Support for people banned from joining groups via link

_locales/en/messages.json

@@ -4059,6 +4059,14 @@
     "message": "This group link is no longer valid.",
     "description": "Shown if you click a group link and we can't get information about it"
   },
+  "GroupV2--join--link-forbidden--title": {
+    "message": "Can’t Join Group",
+    "description": "Shown if you click a group link and you have been forbidden from joining via the link"
+  },
+  "GroupV2--join--link-forbidden": {
+    "message": "You can't join this group via the group link because an admin removed you.",
+    "description": "Shown if you click a group link and you have been forbidden from joining via the link"
+  },
   "GroupV2--join--prompt-with-approval": {
     "message": "An admin of this group must approve your request before you can join this group. If approved, your name and photo will be shared with its members.",
     "description": "Shown when you click on a group link to confirm, if it requires admin approval"
@@ -5688,6 +5696,16 @@
       }
     }
   },
+  "PendingRequests--deny-for--with-link": {
+    "message": "Deny request from \"$name$\"? They will not be able to request to join via the group link again.",
+    "description": "This is the modal content when confirming denying a group request to join",
+    "placeholders": {
+      "name": {
+        "content": "$1",
+        "example": "Meowsy Purrington"
+      }
+    }
+  },
   "PendingInvites--invites": {
     "message": "Invited by you",
     "description": "This is the title list of all invites"
@@ -6070,6 +6088,16 @@
       }
     }
   },
+  "RemoveGroupMemberConfirmation__description__with-link": {
+    "message": "Remove \"$name$\" from the group? They will not be able to rejoin via the group link.",
+    "description": "When confirming the removal of a group member, show this text in the dialog",
+    "placeholders": {
+      "name": {
+        "content": "$1",
+        "example": "Jane Doe"
+      }
+    }
+  },
   "CaptchaDialog__title": {
     "message": "Verify to continue messaging",
     "description": "Header in the captcha dialog"

protos/Groups.proto

@@ -45,6 +45,10 @@ message MemberPendingAdminApproval {
   uint64 timestamp    = 4;
 }
 
+message MemberBanned {
+  bytes userId = 1;
+}
+
 message AccessControl {
   enum AccessRequired {
     UNKNOWN       = 0;
@@ -72,6 +76,8 @@ message Group {
            bytes                      inviteLinkPassword          = 10;
            bytes                      descriptionBytes            = 11;
            bool                       announcementsOnly           = 12;
+  repeated MemberBanned               membersBanned               = 13;
+  // next: 14
 }
 
 message GroupChange {
@@ -121,6 +127,14 @@ message GroupChange {
       Member.Role role   = 2;
     }
 
+    message AddMemberBannedAction {
+      MemberBanned added = 1;
+    }
+
+    message DeleteMemberBannedAction {
+      bytes deletedUserId = 1;
+    }
+
     message ModifyTitleAction {
       bytes title = 1;
     }
@@ -183,6 +197,9 @@ message GroupChange {
              ModifyInviteLinkPasswordAction             modifyInviteLinkPassword           = 19; // change epoch = 1
              ModifyDescriptionAction                    modifyDescription                  = 20; // change epoch = 2
              ModifyAnnouncementsOnlyAction              modifyAnnouncementsOnly            = 21; // change epoch = 3
+    repeated AddMemberBannedAction                      addMembersBanned                   = 22; // change epoch = 4
+    repeated DeleteMemberBannedAction                   deleteMembersBanned                = 23; // change epoch = 4
+    // next: 24
   }
 
   bytes  actions         = 1; // The serialized actions

ts/components/conversation/ContactModal.stories.tsx

@@ -22,17 +22,23 @@ const story = storiesOf('Components/Conversation/ContactModal', module);
 
 const defaultContact: ConversationType = getDefaultConversation({
   id: 'abcdef',
-  areWeAdmin: false,
   title: 'Pauline Oliveros',
   phoneNumber: '(333) 444-5515',
   about: '👍 Free to chat',
 });
+const defaultGroup: ConversationType = getDefaultConversation({
+  id: 'abcdef',
+  areWeAdmin: true,
+  title: "It's a group",
+  groupLink: 'something',
+});
 
 const createProps = (overrideProps: Partial<PropsType> = {}): PropsType => ({
   areWeASubscriber: false,
   areWeAdmin: boolean('areWeAdmin', overrideProps.areWeAdmin || false),
   badges: overrideProps.badges || [],
   contact: overrideProps.contact || defaultContact,
+  conversation: overrideProps.conversation || defaultGroup,
   hideContactModal: action('hideContactModal'),
   i18n,
   isAdmin: boolean('isAdmin', overrideProps.isAdmin || false),
@@ -62,6 +68,17 @@ story.add('As admin', () => {
   return <ContactModal {...props} />;
 });
 
+story.add('As admin with no group link', () => {
+  const props = createProps({
+    areWeAdmin: true,
+    conversation: {
+      ...defaultGroup,
+      groupLink: undefined,
+    },
+  });
+  return <ContactModal {...props} />;
+});
+
 story.add('As admin, viewing non-member of group', () => {
   const props = createProps({
     isMember: false,

ts/components/conversation/ContactModal.tsx

@@ -2,7 +2,9 @@
 // SPDX-License-Identifier: AGPL-3.0-only
 
 import React, { useEffect, useState } from 'react';
+import type { ReactNode } from 'react';
 
+import * as log from '../../logging/log';
 import { missingCaseError } from '../../util/missingCaseError';
 import { About } from './About';
 import { Avatar } from '../Avatar';
@@ -14,13 +16,14 @@ import { BadgeDialog } from '../BadgeDialog';
 import type { BadgeType } from '../../badges/types';
 import { SharedGroupNames } from '../SharedGroupNames';
 import { ConfirmationDialog } from '../ConfirmationDialog';
+import { RemoveGroupMemberConfirmationDialog } from './RemoveGroupMemberConfirmationDialog';
 
 export type PropsDataType = {
   areWeASubscriber: boolean;
   areWeAdmin: boolean;
   badges: ReadonlyArray<BadgeType>;
   contact?: ConversationType;
-  conversationId?: string;
+  conversation?: ConversationType;
   readonly i18n: LocalizerType;
   isAdmin: boolean;
   isMember: boolean;
@@ -50,12 +53,18 @@ enum ContactModalView {
   ShowingBadges,
 }
 
+enum SubModalState {
+  None = 'None',
+  ToggleAdmin = 'ToggleAdmin',
+  MemberRemove = 'MemberRemove',
+}
+
 export const ContactModal = ({
   areWeASubscriber,
   areWeAdmin,
   badges,
   contact,
-  conversationId,
+  conversation,
   hideContactModal,
   i18n,
   isAdmin,
@@ -72,14 +81,78 @@ export const ContactModal = ({
   }
 
   const [view, setView] = useState(ContactModalView.Default);
-  const [confirmToggleAdmin, setConfirmToggleAdmin] = useState(false);
+  const [subModalState, setSubModalState] = useState<SubModalState>(
+    SubModalState.None
+  );
 
   useEffect(() => {
-    if (conversationId) {
+    if (conversation?.id) {
       // Kick off the expensive hydration of the current sharedGroupNames
-      updateConversationModelSharedGroups(conversationId);
+      updateConversationModelSharedGroups(conversation.id);
     }
-  }, [conversationId, updateConversationModelSharedGroups]);
+  }, [conversation?.id, updateConversationModelSharedGroups]);
+
+  let modalNode: ReactNode;
+  switch (subModalState) {
+    case SubModalState.None:
+      modalNode = undefined;
+      break;
+    case SubModalState.ToggleAdmin:
+      if (!conversation?.id) {
+        log.warn('ContactModal: ToggleAdmin state - missing conversationId');
+        modalNode = undefined;
+        break;
+      }
+
+      modalNode = (
+        <ConfirmationDialog
+          actions={[
+            {
+              action: () => toggleAdmin(conversation.id, contact.id),
+              text: isAdmin
+                ? i18n('ContactModal--rm-admin')
+                : i18n('ContactModal--make-admin'),
+            },
+          ]}
+          i18n={i18n}
+          onClose={() => setSubModalState(SubModalState.None)}
+        >
+          {isAdmin
+            ? i18n('ContactModal--rm-admin-info', [contact.title])
+            : i18n('ContactModal--make-admin-info', [contact.title])}
+        </ConfirmationDialog>
+      );
+      break;
+    case SubModalState.MemberRemove:
+      if (!contact || !conversation?.id) {
+        log.warn(
+          'ContactModal: MemberRemove state - missing contact or conversationId'
+        );
+        modalNode = undefined;
+        break;
+      }
+
+      modalNode = (
+        <RemoveGroupMemberConfirmationDialog
+          conversation={contact}
+          group={conversation}
+          i18n={i18n}
+          onClose={() => {
+            setSubModalState(SubModalState.None);
+          }}
+          onRemove={() => {
+            removeMemberFromGroup(conversation?.id, contact.id);
+          }}
+        />
+      );
+      break;
+    default: {
+      const state: never = subModalState;
+      log.warn(`ContactModal: unexpected ${state}!`);
+      modalNode = undefined;
+      break;
+    }
+  }
 
   switch (view) {
     case ContactModalView.Default: {
@@ -155,12 +228,12 @@ export const ContactModal = ({
                   <span>{i18n('showSafetyNumber')}</span>
                 </button>
               )}
-              {!contact.isMe && areWeAdmin && isMember && conversationId && (
+              {!contact.isMe && areWeAdmin && isMember && conversation?.id && (
                 <>
                   <button
                     type="button"
                     className="ContactModal__button ContactModal__make-admin"
-                    onClick={() => setConfirmToggleAdmin(true)}
+                    onClick={() => setSubModalState(SubModalState.ToggleAdmin)}
                   >
                     <div className="ContactModal__bubble-icon">
                       <div className="ContactModal__make-admin__bubble-icon" />
@@ -174,9 +247,7 @@ export const ContactModal = ({
                   <button
                     type="button"
                     className="ContactModal__button ContactModal__remove-from-group"
-                    onClick={() =>
+                    onClick={() => setSubModalState(SubModalState.MemberRemove)}
-                      removeMemberFromGroup(conversationId, contact.id)
-                    }
                   >
                     <div className="ContactModal__bubble-icon">
                       <div className="ContactModal__remove-from-group__bubble-icon" />
@@ -186,24 +257,7 @@ export const ContactModal = ({
                 </>
               )}
             </div>
-            {confirmToggleAdmin && conversationId && (
+            {modalNode}
-              <ConfirmationDialog
-                actions={[
-                  {
-                    action: () => toggleAdmin(conversationId, contact.id),
-                    text: isAdmin
-                      ? i18n('ContactModal--rm-admin')
-                      : i18n('ContactModal--make-admin'),
-                  },
-                ]}
-                i18n={i18n}
-                onClose={() => setConfirmToggleAdmin(false)}
-              >
-                {isAdmin
-                  ? i18n('ContactModal--rm-admin-info', [contact.title])
-                  : i18n('ContactModal--make-admin-info', [contact.title])}
-              </ConfirmationDialog>
-            )}
           </div>
         </Modal>
       );

ts/components/conversation/ContactSpoofingReviewDialog.stories.tsx

@@ -23,6 +23,7 @@ const story = storiesOf(
 const getCommonProps = () => ({
   getPreferredBadge: () => undefined,
   i18n,
+  group: getDefaultConversation(),
   onBlock: action('onBlock'),
   onBlockAndReportSpam: action('onBlockAndReportSpam'),
   onClose: action('onClose'),
@@ -51,7 +52,10 @@ story.add('Direct conversations with same title', () => (
       <ContactSpoofingReviewDialog
         {...getCommonProps()}
         type={ContactSpoofingType.MultipleGroupMembersWithSameTitle}
-        areWeAdmin={areWeAdmin}
+        group={{
+          ...getDefaultConversation(),
+          areWeAdmin,
+        }}
         collisionInfoByTitle={{
           Alice: times(2, () => ({
             oldName: 'Alicia',

ts/components/conversation/ContactSpoofingReviewDialog.tsx

@@ -43,7 +43,7 @@ type PropsType = {
     }
   | {
       type: ContactSpoofingType.MultipleGroupMembersWithSameTitle;
-      areWeAdmin: boolean;
+      group: ConversationType;
       collisionInfoByTitle: Record<
         string,
         Array<{
@@ -78,13 +78,20 @@ export const ContactSpoofingReviewDialog: FunctionComponent<PropsType> =
     const [confirmationState, setConfirmationState] = useState<
       | undefined
       | {
-          type: ConfirmationStateType;
+          type: ConfirmationStateType.ConfirmingGroupRemoval;
+          affectedConversation: ConversationType;
+          group: ConversationType;
+        }
+      | {
+          type:
+            | ConfirmationStateType.ConfirmingDelete
+            | ConfirmationStateType.ConfirmingBlock;
           affectedConversation: ConversationType;
         }
     >();
 
     if (confirmationState) {
-      const { affectedConversation, type } = confirmationState;
+      const { type, affectedConversation } = confirmationState;
       switch (type) {
         case ConfirmationStateType.ConfirmingDelete:
         case ConfirmationStateType.ConfirmingBlock:
@@ -140,10 +147,12 @@ export const ContactSpoofingReviewDialog: FunctionComponent<PropsType> =
               }}
             />
           );
-        case ConfirmationStateType.ConfirmingGroupRemoval:
+        case ConfirmationStateType.ConfirmingGroupRemoval: {
+          const { group } = confirmationState;
           return (
             <RemoveGroupMemberConfirmationDialog
               conversation={affectedConversation}
+              group={group}
               i18n={i18n}
               onClose={() => {
                 setConfirmationState(undefined);
@@ -153,6 +162,7 @@ export const ContactSpoofingReviewDialog: FunctionComponent<PropsType> =
               }}
             />
           );
+        }
         default:
           throw missingCaseError(type);
       }
@@ -227,7 +237,7 @@ export const ContactSpoofingReviewDialog: FunctionComponent<PropsType> =
         break;
       }
       case ContactSpoofingType.MultipleGroupMembersWithSameTitle: {
-        const { areWeAdmin, collisionInfoByTitle } = props;
+        const { group, collisionInfoByTitle } = props;
 
         const unsortedConversationInfos = concat(
           // This empty array exists to appease Lodash's type definitions.
@@ -254,7 +264,7 @@ export const ContactSpoofingReviewDialog: FunctionComponent<PropsType> =
             </h2>
             {conversationInfos.map((conversationInfo, index) => {
               let button: ReactNode;
-              if (areWeAdmin) {
+              if (group.areWeAdmin) {
                 button = (
                   <Button
                     variant={ButtonVariant.SecondaryAffirmative}
@@ -262,6 +272,7 @@ export const ContactSpoofingReviewDialog: FunctionComponent<PropsType> =
                       setConfirmationState({
                         type: ConfirmationStateType.ConfirmingGroupRemoval,
                         affectedConversation: conversationInfo.conversation,
+                        group,
                       });
                     }}
                   >

ts/components/conversation/RemoveGroupMemberConfirmationDialog.tsx

@@ -6,12 +6,14 @@ import React from 'react';
 
 import type { ConversationType } from '../../state/ducks/conversations';
 import type { LocalizerType } from '../../types/Util';
+import { isAccessControlEnabled } from '../../groups/util';
 
 import { ConfirmationDialog } from '../ConfirmationDialog';
 import { Intl } from '../Intl';
 import { ContactName } from './ContactName';
 
 type PropsType = {
+  group: ConversationType;
   conversation: ConversationType;
   i18n: LocalizerType;
   onClose: () => void;
@@ -19,25 +21,33 @@ type PropsType = {
 };
 
 export const RemoveGroupMemberConfirmationDialog: FunctionComponent<PropsType> =
-  ({ conversation, i18n, onClose, onRemove }) => (
+  ({ conversation, group, i18n, onClose, onRemove }) => {
-    <ConfirmationDialog
+    const descriptionKey = isAccessControlEnabled(
-      actions={[
+      group.accessControlAddFromInviteLink
-        {
+    )
-          action: onRemove,
+      ? 'RemoveGroupMemberConfirmation__description__with-link'
-          text: i18n('RemoveGroupMemberConfirmation__remove-button'),
+      : 'RemoveGroupMemberConfirmation__description';
-          style: 'negative',
+
-        },
+    return (
-      ]}
+      <ConfirmationDialog
-      i18n={i18n}
+        actions={[
-      onClose={onClose}
+          {
-      title={
+            action: onRemove,
-        <Intl
+            text: i18n('RemoveGroupMemberConfirmation__remove-button'),
-          i18n={i18n}
+            style: 'negative',
-          id="RemoveGroupMemberConfirmation__description"
+          },
-          components={{
+        ]}
-            name: <ContactName title={conversation.title} />,
+        i18n={i18n}
-          }}
+        onClose={onClose}
-        />
+        title={
-      }
+          <Intl
-    />
+            i18n={i18n}
-  );
+            id={descriptionKey}
+            components={{
+              name: <ContactName title={conversation.title} />,
+            }}
+          />
+        }
+      />
+    );
+  };

ts/components/conversation/Timeline.stories.tsx

@@ -492,6 +492,7 @@ const renderTypingBubble = () => (
 );
 
 const useProps = (overrideProps: Partial<PropsType> = {}): PropsType => ({
+  conversation: overrideProps.conversation || getDefaultConversation(),
   discardMessages: action('discardMessages'),
   getPreferredBadge: () => undefined,
   i18n,

ts/components/conversation/Timeline.tsx

@@ -94,7 +94,7 @@ export type PropsDataType = {
 
 type PropsHousekeepingType = {
   id: string;
-  areWeAdmin?: boolean;
+  conversation: ConversationType;
   isConversationSelected: boolean;
   isGroupV1AndDisabled?: boolean;
   isIncomingMessageRequest: boolean;
@@ -734,10 +734,10 @@ export class Timeline extends React.Component<
   public override render(): JSX.Element | null {
     const {
       acknowledgeGroupMemberNameCollisions,
-      areWeAdmin,
       clearInvitedUuidsForNewlyCreatedGroup,
       closeContactSpoofingReview,
       contactSpoofingReview,
+      conversation,
       getPreferredBadge,
       getTimestampForMessage,
       haveNewest,
@@ -1018,7 +1018,7 @@ export class Timeline extends React.Component<
             <ContactSpoofingReviewDialog
               {...commonProps}
               type={ContactSpoofingType.MultipleGroupMembersWithSameTitle}
-              areWeAdmin={Boolean(areWeAdmin)}
+              group={conversation}
               collisionInfoByTitle={contactSpoofingReview.collisionInfoByTitle}
             />
           );

ts/components/conversation/conversation-details/PendingInvites.tsx

@@ -14,6 +14,7 @@ import { ConfirmationDialog } from '../../ConfirmationDialog';
 import { PanelSection } from './PanelSection';
 import { PanelRow } from './PanelRow';
 import { ConversationDetailsIcon, IconType } from './ConversationDetailsIcon';
+import { isAccessControlEnabled } from '../../../groups/util';
 
 export type PropsType = {
   readonly conversation?: ConversationType;
@@ -147,6 +148,7 @@ export const PendingInvites: React.ComponentType<PropsType> = ({
       {stagedMemberships && stagedMemberships.length && (
         <MembershipActionConfirmation
           approvePendingMembership={approvePendingMembership}
+          conversation={conversation}
           i18n={i18n}
           members={conversation.sortedGroupMembers || []}
           onClose={() => setStagedMemberships(null)}
@@ -161,6 +163,7 @@ export const PendingInvites: React.ComponentType<PropsType> = ({
 
 function MembershipActionConfirmation({
   approvePendingMembership,
+  conversation,
   i18n,
   members,
   onClose,
@@ -169,6 +172,7 @@ function MembershipActionConfirmation({
   stagedMemberships,
 }: {
   approvePendingMembership: (conversationId: string) => void;
+  conversation: ConversationType;
   i18n: LocalizerType;
   members: Array<ConversationType>;
   onClose: () => void;
@@ -222,6 +226,7 @@ function MembershipActionConfirmation({
       onClose={onClose}
     >
       {getConfirmationMessage({
+        conversation,
         i18n,
         members,
         ourUuid,
@@ -232,11 +237,13 @@ function MembershipActionConfirmation({
 }
 
 function getConfirmationMessage({
+  conversation,
   i18n,
   members,
   ourUuid,
   stagedMemberships,
 }: Readonly<{
+  conversation: ConversationType;
   i18n: LocalizerType;
   members: ReadonlyArray<ConversationType>;
   ourUuid: string;
@@ -251,7 +258,12 @@ function getConfirmationMessage({
 
   // Requesting a membership since they weren't added by anyone
   if (membershipType === StageType.DENY_REQUEST) {
-    return i18n('PendingRequests--deny-for', {
+    const key = isAccessControlEnabled(
+      conversation.accessControlAddFromInviteLink
+    )
+      ? 'PendingRequests--deny-for--with-link'
+      : 'PendingRequests--deny-for';
+    return i18n(key, {
       name: firstMembership.member.title,
     });
   }

ts/groups.ts

@@ -74,13 +74,15 @@ import { UUID, isValidUuid } from './types/UUID';
 import type { UUIDStringType } from './types/UUID';
 import * as Errors from './types/errors';
 import { SignalService as Proto } from './protobuf';
+import { isNotNil } from './util/isNotNil';
+import { isAccessControlEnabled } from './groups/util';
 
 import {
   conversationJobQueue,
   conversationQueueJobEnum,
 } from './jobs/conversationJobQueue';
 
-import AccessRequiredEnum = Proto.AccessControl.AccessRequired;
+type AccessRequiredEnum = Proto.AccessControl.AccessRequired;
 
 export { joinViaLink } from './groups/joinViaLink';
 
@@ -271,7 +273,7 @@ export const ID_LENGTH = 32;
 const TEMPORAL_AUTH_REJECTED_CODE = 401;
 const GROUP_ACCESS_DENIED_CODE = 403;
 const GROUP_NONEXISTENT_CODE = 404;
-const SUPPORTED_CHANGE_EPOCH = 2;
+const SUPPORTED_CHANGE_EPOCH = 4;
 export const LINK_VERSION_ERROR = 'LINK_VERSION_ERROR';
 const GROUP_INVITE_LINK_PASSWORD_LENGTH = 16;
 
@@ -582,7 +584,7 @@ function buildGroupProto(
 export async function buildAddMembersChange(
   conversation: Pick<
     ConversationAttributesType,
-    'id' | 'publicParams' | 'revision' | 'secretParams'
+    'bannedMembersV2' | 'id' | 'publicParams' | 'revision' | 'secretParams'
   >,
   conversationIds: ReadonlyArray<string>
 ): Promise<undefined | Proto.GroupChange.Actions> {
@@ -621,6 +623,7 @@ export async function buildAddMembersChange(
   const addMembers: Array<Proto.GroupChange.Actions.AddMemberAction> = [];
   const addPendingMembers: Array<Proto.GroupChange.Actions.AddMemberPendingProfileKeyAction> =
     [];
+  const actions = new Proto.GroupChange.Actions();
 
   await Promise.all(
     conversationIds.map(async conversationId => {
@@ -679,10 +682,22 @@ export async function buildAddMembersChange(
 
         addPendingMembers.push(addPendingMemberAction);
       }
+
+      const doesMemberNeedUnban = conversation.bannedMembersV2?.includes(uuid);
+      if (doesMemberNeedUnban) {
+        const uuidCipherTextBuffer = encryptUuid(clientZkGroupCipher, uuid);
+
+        const deleteMemberBannedAction =
+          new Proto.GroupChange.Actions.DeleteMemberBannedAction();
+
+        deleteMemberBannedAction.deletedUserId = uuidCipherTextBuffer;
+
+        actions.deleteMembersBanned = actions.deleteMembersBanned || [];
+        actions.deleteMembersBanned.push(deleteMemberBannedAction);
+      }
     })
   );
 
-  const actions = new Proto.GroupChange.Actions();
   if (!addMembers.length && !addPendingMembers.length) {
     // This shouldn't happen. When these actions are passed to `modifyGroupV2`, a warning
     //   will be logged.
@@ -920,9 +935,11 @@ export function buildAccessControlMembersChange(
 // TODO AND-1101
 export function buildDeletePendingAdminApprovalMemberChange({
   group,
+  ourUuid,
   uuid,
 }: {
   group: ConversationAttributesType;
+  ourUuid: UUIDStringType;
   uuid: UUIDStringType;
 }): Proto.GroupChange.Actions {
   const actions = new Proto.GroupChange.Actions();
@@ -944,6 +961,18 @@ export function buildDeletePendingAdminApprovalMemberChange({
     deleteMemberPendingAdminApproval,
   ];
 
+  const doesMemberNeedBan =
+    !group.bannedMembersV2?.includes(uuid) && uuid !== ourUuid;
+  if (doesMemberNeedBan) {
+    const addMemberBannedAction =
+      new Proto.GroupChange.Actions.AddMemberBannedAction();
+
+    addMemberBannedAction.added = new Proto.MemberBanned();
+    addMemberBannedAction.added.userId = uuidCipherTextBuffer;
+
+    actions.addMembersBanned = [addMemberBannedAction];
+  }
+
   return actions;
 }
 
@@ -990,11 +1019,13 @@ export function buildAddMember({
   group,
   profileKeyCredentialBase64,
   serverPublicParamsBase64,
+  uuid,
 }: {
   group: ConversationAttributesType;
   profileKeyCredentialBase64: string;
   serverPublicParamsBase64: string;
   joinFromInviteLink?: boolean;
+  uuid: UUIDStringType;
 }): Proto.GroupChange.Actions {
   const MEMBER_ROLE_ENUM = Proto.Member.Role;
 
@@ -1023,6 +1054,18 @@ export function buildAddMember({
   actions.version = (group.revision || 0) + 1;
   actions.addMembers = [addMember];
 
+  const doesMemberNeedUnban = group.bannedMembersV2?.includes(uuid);
+  if (doesMemberNeedUnban) {
+    const clientZkGroupCipher = getClientZkGroupCipher(group.secretParams);
+    const uuidCipherTextBuffer = encryptUuid(clientZkGroupCipher, uuid);
+
+    const deleteMemberBannedAction =
+      new Proto.GroupChange.Actions.DeleteMemberBannedAction();
+
+    deleteMemberBannedAction.deletedUserId = uuidCipherTextBuffer;
+    actions.deleteMembersBanned = [deleteMemberBannedAction];
+  }
+
   return actions;
 }
 
@@ -1057,11 +1100,13 @@ export function buildDeletePendingMemberChange({
 }
 
 export function buildDeleteMemberChange({
-  uuid,
   group,
+  ourUuid,
+  uuid,
 }: {
-  uuid: UUIDStringType;
   group: ConversationAttributesType;
+  ourUuid: UUIDStringType;
+  uuid: UUIDStringType;
 }): Proto.GroupChange.Actions {
   const actions = new Proto.GroupChange.Actions();
 
@@ -1077,6 +1122,19 @@ export function buildDeleteMemberChange({
   actions.version = (group.revision || 0) + 1;
   actions.deleteMembers = [deleteMember];
 
+  const doesMemberNeedBan =
+    !group.bannedMembersV2?.includes(uuid) && uuid !== ourUuid;
+
+  if (doesMemberNeedBan) {
+    const addMemberBannedAction =
+      new Proto.GroupChange.Actions.AddMemberBannedAction();
+
+    addMemberBannedAction.added = new Proto.MemberBanned();
+    addMemberBannedAction.added.userId = uuidCipherTextBuffer;
+
+    actions.addMembersBanned = [addMemberBannedAction];
+  }
+
   return actions;
 }
 
@@ -3548,12 +3606,12 @@ function extractDiffs({
     });
   }
 
-  const linkPreviouslyEnabled =
+  const linkPreviouslyEnabled = isAccessControlEnabled(
-    old.accessControl?.addFromInviteLink === ACCESS_ENUM.ANY ||
+    old.accessControl?.addFromInviteLink
-    old.accessControl?.addFromInviteLink === ACCESS_ENUM.ADMINISTRATOR;
+  );
-  const linkCurrentlyEnabled =
+  const linkCurrentlyEnabled = isAccessControlEnabled(
-    current.accessControl?.addFromInviteLink === ACCESS_ENUM.ANY ||
+    current.accessControl?.addFromInviteLink
-    current.accessControl?.addFromInviteLink === ACCESS_ENUM.ADMINISTRATOR;
+  );
 
   if (!linkPreviouslyEnabled && linkCurrentlyEnabled) {
     details.push({
@@ -3808,6 +3866,8 @@ function extractDiffs({
     });
   }
 
+  // Note: currently no diff generated for bannedMembersV2 changes
+
   // final processing
 
   let message: MessageAttributesType | undefined;
@@ -3967,6 +4027,9 @@ async function applyGroupChange({
   > = fromPairs(
     (result.pendingAdminApprovalV2 || []).map(member => [member.uuid, member])
   );
+  const bannedMembers: Record<UUIDStringType, UUIDStringType> = fromPairs(
+    (result.bannedMembersV2 || []).map(uuid => [uuid, uuid])
+  );
 
   // version?: number;
   result.revision = version;
@@ -4388,6 +4451,32 @@ async function applyGroupChange({
     result.announcementsOnly = announcementsOnly;
   }
 
+  if (actions.addMembersBanned && actions.addMembersBanned.length > 0) {
+    actions.addMembersBanned.forEach(uuid => {
+      if (bannedMembers[uuid]) {
+        log.warn(
+          `applyGroupChange/${logId}: Attempt to add banned member failed; was already in banned list.`
+        );
+        return;
+      }
+
+      bannedMembers[uuid] = uuid;
+    });
+  }
+
+  if (actions.deleteMembersBanned && actions.deleteMembersBanned.length > 0) {
+    actions.deleteMembersBanned.forEach(uuid => {
+      if (!bannedMembers[uuid]) {
+        log.warn(
+          `applyGroupChange/${logId}: Attempt to remove banned member failed; was not in banned list.`
+        );
+        return;
+      }
+
+      delete bannedMembers[uuid];
+    });
+  }
+
   if (ourUuid) {
     result.left = !members[ourUuid];
   }
@@ -4396,6 +4485,7 @@ async function applyGroupChange({
   result.membersV2 = values(members);
   result.pendingMembersV2 = values(pendingMembers);
   result.pendingAdminApprovalV2 = values(pendingAdminApprovalMembers);
+  result.bannedMembersV2 = values(bannedMembers);
 
   return {
     newAttributes: result,
@@ -4650,6 +4740,9 @@ async function applyGroupState({
   // announcementsOnly
   result.announcementsOnly = groupState.announcementsOnly;
 
+  // membersBanned
+  result.bannedMembersV2 = groupState.membersBanned;
+
   return {
     newAttributes: result,
     newProfileKeys,
@@ -4759,6 +4852,8 @@ type DecryptedGroupChangeActions = {
   modifyAnnouncementsOnly?: {
     announcementsOnly: boolean;
   };
+  addMembersBanned?: ReadonlyArray<UUIDStringType>;
+  deleteMembersBanned?: ReadonlyArray<UUIDStringType>;
 } & Pick<
   Proto.GroupChange.IActions,
   | 'modifyAttributesAccess'
@@ -5286,6 +5381,42 @@ function decryptGroupChange(
     };
   }
 
+  // addMembersBanned
+  if (actions.addMembersBanned && actions.addMembersBanned.length > 0) {
+    result.addMembersBanned = actions.addMembersBanned
+      .map(item => {
+        if (!item.added || !item.added.userId) {
+          log.warn(
+            `decryptGroupChange/${logId}: addMembersBanned had a blank entry`
+          );
+          return null;
+        }
+        return normalizeUuid(
+          decryptUuid(clientZkGroupCipher, item.added.userId),
+          'addMembersBanned.added.userId'
+        );
+      })
+      .filter(isNotNil);
+  }
+
+  // deleteMembersBanned
+  if (actions.deleteMembersBanned && actions.deleteMembersBanned.length > 0) {
+    result.deleteMembersBanned = actions.deleteMembersBanned
+      .map(item => {
+        if (!item.deletedUserId) {
+          log.warn(
+            `decryptGroupChange/${logId}: deleteMembersBanned had a blank entry`
+          );
+          return null;
+        }
+        return normalizeUuid(
+          decryptUuid(clientZkGroupCipher, item.deletedUserId),
+          'deleteMembersBanned.deletedUserId'
+        );
+      })
+      .filter(isNotNil);
+  }
+
   return result;
 }
 
@@ -5344,6 +5475,7 @@ type DecryptedGroupState = {
   descriptionBytes?: Proto.GroupAttributeBlob;
   avatar?: string;
   announcementsOnly?: boolean;
+  membersBanned?: Array<UUIDStringType>;
 };
 
 function decryptGroupState(
@@ -5479,6 +5611,27 @@ function decryptGroupState(
   const { announcementsOnly } = groupState;
   result.announcementsOnly = Boolean(announcementsOnly);
 
+  // membersBanned
+  const { membersBanned } = groupState;
+  if (membersBanned && membersBanned.length > 0) {
+    result.membersBanned = membersBanned
+      .map(item => {
+        if (!item.userId) {
+          log.warn(
+            `decryptGroupState/${logId}: membersBanned had a blank entry`
+          );
+          return null;
+        }
+        return normalizeUuid(
+          decryptUuid(clientZkGroupCipher, item.userId),
+          'membersBanned.added.userId'
+        );
+      })
+      .filter(isNotNil);
+  } else {
+    result.membersBanned = [];
+  }
+
   result.avatar = dropNull(groupState.avatar);
 
   return result;

ts/groups/joinViaLink.ts

@@ -11,6 +11,7 @@ import {
   LINK_VERSION_ERROR,
   parseGroupLink,
 } from '../groups';
+import * as Errors from '../types/errors';
 import * as Bytes from '../Bytes';
 import { longRunningTaskWrapper } from '../util/longRunningTaskWrapper';
 import { isGroupV1 } from '../util/whatTypeOfConversation';
@@ -24,16 +25,19 @@ import * as log from '../logging/log';
 import { showToast } from '../util/showToast';
 import { ToastAlreadyGroupMember } from '../components/ToastAlreadyGroupMember';
 import { ToastAlreadyRequestedToJoin } from '../components/ToastAlreadyRequestedToJoin';
+import { HTTPError } from '../textsecure/Errors';
+import { isAccessControlEnabled } from './util';
 
 export async function joinViaLink(hash: string): Promise<void> {
   let inviteLinkPassword: string;
   let masterKey: string;
   try {
     ({ inviteLinkPassword, masterKey } = parseGroupLink(hash));
-  } catch (error) {
+  } catch (error: unknown) {
-    const errorString = error && error.stack ? error.stack : error;
+    const errorString = Errors.toLogFormat(error);
     log.error(`joinViaLink: Failed to parse group link ${errorString}`);
-    if (error && error.name === LINK_VERSION_ERROR) {
+
+    if (error instanceof Error && error.name === LINK_VERSION_ERROR) {
       showErrorDialog(
         window.i18n('GroupV2--join--unknown-link-version'),
         window.i18n('GroupV2--join--unknown-link-version--title')
@@ -84,28 +88,35 @@ export async function joinViaLink(hash: string): Promise<void> {
       suppressErrorDialog: true,
       task: () => getPreJoinGroupInfo(inviteLinkPassword, masterKey),
     });
-  } catch (error) {
+  } catch (error: unknown) {
-    const errorString = error && error.stack ? error.stack : error;
+    const errorString = Errors.toLogFormat(error);
     log.error(
       `joinViaLink/${logId}: Failed to fetch group info - ${errorString}`
     );
 
-    showErrorDialog(
+    if (
-      error.code && error.code === 403
+      error instanceof HTTPError &&
-        ? window.i18n('GroupV2--join--link-revoked')
+      error.responseHeaders['x-signal-forbidden-reason']
-        : window.i18n('GroupV2--join--general-join-failure'),
+    ) {
-      error.code && error.code === 403
+      showErrorDialog(
-        ? window.i18n('GroupV2--join--link-revoked--title')
+        window.i18n('GroupV2--join--link-forbidden'),
-        : window.i18n('GroupV2--join--general-join-failure--title')
+        window.i18n('GroupV2--join--link-forbidden--title')
-    );
+      );
+    } else if (error instanceof HTTPError && error.code === 403) {
+      showErrorDialog(
+        window.i18n('GroupV2--join--link-revoked'),
+        window.i18n('GroupV2--join--link-revoked--title')
+      );
+    } else {
+      showErrorDialog(
+        window.i18n('GroupV2--join--general-join-failure'),
+        window.i18n('GroupV2--join--general-join-failure--title')
+      );
+    }
     return;
   }
 
-  const ACCESS_ENUM = Proto.AccessControl.AccessRequired;
+  if (!isAccessControlEnabled(result.addFromInviteLink)) {
-  if (
-    result.addFromInviteLink !== ACCESS_ENUM.ADMINISTRATOR &&
-    result.addFromInviteLink !== ACCESS_ENUM.ANY
-  ) {
     log.error(
       `joinViaLink/${logId}: addFromInviteLink value of ${result.addFromInviteLink} is invalid`
     );
@@ -124,7 +135,8 @@ export async function joinViaLink(hash: string): Promise<void> {
     | undefined = result.avatar ? { loading: true } : undefined;
   const memberCount = result.memberCount || 1;
   const approvalRequired =
-    result.addFromInviteLink === ACCESS_ENUM.ADMINISTRATOR;
+    result.addFromInviteLink ===
+    Proto.AccessControl.AccessRequired.ADMINISTRATOR;
   const title =
     decryptGroupTitle(result.title, secretParams) ||
     window.i18n('unknownGroup');

ts/groups/util.ts

@@ -0,0 +1,15 @@
+// Copyright 2022 Signal Messenger, LLC
+// SPDX-License-Identifier: AGPL-3.0-only
+
+import { SignalService as Proto } from '../protobuf';
+
+const ACCESS_ENUM = Proto.AccessControl.AccessRequired;
+
+export function isAccessControlEnabled(
+  accessControl: number | undefined
+): boolean {
+  return (
+    accessControl === ACCESS_ENUM.ANY ||
+    accessControl === ACCESS_ENUM.ADMINISTRATOR
+  );
+}

ts/model-types.d.ts

@@ -344,6 +344,7 @@ export type ConversationAttributesType = {
   membersV2?: Array<GroupV2MemberType>;
   pendingMembersV2?: Array<GroupV2PendingMemberType>;
   pendingAdminApprovalV2?: Array<GroupV2PendingAdminApprovalType>;
+  bannedMembersV2?: Array<UUIDStringType>;
   groupInviteLinkPassword?: string;
   previousGroupV1Id?: string;
   previousGroupV1Members?: Array<string>;

ts/models/conversations.ts

@@ -52,7 +52,7 @@ import { sniffImageMimeType } from '../util/sniffImageMimeType';
 import { isValidE164 } from '../util/isValidE164';
 import type { MIMEType } from '../types/MIME';
 import { IMAGE_JPEG, IMAGE_GIF, IMAGE_WEBP } from '../types/MIME';
-import { UUID, UUIDKind, isValidUuid } from '../types/UUID';
+import { UUID, isValidUuid, UUIDKind } from '../types/UUID';
 import type { UUIDStringType } from '../types/UUID';
 import { deriveAccessKey, decryptProfileName, decryptProfile } from '../Crypto';
 import * as Bytes from '../Bytes';
@@ -582,8 +582,13 @@ export class ConversationModel extends window.Backbone
       );
     }
 
+    const ourUuid = window.textsecure.storage.user
+      .getCheckedUuid(UUIDKind.ACI)
+      .toString();
+
     return window.Signal.Groups.buildDeletePendingAdminApprovalMemberChange({
       group: this.attributes,
+      ourUuid,
       uuid,
     });
   }
@@ -660,10 +665,19 @@ export class ConversationModel extends window.Backbone
       this.get('announcementsOnly') &&
       !toRequest.get('capabilities')?.announcementGroup
     ) {
-      log.warn(`addMember/${idLog}: ${conversationId} needs to upgrade.`);
+      log.warn(
+        `addMember/${idLog}: ${toRequest.idForLogging()} needs to upgrade.`
+      );
       return undefined;
     }
 
+    const uuid = toRequest.get('uuid');
+    if (!uuid) {
+      throw new Error(
+        `addMember/${idLog}: ${toRequest.idForLogging()} is missing a uuid!`
+      );
+    }
+
     // We need the user's profileKeyCredential, which requires a roundtrip with the
     //   server, and most definitely their profileKey. A getProfiles() call will
     //   ensure that we have as much as we can get with the data we have.
@@ -691,6 +705,7 @@ export class ConversationModel extends window.Backbone
       group: this.attributes,
       profileKeyCredentialBase64,
       serverPublicParamsBase64: window.getServerPublicParams(),
+      uuid,
     });
   }
 
@@ -769,8 +784,13 @@ export class ConversationModel extends window.Backbone
       );
     }
 
+    const ourUuid = window.textsecure.storage.user
+      .getCheckedUuid(UUIDKind.ACI)
+      .toString();
+
     return window.Signal.Groups.buildDeleteMemberChange({
       group: this.attributes,
+      ourUuid,
       uuid,
     });
   }
@@ -2260,12 +2280,7 @@ export class ConversationModel extends window.Backbone
       name: 'addMembersV2',
       createGroupChange: () =>
         window.Signal.Groups.buildAddMembersChange(
-          {
+          this.attributes,
-            id: this.id,
-            publicParams: this.get('publicParams'),
-            revision: this.get('revision'),
-            secretParams: this.get('secretParams'),
-          },
           conversationIds
         ),
     });

ts/state/smart/ContactModal.tsx

@@ -40,7 +40,7 @@ const mapStateToProps = (state: StateType): PropsDataType => {
     areWeAdmin,
     badges: getBadgesSelector(state)(contact.badges),
     contact,
-    conversationId,
+    conversation: currentConversation,
     i18n: getIntl(state),
     isAdmin,
     isMember,

ts/state/smart/Timeline.tsx

@@ -284,11 +284,8 @@ const mapStateToProps = (state: StateType, props: ExternalProps) => {
 
   return {
     id,
-    ...pick(conversation, [
+    ...pick(conversation, ['unreadCount', 'isGroupV1AndDisabled']),
-      'areWeAdmin',
+    conversation,
-      'unreadCount',
-      'isGroupV1AndDisabled',
-    ]),
     isConversationSelected: state.conversations.selectedConversationId === id,
     isIncomingMessageRequest: Boolean(
       conversation.messageRequestsEnabled &&