Enforce member label access control and handle insufficient permission error.

app/src/main/java/org/thoughtcrime/securesms/components/settings/conversation/ConversationSettingsFragment.kt

@@ -868,6 +868,9 @@ class ConversationSettingsFragment :
               onClick = {
                 val action = ConversationSettingsFragmentDirections.actionConversationSettingsFragmentToMemberLabelFragment(groupState.groupId)
                 navController.safeNavigate(action)
+              },
+              onDisabledClicked = {
+                Snackbar.make(requireView(), R.string.GroupMemberLabel__error_no_edit_permission, Snackbar.LENGTH_SHORT).show()
               }
             )
           }

app/src/main/java/org/thoughtcrime/securesms/groups/memberlabel/MemberLabelFragment.kt

@@ -122,6 +122,7 @@ class MemberLabelFragment : ComposeFragment(), ReactWithAnyEmojiBottomSheetDialo
     }
 
     val networkErrorMessage = stringResource(R.string.GroupMemberLabel__error_cant_save_no_network)
+    val noPermissionErrorMessage = stringResource(R.string.GroupMemberLabel__error_no_edit_permission)
 
     LaunchedEffect(uiState.showAboutOverrideSheet) {
       if (uiState.showAboutOverrideSheet) {
@@ -142,7 +143,10 @@ class MemberLabelFragment : ComposeFragment(), ReactWithAnyEmojiBottomSheetDialo
           viewModel.onSaveStateConsumed()
         }
 
-        is SaveState.InsufficientRights -> throw IllegalStateException("User does not have permission to set member label.")
+        is SaveState.InsufficientRights -> {
+          snackbarHostState.showSnackbar(noPermissionErrorMessage)
+          viewModel.onSaveStateConsumed()
+        }
 
         is SaveState.InProgress, null -> Unit
       }

app/src/main/java/org/thoughtcrime/securesms/groups/memberlabel/MemberLabelRepository.kt

@@ -16,6 +16,7 @@ import org.thoughtcrime.securesms.conversation.colors.NameColor
 import org.thoughtcrime.securesms.database.GroupTable
 import org.thoughtcrime.securesms.database.SignalDatabase
 import org.thoughtcrime.securesms.dependencies.AppDependencies
+import org.thoughtcrime.securesms.groups.GroupAccessControl
 import org.thoughtcrime.securesms.groups.GroupId
 import org.thoughtcrime.securesms.groups.GroupManager
 import org.thoughtcrime.securesms.keyvalue.SignalStore
@@ -106,7 +107,13 @@ class MemberLabelRepository private constructor(
   suspend fun canSetLabel(groupId: GroupId.V2, recipient: Recipient): Boolean = withContext(Dispatchers.IO) {
     if (!RemoteConfig.sendMemberLabels) return@withContext false
     val groupRecord = groupsTable.getGroup(groupId).orNull() ?: return@withContext false
-    groupRecord.memberLevel(recipient).isInGroup
+
+    val memberLevel = groupRecord.memberLevel(recipient)
+    if (groupRecord.memberLabelAccessControl == GroupAccessControl.ONLY_ADMINS) {
+      memberLevel == GroupTable.MemberLevel.ADMINISTRATOR
+    } else {
+      memberLevel.isInGroup
+    }
   }
 
   /**

app/src/main/res/values/strings.xml

@@ -9537,6 +9537,8 @@
     <string name="GroupMemberLabel__description">Add a member label to describe yourself or your role in this group. Labels are only visible within this group.</string>
     <!-- Error message shown when the group member label fails to save due to a network error. -->
     <string name="GroupMemberLabel__error_cant_save_no_network">Couldn\'t save label. Check your network and try again.</string>
+    <!-- Error message shown when trying to edit a member label without adequate permission. -->
+    <string name="GroupMemberLabel__error_no_edit_permission">Only admins can add member labels in this group.</string>
     <!-- Accessibility label for the button to open the group member label emoji picker. -->
     <string name="GroupMemberLabel__accessibility_select_emoji">Select emoji</string>
     <!-- Accessibility label for the group member label close screen button. -->