dani/vroom
1
0
Fork 0
mirror of https://github.com/dani/vroom.git synced 2024-06-29 15:03:41 +02:00
Code Issues Projects Releases Wiki Activity

Some cleanups in key/room/role association and checks

Browse Source
This commit is contained in:
Daniel Berteaud 2015-03-18 17:28:58 +01:00
parent 1edd844272
commit 54a2dce8bf
1 changed files with 15 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
vroom.pl
View File

@ -849,7 +849,7 @@ helper get_key_role => sub {
} }
# An admin key is considered owner of any room # An admin key is considered owner of any room
if ($key->{admin}){ if ($key->{admin}){
return 'owner'; return 'admin';
} }
# Now, lookup the DB the role of this key for this room # Now, lookup the DB the role of this key for this room
my $sth = eval { my $sth = eval {
@ -880,14 +880,14 @@ helper key_can_do_this => sub {
if ($actions->{anonymous}->{$data->{action}}){ if ($actions->{anonymous}->{$data->{action}}){
return 1; return 1;
} }
my $key = $self->get_key_by_token($data->{token}); my $role = $self->get_key_role($data->{token}, $data->{param}->{room});
if (!$key){ if (!$role){
$self->app->log->debug("Invalid API key"); $self->app->log->debug("Key " . $data->{token} . " has no role in room " . $data->{param}->{room});
return 0; return 0;
} }
# API key is an admin one ? # API key is an admin one ?
if ($key->{admin}){ if ($role eq 'admin'){
$self->app->log->debug("Admin API Key"); $self->app->log->debug("Admin API Key, every actions are allowed");
return 1; return 1;
} }
# Global actions can only be performed by admin keys # Global actions can only be performed by admin keys
@ -895,15 +895,14 @@ helper key_can_do_this => sub {
$self->app->log->debug("Invalid room ID"); $self->app->log->debug("Invalid room ID");
return 0; return 0;
} }
$key->{role} = $self->get_key_role($data->{token}, $data->{param}->{room});
$self->app->log->debug("Key role: " . $key->{role} . " and action: " . $data->{action}); $self->app->log->debug("Key role: " . $role . " and action: " . $data->{action});
# If this key has owner privileges on this room, allow both owner and partitipant actions # If this key has owner privileges on this room, allow both owner and partitipant actions
if ($key->{role} eq 'owner' && ($actions->{owner}->{$data->{action}} || $actions->{participant}->{$data->{action}})){ if ($role eq 'owner' && ($actions->{owner}->{$data->{action}} || $actions->{participant}->{$data->{action}})){
return 1; return 1;
} }
# If this key as simple partitipant priv in this room, only allow participant actions # If this key as simple partitipant priv in this room, only allow participant actions
elsif ($key->{role} eq 'participant' && $actions->{participant}->{$data->{action}}){ elsif ($role eq 'participant' && $actions->{participant}->{$data->{action}}){
return 1; return 1;
} }
# Else, deny # Else, deny
@ -1837,8 +1836,13 @@ any '/api' => sub {
} }
# Return just room config # Return just room config
elsif ($req->{action} eq 'get_room_conf'){ elsif ($req->{action} eq 'get_room_conf'){
my $resp = $self->get_room_conf($room);
my $role = $self->get_key_role($token,$room);
if (!$role || $role !~ m/admin|owner$/){
$resp->{notif} = {};
}
return $self->render( return $self->render(
json => $self->get_room_conf($room) json => $resp
); );
} }
# Return the role of a peer # Return the role of a peer