+ CanHost.

2024-07-24 14:40:50 +12:00 · 2020-12-06 18:50:41 +01:00 · 2020-12-06 18:50:41 +01:00 · 5edd9dc97a
commit 5edd9dc97a
parent 92aa717a8d
3 changed files with 32 additions and 3 deletions
--- a/internal/api/room/control.go
+++ b/internal/api/room/control.go
@ -41,6 +41,11 @@ func (h *RoomHandler) controlRequest(w http.ResponseWriter, r *http.Request) {
 	}

 	session := auth.GetSession(r)
+	if !session.CanHost() {
+		utils.HttpBadRequest(w, "Member is not allowed to host.")
+		return
+	}
+
 	h.sessions.SetHost(session)

 	h.sessions.Broadcast(
@ -56,7 +61,12 @@ func (h *RoomHandler) controlRequest(w http.ResponseWriter, r *http.Request) {
 func (h *RoomHandler) controlRelease(w http.ResponseWriter, r *http.Request) {
 	session := auth.GetSession(r)
 	if !session.IsHost() {
-		utils.HttpUnprocessableEntity(w, "User is not the host.")
+		utils.HttpUnprocessableEntity(w, "Member is not the host.")
+		return
+	}
+
+	if !session.CanHost() {
+		utils.HttpBadRequest(w, "Member is not allowed to host.")
 		return
 	}

@ -74,6 +84,10 @@ func (h *RoomHandler) controlRelease(w http.ResponseWriter, r *http.Request) {

 func (h *RoomHandler) controlTake(w http.ResponseWriter, r *http.Request) {
 	session := auth.GetSession(r)
+	if !session.CanHost() {
+		utils.HttpBadRequest(w, "Member is not allowed to host.")
+		return
+	}

 	h.sessions.SetHost(session)

@ -95,7 +109,12 @@ func (h *RoomHandler) controlGive(w http.ResponseWriter, r *http.Request) {

 	target, ok := h.sessions.Get(data.ID)
 	if !ok {
-		utils.HttpBadRequest(w, "Target user was not found.")
+		utils.HttpBadRequest(w, "Target member was not found.")
+		return
+	}
+
+	if !target.CanHost() {
+		utils.HttpBadRequest(w, "Target member is not allowed to host.")
 		return
 	}

--- a/internal/session/manager.go
+++ b/internal/session/manager.go
@ -68,7 +68,7 @@ func (manager *SessionManagerCtx) Connect() error {
 		_ = manager.add(id, profile)
 	}

-	// TODO: Move to Database, or make `admin` as reserved user.
+	// TODO: Move to Database, or make `admin` as reserved ID.

 	// create default admin account at startup
 	_ = manager.add("admin", types.MemberProfile{
--- a/internal/websocket/handler/control.go
+++ b/internal/websocket/handler/control.go
@ -7,6 +7,11 @@ import (
 )

 func (h *MessageHandlerCtx) controlRelease(session types.Session) error {
+	if !session.CanHost() {
+		h.logger.Debug().Str("id", session.ID()).Msg("is not allowed to host")
+		return nil
+	}
+
 	if !session.IsHost() {
 		h.logger.Debug().Str("id", session.ID()).Msg("is not the host")
 		return nil
@ -25,6 +30,11 @@ func (h *MessageHandlerCtx) controlRelease(session types.Session) error {
 }

 func (h *MessageHandlerCtx) controlRequest(session types.Session) error {
+	if !session.CanHost() {
+		h.logger.Debug().Str("id", session.ID()).Msg("is not allowed to host")
+		return nil
+	}
+
 	if session.IsHost() {
 		h.logger.Debug().Str("id", session.ID()).Msg("is already the host")
 		return nil