check if user has permission to post, edit and delete messages

8ce88492 · vehjelmtvedt · 89b923b1 · 8ce88492
Commit 8ce88492 authored Nov 13, 2021 by vehjelmtvedt
--- a/src/main/java/inf226/inchat/Handler.java
+++ b/src/main/java/inf226/inchat/Handler.java
@@ -159,25 +159,40 @@ public class Handler extends AbstractHandler
                    if (!session.identity.equals(UUID.fromString(request.getParameter("CSRFToken")))) {return;}


-                    if(request.getParameter("newmessage") != null) {
+                    if(request.getParameter("newmessage") != null && hasPermission(inchat.getRole(account, channel).get(), "newmessage")) {
                        String message = (new Maybe<String>
                            (request.getParameter("message"))).get();
                        channel = inchat.postMessage(account,channel,message).get();
                    }
                    
                    if(request.getParameter("deletemessage") != null) {
+                        // Check if user has permission
+                        boolean permission = hasPermission(inchat.getRole(account, channel).get(), "deletemessage");
                        UUID messageId = 
                            UUID.fromString(Maybe.just(request.getParameter("message")).get());
                        Stored<Channel.Event> message = inchat.getEvent(messageId).get();
-                        channel = inchat.deleteEvent(channel, message);
+                        // Check if user owns this message
+                        boolean ownerOfMsg = message.value.sender.equals(account.value.user.value.userName.toString());
+                        if (permission || ownerOfMsg) {
+                            channel = inchat.deleteEvent(channel, message);
+                        } else {
+                            return;
+                        }
                    }
                    if(request.getParameter("editmessage") != null) {
+                        boolean permission = hasPermission(inchat.getRole(account, channel).get(), "editmessage");
                        String message = (new Maybe<String>
                            (request.getParameter("content"))).get();
                        UUID messageId = 
                            UUID.fromString(Maybe.just(request.getParameter("message")).get());
                        Stored<Channel.Event> event = inchat.getEvent(messageId).get();
-                        channel = inchat.editMessage(channel, event, message);
+                        // Check if user owns this message
+                        boolean ownerOfMsg = event.value.sender.equals(account.value.user.value.userName.toString());
+                        if (permission || ownerOfMsg) {
+                            channel = inchat.editMessage(channel, event, message);
+                        } else {
+                            return;
+                        }
                    }
                    if (request.getParameter("setpermission") != null){
                        String targetedUserName = request.getParameter("username");