implement control protection.

2024-07-24 14:40:50 +12:00 · 2024-04-21 20:10:16 +02:00
parent 3ee6078256
commit 0f45aa3f19
4 changed files with 91 additions and 1 deletions
--- a/internal/session/manager.go
+++ b/internal/session/manager.go
@ -21,7 +21,8 @@ func New(config *config.Session) *SessionManagerCtx {
 		settings: types.Settings{
 			PrivateMode:       config.PrivateMode,
 			LockedLogins:      config.LockedLogins,
-			LockedControls:    config.LockedControls,
+			LockedControls:    config.LockedControls || config.ControlProtection,
+			ControlProtection: config.ControlProtection,
 			ImplicitHosting:   config.ImplicitHosting,
 			InactiveCursors:   config.InactiveCursors,
 			MercifulReconnect: config.MercifulReconnect,
@ -194,6 +195,17 @@ func (manager *SessionManagerCtx) List() []types.Session {
 	return sessions
 }

+func (manager *SessionManagerCtx) Range(f func(session types.Session) bool) {
+	manager.sessionsMu.Lock()
+	defer manager.sessionsMu.Unlock()
+
+	for _, session := range manager.sessions {
+		if !f(session) {
+			return
+		}
+	}
+}
+
 // ---
 // host
 // ---
@ -371,6 +383,23 @@ func (manager *SessionManagerCtx) UpdateSettings(new types.Settings) {
 	manager.settings = new
 	manager.settingsMu.Unlock()

+	manager.updateSettings(new, old)
+}
+
+func (manager *SessionManagerCtx) UpdateSettingsFunc(f func(settings *types.Settings) bool) {
+	manager.settingsMu.Lock()
+	new := manager.settings
+	if f(&new) {
+		old := manager.settings
+		manager.settings = new
+		manager.settingsMu.Unlock()
+		manager.updateSettings(new, old)
+		return
+	}
+	manager.settingsMu.Unlock()
+}
+
+func (manager *SessionManagerCtx) updateSettings(new, old types.Settings) {
 	// if private mode changed
 	if old.PrivateMode != new.PrivateMode {
 		// update webrtc paused state for all sessions
@ -389,6 +418,26 @@ func (manager *SessionManagerCtx) UpdateSettings(new types.Settings) {
 		}
 	}

+	// if control protection changed and controls are not locked
+	if old.ControlProtection != new.ControlProtection && new.ControlProtection && !new.LockedControls {
+		// if there is no admin, lock controls
+		hasAdmin := false
+		manager.Range(func(session types.Session) bool {
+			if session.Profile().IsAdmin && session.State().IsConnected {
+				hasAdmin = true
+				return false
+			}
+			return true
+		})
+
+		if !hasAdmin {
+			manager.settingsMu.Lock()
+			manager.settings.LockedControls = true
+			new.LockedControls = true
+			manager.settingsMu.Unlock()
+		}
+	}
+
 	// if contols have been locked
 	if old.LockedControls != new.LockedControls && new.LockedControls {
 		// if the host is not admin, it must release controls