update auth middlewares.

internal/api/room/control.go

@@ -41,11 +41,6 @@ func (h *RoomHandler) controlRequest(w http.ResponseWriter, r *http.Request) {
 	}
 
 	session := auth.GetSession(r)
-	if !session.Profile().CanHost {
-		utils.HttpBadRequest(w, "Session is not allowed to host.")
-		return
-	}
-
 	h.sessions.SetHost(session)
 
 	utils.HttpSuccess(w)
@@ -58,11 +53,6 @@ func (h *RoomHandler) controlRelease(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if !session.Profile().CanHost {
-		utils.HttpBadRequest(w, "Session is not allowed to host.")
-		return
-	}
-
 	h.desktop.ResetKeys()
 	h.sessions.ClearHost()
 
@@ -71,11 +61,6 @@ func (h *RoomHandler) controlRelease(w http.ResponseWriter, r *http.Request) {
 
 func (h *RoomHandler) controlTake(w http.ResponseWriter, r *http.Request) {
 	session := auth.GetSession(r)
-	if !session.Profile().CanHost {
-		utils.HttpBadRequest(w, "Session is not allowed to host.")
-		return
-	}
-
 	h.sessions.SetHost(session)
 
 	utils.HttpSuccess(w)

internal/api/room/handler.go

@@ -37,7 +37,7 @@ func (h *RoomHandler) Route(r chi.Router) {
 		r.Post("/stop", h.boradcastStop)
 	})
 
-	r.With(auth.HostsOnly).Route("/clipboard", func(r chi.Router) {
+	r.With(auth.CanAccessClipboardOnly).With(auth.HostsOnly).Route("/clipboard", func(r chi.Router) {
 		r.Get("/", h.clipboardGetText)
 		r.Post("/", h.clipboardSetText)
 		r.Get("/image.png", h.clipboardGetImage)
@@ -52,7 +52,7 @@ func (h *RoomHandler) Route(r chi.Router) {
 		//r.Get("/targets", h.clipboardGetTargets)
 	})
 
-	r.Route("/keyboard", func(r chi.Router) {
+	r.With(auth.CanHostOnly).Route("/keyboard", func(r chi.Router) {
 		r.Get("/map", h.keyboardMapGet)
 		r.With(auth.HostsOnly).Post("/map", h.keyboardMapSet)
 
@@ -60,7 +60,7 @@ func (h *RoomHandler) Route(r chi.Router) {
 		r.With(auth.HostsOnly).Post("/modifiers", h.keyboardModifiersSet)
 	})
 
-	r.Route("/control", func(r chi.Router) {
+	r.With(auth.CanHostOnly).Route("/control", func(r chi.Router) {
 		r.Get("/", h.controlStatus)
 		r.Post("/request", h.controlRequest)
 		r.Post("/release", h.controlRelease)
@@ -70,13 +70,13 @@ func (h *RoomHandler) Route(r chi.Router) {
 		r.With(auth.AdminsOnly).Post("/reset", h.controlReset)
 	})
 
-	r.Route("/screen", func(r chi.Router) {
-		r.With(auth.CanWatchOnly).Get("/", h.screenConfiguration)
-		r.With(auth.CanWatchOnly).Get("/shot.jpg", h.screenShotGet)
-		r.With(auth.CanWatchOnly).Get("/cast.jpg", h.screenCastGet)
-
+	r.With(auth.CanWatchOnly).Route("/screen", func(r chi.Router) {
+		r.Get("/", h.screenConfiguration)
 		r.With(auth.AdminsOnly).Post("/", h.screenConfigurationChange)
 		r.With(auth.AdminsOnly).Get("/configurations", h.screenConfigurationsList)
+
+		r.Get("/cast.jpg", h.screenCastGet)
+		r.With(auth.AdminsOnly).Get("/shot.jpg", h.screenShotGet)
 	})
 
 	r.With(h.uploadMiddleware).Route("/upload", func(r chi.Router) {

internal/http/auth/auth.go

@@ -45,11 +45,11 @@ func HostsOnly(next http.Handler) http.Handler {
 	})
 }
 
-func HostsOrAdminsOnly(next http.Handler) http.Handler {
+func CanWatchOnly(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		session := GetSession(r)
-		if !session.IsHost() && !session.Profile().IsAdmin {
-			utils.HttpForbidden(w, "Only host can do this.")
+		if !session.Profile().CanWatch {
+			utils.HttpForbidden(w, "Only for sessions, that can watch.")
 		} else {
 			next.ServeHTTP(w, r)
 		}
@@ -67,11 +67,11 @@ func CanHostOnly(next http.Handler) http.Handler {
 	})
 }
 
-func CanWatchOnly(next http.Handler) http.Handler {
+func CanAccessClipboardOnly(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		session := GetSession(r)
-		if !session.Profile().CanWatch {
-			utils.HttpForbidden(w, "Only for sessions, that can watch.")
+		if !session.Profile().CanAccessClipboard {
+			utils.HttpForbidden(w, "Only for sessions, that can access clipboard.")
 		} else {
 			next.ServeHTTP(w, r)
 		}