add locked controls to settings.

internal/api/room/control.go

@@ -39,6 +39,10 @@ func (h *RoomHandler) controlRequest(w http.ResponseWriter, r *http.Request) err
 	}
 
 	session, _ := auth.GetSession(r)
+	if h.sessions.Settings().LockedControls && !session.Profile().IsAdmin {
+		return utils.HttpForbidden("controls are locked")
+	}
+
 	h.sessions.SetHost(session)
 
 	return utils.HttpSuccess(w)

internal/session/manager.go

@@ -20,6 +20,7 @@ func New(config *config.Session) *SessionManagerCtx {
 		config: config,
 		settings: types.Settings{
 			PrivateMode:       false, // By default disabled.
+			LockedControls:    false, // By default disabled.
 			ImplicitHosting:   config.ImplicitHosting,
 			InactiveCursors:   config.InactiveCursors,
 			MercifulReconnect: config.MercifulReconnect,
@@ -387,6 +388,15 @@ func (manager *SessionManagerCtx) UpdateSettings(new types.Settings) {
 		}
 	}
 
+	// if contols have been locked
+	if old.LockedControls != new.LockedControls && new.LockedControls {
+		// if the host is not admin, it must release controls
+		host, hasHost := manager.GetHost()
+		if hasHost && !host.Profile().IsAdmin {
+			manager.ClearHost()
+		}
+	}
+
 	manager.emmiter.Emit("settings_changed", new, old)
 }
 

internal/websocket/handler/control.go

@@ -40,6 +40,10 @@ func (h *MessageHandlerCtx) controlRequest(session types.Session) error {
 		return ErrIsAlreadyTheHost
 	}
 
+	if h.sessions.Settings().LockedControls && !session.Profile().IsAdmin {
+		return ErrIsNotAllowedToHost
+	}
+
 	if !h.sessions.Settings().ImplicitHosting {
 		// tell session if there is a host
 		if host, hasHost := h.sessions.GetHost(); hasHost {

pkg/types/session.go

@@ -30,6 +30,7 @@ type SessionState struct {
 
 type Settings struct {
 	PrivateMode       bool `json:"private_mode"`
+	LockedControls    bool `json:"locked_controls"`
 	ImplicitHosting   bool `json:"implicit_hosting"`
 	InactiveCursors   bool `json:"inactive_cursors"`
 	MercifulReconnect bool `json:"merciful_reconnect"`