete_deadline_period' => 7,
+            'room_hide_owner_from_guests' => false,
 
             'user_password_change_allowed' => 1,
 
@@ -436,6 +441,7 @@ public function test_update_with_valid_inputs_image_file_and_url()
             'room_auto_delete_inactive_period' => 14,
             'room_auto_delete_never_used_period' => 30,
             'room_auto_delete_deadline_period' => 7,
+            'room_hide_owner_from_guests' => false,
 
             'user_password_change_allowed' => 1,
 
@@ -518,6 +524,7 @@ public function test_update_with_invalid_inputs()
             'room_auto_delete_inactive_period' => 'notnumber',
             'room_auto_delete_never_used_period' => 'notnumber',
             'room_auto_delete_deadline_period' => 'notnumber',
+            'room_hide_owner_from_guests' => 'notbool',
 
             'user_password_change_allowed' => 'foo',
 
@@ -571,6 +578,7 @@ public function test_update_with_invalid_inputs()
                 'room_auto_delete_inactive_period',
                 'room_auto_delete_never_used_period',
                 'room_auto_delete_deadline_period',
+                'room_hide_owner_from_guests',
 
                 'user_password_change_allowed',
 
@@ -654,6 +662,7 @@ public function test_update_theme_custom_css()
             'room_auto_delete_inactive_period' => 14,
             'room_auto_delete_never_used_period' => 30,
             'room_auto_delete_deadline_period' => 7,
+            'room_hide_owner_from_guests' => false,
 
             'user_password_change_allowed' => 1,
 
@@ -759,6 +768,7 @@ public function test_update_min_max()
             'room_auto_delete_inactive_period' => 1,
             'room_auto_delete_never_used_period' => 1,
             'room_auto_delete_deadline_period' => 1,
+            'room_hide_owner_from_guests' => false,
 
             'user_password_change_allowed' => 1,
 
@@ -813,6 +823,7 @@ public function test_update_min_max()
             'room_auto_delete_never_used_period' => 1000,
             'room_auto_delete_deadline_period' => 366,
             'room_file_terms_of_use' => str_repeat('a', 65001),
+            'room_hide_owner_from_guests' => false,
 
             'user_password_change_allowed' => 1,
 
@@ -891,6 +902,7 @@ public function test_update_default_presentation()
             'room_auto_delete_inactive_period' => 14,
             'room_auto_delete_never_used_period' => 30,
             'room_auto_delete_deadline_period' => 7,
+            'room_hide_owner_from_guests' => false,
 
             'user_password_change_allowed' => 1,
 
@@ -1002,6 +1014,7 @@ public function test_update_bbb_style()
             'room_auto_delete_inactive_period' => 14,
             'room_auto_delete_never_used_period' => 30,
             'room_auto_delete_deadline_period' => 7,
+            'room_hide_owner_from_guests' => false,
 
             'user_password_change_allowed' => 1,
 
@@ -1098,6 +1111,7 @@ public function test_update_bbb_logo()
             'room_auto_delete_inactive_period' => 14,
             'room_auto_delete_never_used_period' => 30,
             'room_auto_delete_deadline_period' => 7,
+            'room_hide_owner_from_guests' => false,
 
             'user_password_change_allowed' => 1,
 
@@ -1181,6 +1195,7 @@ public function test_update_bbb_dark_logo()
             'room_auto_delete_inactive_period' => 14,
             'room_auto_delete_never_used_period' => 30,
             'room_auto_delete_deadline_period' => 7,
+            'room_hide_owner_from_guests' => false,
 
             'user_password_change_allowed' => 1,
 
@@ -1268,6 +1283,7 @@ public function test_virus_files()
             'room_auto_delete_inactive_period' => 14,
             'room_auto_delete_never_used_period' => 30,
             'room_auto_delete_deadline_period' => 7,
+            'room_hide_owner_from_guests' => false,
 
             'user_password_change_allowed' => 1,