diff --git a/internal/op/room.go b/internal/op/room.go index a86c381..633d4a5 100644 --- a/internal/op/room.go +++ b/internal/op/room.go @@ -71,8 +71,8 @@ func (r *Room) AddMovie(m model.Movie) error { return r.movies.Add(&m) } -func (r *Room) HasPermission(user *model.User, permission model.Permission) bool { - ur, err := db.GetRoomUserRelation(r.ID, user.ID) +func (r *Room) HasPermission(userID uint, permission model.Permission) bool { + ur, err := db.GetRoomUserRelation(r.ID, userID) if err != nil { return false } diff --git a/internal/op/rooms.go b/internal/op/rooms.go index 047e2df..94613da 100644 --- a/internal/op/rooms.go +++ b/internal/op/rooms.go @@ -46,19 +46,20 @@ func LoadOrInitRoom(room *model.Room) (*Room, bool) { }) } -func DeleteRoom(room *Room) error { - room.close() - roomCache.Delete(room.ID) - return db.DeleteRoomByID(room.ID) +func DeleteRoom(roomID uint) error { + err := db.DeleteRoomByID(roomID) + if err != nil { + return err + } + return CloseRoom(roomID) } -func DeleteRoomByID(id uint) error { - r, ok := roomCache.LoadAndDelete(id) - if ok { +func CloseRoom(roomID uint) error { + r, loaded := roomCache.LoadAndDelete(roomID) + if loaded { r.close() } - - return db.DeleteRoomByID(r.ID) + return nil } func LoadRoomByID(id uint) (*Room, error) { diff --git a/internal/op/user.go b/internal/op/user.go index afe5456..fb63f0e 100644 --- a/internal/op/user.go +++ b/internal/op/user.go @@ -22,13 +22,24 @@ func (u *User) NewMovie(movie model.MovieInfo) model.Movie { } } -func (u *User) HasPermission(room *Room, permission model.Permission) bool { - return room.HasPermission(&u.User, permission) +func (u *User) HasPermission(roomID uint, permission model.Permission) bool { + ur, err := db.GetRoomUserRelation(roomID, u.ID) + if err != nil { + return false + } + return ur.HasPermission(permission) +} + +func (u *User) DeleteRoom(roomID uint) error { + if !u.HasPermission(roomID, model.CanDeleteRoom) { + return errors.New("no permission") + } + return DeleteRoom(roomID) } -func (u *User) DeleteRoom(room *Room) error { - if !u.HasPermission(room, model.CanDeleteRoom) { +func (u *User) SetRoomPassword(roomID uint, password string) error { + if !u.HasPermission(roomID, model.CanSetRoomPassword) { return errors.New("no permission") } - return DeleteRoom(room) + return SetRoomPassword(roomID, password) } diff --git a/server/handlers/movie.go b/server/handlers/movie.go index 34805fe..83c8b40 100644 --- a/server/handlers/movie.go +++ b/server/handlers/movie.go @@ -159,7 +159,7 @@ func NewPublishKey(ctx *gin.Context) { return } - if !user.HasPermission(room, dbModel.CanCreateUserPublishKey) && movie.CreatorID != user.ID { + if !user.HasPermission(room.ID, dbModel.CanCreateUserPublishKey) && movie.CreatorID != user.ID { ctx.AbortWithStatus(http.StatusForbidden) return } diff --git a/server/handlers/room.go b/server/handlers/room.go index d68d542..da77b6a 100644 --- a/server/handlers/room.go +++ b/server/handlers/room.go @@ -8,7 +8,6 @@ import ( "github.com/gin-gonic/gin" "github.com/synctv-org/synctv/internal/db" - dbModel "github.com/synctv-org/synctv/internal/model" "github.com/synctv-org/synctv/internal/op" "github.com/synctv-org/synctv/server/middlewares" "github.com/synctv-org/synctv/server/model" @@ -208,14 +207,8 @@ func DeleteRoom(ctx *gin.Context) { room := ctx.MustGet("room").(*op.Room) user := ctx.MustGet("user").(*op.User) - if !user.HasPermission(room, dbModel.CanDeleteRoom) { - ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorStringResp("you don't have permission to delete room")) - return - } - - err := op.DeleteRoom(room) - if err != nil { - ctx.AbortWithStatusJSON(http.StatusInternalServerError, model.NewApiErrorResp(err)) + if err := user.DeleteRoom(room.ID); err != nil { + ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorResp(err)) return } @@ -226,18 +219,18 @@ func SetRoomPassword(ctx *gin.Context) { room := ctx.MustGet("room").(*op.Room) user := ctx.MustGet("user").(*op.User) - if !user.HasPermission(room, dbModel.CanSetRoomPassword) { - ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorStringResp("you don't have permission to set room password")) - return - } - req := model.SetRoomPasswordReq{} if err := model.Decode(ctx, &req); err != nil { ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err)) return } - token, err := middlewares.NewAuthUserToken(user) + if err := user.SetRoomPassword(room.ID, req.Password); err != nil { + ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorResp(err)) + return + } + + token, err := middlewares.NewAuthRoomToken(user, room) if err != nil { ctx.AbortWithStatusJSON(http.StatusInternalServerError, model.NewApiErrorResp(err)) return