Commit 121b77d6 authored by vehjelmtvedt's avatar vehjelmtvedt
Browse files

fix observer and banned access control

parent ecbf5bb9
......@@ -183,18 +183,20 @@ public class Handler extends AbstractHandler
if(request.getParameter("deletemessage") != null) {
// Check if user has permission
boolean permission = hasPermission(inchat.getRole(account, channel).get(), "deletemessage");
Role role = inchat.getRole(account, channel).get();
boolean permission = hasPermission(role, "deletemessage");
UUID messageId =
UUID.fromString(Maybe.just(request.getParameter("message")).get());
Stored<Channel.Event> message = inchat.getEvent(messageId).get();
// Check if user owns this message
boolean ownerOfMsg = message.value.sender.equals(account.value.user.value.userName.toString());
if (permission || ownerOfMsg) {
if (permission || (ownerOfMsg && !role.equals(Role.OBSERVER))) {
channel = inchat.deleteEvent(channel, message);
}
}
if(request.getParameter("editmessage") != null) {
boolean permission = hasPermission(inchat.getRole(account, channel).get(), "editmessage");
Role role = inchat.getRole(account, channel).get();
boolean permission = hasPermission(role, "editmessage");
String message = (new Maybe<String>
(request.getParameter("content"))).get();
......@@ -203,7 +205,7 @@ public class Handler extends AbstractHandler
Stored<Channel.Event> event = inchat.getEvent(messageId).get();
// Check if user owns this message
boolean ownerOfMsg = event.value.sender.equals(account.value.user.value.userName.toString());
if (permission || ownerOfMsg) {
if (permission || (ownerOfMsg && !role.equals(Role.OBSERVER))) {
channel = inchat.editMessage(channel, event, message);
}
}
......@@ -225,7 +227,12 @@ public class Handler extends AbstractHandler
printStandardTop(out, "inChat: " + alias);
out.println("<div class=\"main\">");
printChannelList(out, account.value, alias);
printChannel(out, channel, alias, session.identity);
// Only print channel if the user is not banned
if (!Util.lookupTriple(account.value.channels, channel.value.name).get().equals(Role.BANNED)) {
printChannel(out, channel, alias, session.identity);
} else {
out.println("<p> You are banned from this channel. <p>");
}
out.println("</div>");
out.println("</body>");
out.println("</html>");
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment