aiden
/
synctv
mirror of https://github.com/synctv-org/synctv
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix: set room password gen token error

Browse Source
pull/21/head
zijiren233 1 year ago
parent 2111d3bc31
commit 9eea775185
5 changed files with 37 additions and 32 deletions
Show Stats Download Patch File Download Diff File

4
internal/op/room.go
Unescape Escape View File

@ -71,8 +71,8 @@ func (r *Room) AddMovie(m model.Movie) error {
return r.movies.Add(&m)
}
func (r *Room) HasPermission(user *model.User, permission model.Permission) bool {
ur, err := db.GetRoomUserRelation(r.ID, user.ID)
func (r *Room) HasPermission(userID uint, permission model.Permission) bool {
ur, err := db.GetRoomUserRelation(r.ID, userID)
if err != nil {
return false
}

19
internal/op/rooms.go
Unescape Escape View File

@ -46,19 +46,20 @@ func LoadOrInitRoom(room *model.Room) (*Room, bool) {
})
}
func DeleteRoom(room *Room) error {
room.close()
roomCache.Delete(room.ID)
return db.DeleteRoomByID(room.ID)
func DeleteRoom(roomID uint) error {
err := db.DeleteRoomByID(roomID)
if err != nil {
return err
}
return CloseRoom(roomID)
}
func DeleteRoomByID(id uint) error {
r, ok := roomCache.LoadAndDelete(id)
if ok {
func CloseRoom(roomID uint) error {
r, loaded := roomCache.LoadAndDelete(roomID)
if loaded {
r.close()
}
return db.DeleteRoomByID(r.ID)
return nil
}
func LoadRoomByID(id uint) (*Room, error) {

21
internal/op/user.go
Unescape Escape View File

@ -22,13 +22,24 @@ func (u *User) NewMovie(movie model.MovieInfo) model.Movie {
}
}
func (u *User) HasPermission(room *Room, permission model.Permission) bool {
return room.HasPermission(&u.User, permission)
func (u *User) HasPermission(roomID uint, permission model.Permission) bool {
ur, err := db.GetRoomUserRelation(roomID, u.ID)
if err != nil {
return false
}
return ur.HasPermission(permission)
}
func (u *User) DeleteRoom(roomID uint) error {
if !u.HasPermission(roomID, model.CanDeleteRoom) {
return errors.New("no permission")
}
return DeleteRoom(roomID)
}
func (u *User) DeleteRoom(room *Room) error {
if !u.HasPermission(room, model.CanDeleteRoom) {
func (u *User) SetRoomPassword(roomID uint, password string) error {
if !u.HasPermission(roomID, model.CanSetRoomPassword) {
return errors.New("no permission")
}
return DeleteRoom(room)
return SetRoomPassword(roomID, password)
}

2
server/handlers/movie.go
Unescape Escape View File

@ -159,7 +159,7 @@ func NewPublishKey(ctx *gin.Context) {
return
}
if !user.HasPermission(room, dbModel.CanCreateUserPublishKey) && movie.CreatorID != user.ID {
if !user.HasPermission(room.ID, dbModel.CanCreateUserPublishKey) && movie.CreatorID != user.ID {
ctx.AbortWithStatus(http.StatusForbidden)
return
}

23
server/handlers/room.go
Unescape Escape View File

@ -8,7 +8,6 @@ import (
"github.com/gin-gonic/gin"
"github.com/synctv-org/synctv/internal/db"
dbModel "github.com/synctv-org/synctv/internal/model"
"github.com/synctv-org/synctv/internal/op"
"github.com/synctv-org/synctv/server/middlewares"
"github.com/synctv-org/synctv/server/model"
@ -208,14 +207,8 @@ func DeleteRoom(ctx *gin.Context) {
room := ctx.MustGet("room").(*op.Room)
user := ctx.MustGet("user").(*op.User)
if !user.HasPermission(room, dbModel.CanDeleteRoom) {
ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorStringResp("you don't have permission to delete room"))
return
}
err := op.DeleteRoom(room)
if err != nil {
ctx.AbortWithStatusJSON(http.StatusInternalServerError, model.NewApiErrorResp(err))
if err := user.DeleteRoom(room.ID); err != nil {
ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorResp(err))
return
}
@ -226,18 +219,18 @@ func SetRoomPassword(ctx *gin.Context) {
room := ctx.MustGet("room").(*op.Room)
user := ctx.MustGet("user").(*op.User)
if !user.HasPermission(room, dbModel.CanSetRoomPassword) {
ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorStringResp("you don't have permission to set room password"))
return
}
req := model.SetRoomPasswordReq{}
if err := model.Decode(ctx, &req); err != nil {
ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))
return
}
token, err := middlewares.NewAuthUserToken(user)
if err := user.SetRoomPassword(room.ID, req.Password); err != nil {
ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorResp(err))
return
}
token, err := middlewares.NewAuthRoomToken(user, room)
if err != nil {
ctx.AbortWithStatusJSON(http.StatusInternalServerError, model.NewApiErrorResp(err))
return

Write Preview
Loading…
Cancel
Save