Commit 8ce88492 authored by vehjelmtvedt's avatar vehjelmtvedt
Browse files

check if user has permission to post, edit and delete messages

parent 89b923b1
......@@ -159,25 +159,40 @@ public class Handler extends AbstractHandler
if (!session.identity.equals(UUID.fromString(request.getParameter("CSRFToken")))) {return;}
if(request.getParameter("newmessage") != null) {
if(request.getParameter("newmessage") != null && hasPermission(inchat.getRole(account, channel).get(), "newmessage")) {
String message = (new Maybe<String>
(request.getParameter("message"))).get();
channel = inchat.postMessage(account,channel,message).get();
}
if(request.getParameter("deletemessage") != null) {
// Check if user has permission
boolean permission = hasPermission(inchat.getRole(account, channel).get(), "deletemessage");
UUID messageId =
UUID.fromString(Maybe.just(request.getParameter("message")).get());
Stored<Channel.Event> message = inchat.getEvent(messageId).get();
channel = inchat.deleteEvent(channel, message);
// Check if user owns this message
boolean ownerOfMsg = message.value.sender.equals(account.value.user.value.userName.toString());
if (permission || ownerOfMsg) {
channel = inchat.deleteEvent(channel, message);
} else {
return;
}
}
if(request.getParameter("editmessage") != null) {
boolean permission = hasPermission(inchat.getRole(account, channel).get(), "editmessage");
String message = (new Maybe<String>
(request.getParameter("content"))).get();
UUID messageId =
UUID.fromString(Maybe.just(request.getParameter("message")).get());
Stored<Channel.Event> event = inchat.getEvent(messageId).get();
channel = inchat.editMessage(channel, event, message);
// Check if user owns this message
boolean ownerOfMsg = event.value.sender.equals(account.value.user.value.userName.toString());
if (permission || ownerOfMsg) {
channel = inchat.editMessage(channel, event, message);
} else {
return;
}
}
if (request.getParameter("setpermission") != null){
String targetedUserName = request.getParameter("username");
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment