aiden
/
synctv
mirror of https://github.com/synctv-org/synctv
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix: set room password gen token error

Browse Source
pull/21/head
zijiren233 2 years ago
parent 2111d3bc31
commit 9eea775185
5 changed files with 37 additions and 32 deletions
Show Stats Download Patch File Download Diff File

4
internal/op/room.go
Unescape Escape View File

@ -71,8 +71,8 @@ func (r *Room) AddMovie(m model.Movie) error {
return r.movies.Add(&m) return r.movies.Add(&m)
} }
func (r *Room) HasPermission(user *model.User, permission model.Permission) bool { func (r *Room) HasPermission(userID uint, permission model.Permission) bool {
ur, err := db.GetRoomUserRelation(r.ID, user.ID) ur, err := db.GetRoomUserRelation(r.ID, userID)
if err != nil { if err != nil {
return false return false
} }

19
internal/op/rooms.go
Unescape Escape View File

@ -46,19 +46,20 @@ func LoadOrInitRoom(room *model.Room) (*Room, bool) {
}) })
} }
func DeleteRoom(room *Room) error { func DeleteRoom(roomID uint) error {
room.close() err := db.DeleteRoomByID(roomID)
roomCache.Delete(room.ID) if err != nil {
return db.DeleteRoomByID(room.ID) return err
}
return CloseRoom(roomID)
} }
func DeleteRoomByID(id uint) error { func CloseRoom(roomID uint) error {
r, ok := roomCache.LoadAndDelete(id) r, loaded := roomCache.LoadAndDelete(roomID)
if ok { if loaded {
r.close() r.close()
} }
return nil
return db.DeleteRoomByID(r.ID)
} }
func LoadRoomByID(id uint) (*Room, error) { func LoadRoomByID(id uint) (*Room, error) {

21
internal/op/user.go
Unescape Escape View File

@ -22,13 +22,24 @@ func (u *User) NewMovie(movie model.MovieInfo) model.Movie {
} }
} }
func (u *User) HasPermission(room *Room, permission model.Permission) bool { func (u *User) HasPermission(roomID uint, permission model.Permission) bool {
return room.HasPermission(&u.User, permission) ur, err := db.GetRoomUserRelation(roomID, u.ID)
if err != nil {
return false
}
return ur.HasPermission(permission)
}
func (u *User) DeleteRoom(roomID uint) error {
if !u.HasPermission(roomID, model.CanDeleteRoom) {
return errors.New("no permission")
}
return DeleteRoom(roomID)
} }
func (u *User) DeleteRoom(room *Room) error { func (u *User) SetRoomPassword(roomID uint, password string) error {
if !u.HasPermission(room, model.CanDeleteRoom) { if !u.HasPermission(roomID, model.CanSetRoomPassword) {
return errors.New("no permission") return errors.New("no permission")
} }
return DeleteRoom(room) return SetRoomPassword(roomID, password)
} }

2
server/handlers/movie.go
Unescape Escape View File

@ -159,7 +159,7 @@ func NewPublishKey(ctx *gin.Context) {
return return
} }
if !user.HasPermission(room, dbModel.CanCreateUserPublishKey) && movie.CreatorID != user.ID { if !user.HasPermission(room.ID, dbModel.CanCreateUserPublishKey) && movie.CreatorID != user.ID {
ctx.AbortWithStatus(http.StatusForbidden) ctx.AbortWithStatus(http.StatusForbidden)
return return
} }

23
server/handlers/room.go
Unescape Escape View File

@ -8,7 +8,6 @@ import (
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
"github.com/synctv-org/synctv/internal/db" "github.com/synctv-org/synctv/internal/db"
dbModel "github.com/synctv-org/synctv/internal/model"
"github.com/synctv-org/synctv/internal/op" "github.com/synctv-org/synctv/internal/op"
"github.com/synctv-org/synctv/server/middlewares" "github.com/synctv-org/synctv/server/middlewares"
"github.com/synctv-org/synctv/server/model" "github.com/synctv-org/synctv/server/model"
@ -208,14 +207,8 @@ func DeleteRoom(ctx *gin.Context) {
room := ctx.MustGet("room").(*op.Room) room := ctx.MustGet("room").(*op.Room)
user := ctx.MustGet("user").(*op.User) user := ctx.MustGet("user").(*op.User)
if !user.HasPermission(room, dbModel.CanDeleteRoom) { if err := user.DeleteRoom(room.ID); err != nil {
ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorStringResp("you don't have permission to delete room")) ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorResp(err))
return
}
err := op.DeleteRoom(room)
if err != nil {
ctx.AbortWithStatusJSON(http.StatusInternalServerError, model.NewApiErrorResp(err))
return return
} }
@ -226,18 +219,18 @@ func SetRoomPassword(ctx *gin.Context) {
room := ctx.MustGet("room").(*op.Room) room := ctx.MustGet("room").(*op.Room)
user := ctx.MustGet("user").(*op.User) user := ctx.MustGet("user").(*op.User)
if !user.HasPermission(room, dbModel.CanSetRoomPassword) {
ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorStringResp("you don't have permission to set room password"))
return
}
req := model.SetRoomPasswordReq{} req := model.SetRoomPasswordReq{}
if err := model.Decode(ctx, &req); err != nil { if err := model.Decode(ctx, &req); err != nil {
ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err)) ctx.AbortWithStatusJSON(http.StatusBadRequest, model.NewApiErrorResp(err))
return return
} }
token, err := middlewares.NewAuthUserToken(user) if err := user.SetRoomPassword(room.ID, req.Password); err != nil {
ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorResp(err))
return
}
token, err := middlewares.NewAuthRoomToken(user, room)
if err != nil { if err != nil {
ctx.AbortWithStatusJSON(http.StatusInternalServerError, model.NewApiErrorResp(err)) ctx.AbortWithStatusJSON(http.StatusInternalServerError, model.NewApiErrorResp(err))
return return

Write Preview
Loading…
Cancel
Save