Fix: admin api disable on guess user

1 year ago · 06c66229fc
parent 8c012375a1
commit 06c66229fc
6 changed files with 97 additions and 31 deletions
--- a/internal/db/user.go
+++ b/internal/db/user.go
@ -386,13 +386,18 @@ func GetRoots() []*model.User {
 	return users
 }

-func SetRole(u *model.User, role model.Role) error {
-	u.Role = role
-	return SaveUser(u)
+func SetAdminRoleByID(userID string) error {
+	err := db.Model(&model.User{}).Where("id = ?", userID).Update("role", model.RoleAdmin).Error
+	return HandleNotFound(err, "user")
+}
+
+func SetRootRoleByID(userID string) error {
+	err := db.Model(&model.User{}).Where("id = ?", userID).Update("role", model.RoleRoot).Error
+	return HandleNotFound(err, "user")
 }

-func SetRoleByID(userID string, role model.Role) error {
-	err := db.Model(&model.User{}).Where("id = ?", userID).Update("role", role).Error
+func SetUserRoleByID(userID string) error {
+	err := db.Model(&model.User{}).Where("id = ?", userID).Update("role", model.RoleUser).Error
 	return HandleNotFound(err, "user")
 }

--- a/internal/op/room.go
+++ b/internal/op/room.go
@ -156,7 +156,7 @@ func (r *Room) HasPermission(userID string, permission model.RoomMemberPermissio
 }

 func (r *Room) HasAdminPermission(userID string, permission model.RoomAdminPermission) bool {
-	if r.CreatorID == userID {
+	if r.IsCreator(userID) {
 		return true
 	}

@ -467,30 +467,33 @@ func (r *Room) ResetMemberPermissions(userID string) error {
 }

 func (r *Room) SetMemberPermissions(userID string, permissions model.RoomMemberPermission) error {
-	if r.IsGuest(userID) {
-		return errors.New("cannot set guest permissions")
+	if r.IsCreator(userID) {
+		return errors.New("you are creator, cannot set permissions")
 	}
 	defer r.members.Delete(userID)
 	return db.SetMemberPermissions(r.ID, userID, permissions)
 }

 func (r *Room) AddMemberPermissions(userID string, permissions model.RoomMemberPermission) error {
-	if r.IsGuest(userID) {
-		return errors.New("cannot add guest permissions")
+	if r.IsCreator(userID) {
+		return errors.New("you are creator, cannot add permissions")
 	}
 	defer r.members.Delete(userID)
 	return db.AddMemberPermissions(r.ID, userID, permissions)
 }

 func (r *Room) RemoveMemberPermissions(userID string, permissions model.RoomMemberPermission) error {
-	if r.IsGuest(userID) {
-		return errors.New("cannot remove guest permissions")
+	if r.IsCreator(userID) {
+		return errors.New("you are creator, cannot remove permissions")
 	}
 	defer r.members.Delete(userID)
 	return db.RemoveMemberPermissions(r.ID, userID, permissions)
 }

 func (r *Room) ApprovePendingMember(userID string) error {
+	if r.IsCreator(userID) {
+		return errors.New("you are creator, cannot approve")
+	}
 	defer r.members.Delete(userID)
 	return db.RoomApprovePendingMember(r.ID, userID)
 }
@ -519,6 +522,9 @@ func (r *Room) ResetAdminPermissions(userID string) error {
 }

 func (r *Room) SetAdminPermissions(userID string, permissions model.RoomAdminPermission) error {
+	if r.IsGuest(userID) {
+		return errors.New("cannot set admin permissions to guest")
+	}
 	if member, err := r.LoadRoomMember(userID); err != nil {
 		return err
 	} else if !member.Role.IsAdmin() {
@ -529,6 +535,9 @@ func (r *Room) SetAdminPermissions(userID string, permissions model.RoomAdminPer
 }

 func (r *Room) AddAdminPermissions(userID string, permissions model.RoomAdminPermission) error {
+	if r.IsGuest(userID) {
+		return errors.New("cannot add admin permissions to guest")
+	}
 	if member, err := r.LoadRoomMember(userID); err != nil {
 		return err
 	} else if !member.Role.IsAdmin() {
@ -539,6 +548,9 @@ func (r *Room) AddAdminPermissions(userID string, permissions model.RoomAdminPer
 }

 func (r *Room) RemoveAdminPermissions(userID string, permissions model.RoomAdminPermission) error {
+	if r.IsGuest(userID) {
+		return errors.New("cannot remove admin permissions from guest")
+	}
 	if member, err := r.LoadRoomMember(userID); err != nil {
 		return err
 	} else if !member.Role.IsAdmin() {
--- a/internal/op/user.go
+++ b/internal/op/user.go
@ -66,6 +66,9 @@ func (u *User) CheckVersion(version uint32) bool {
 }

 func (u *User) SetPassword(password string) error {
+	if u.IsGuest() {
+		return errors.New("guest cannot set password")
+	}
 	if u.CheckPassword(password) {
 		return errors.New("password is the same")
 	}
@ -79,9 +82,6 @@ func (u *User) SetPassword(password string) error {
 }

 func (u *User) CreateRoom(name, password string, conf ...db.CreateRoomConfig) (*RoomEntry, error) {
-	if u.IsBanned() {
-		return nil, errors.New("user banned")
-	}
 	if u.IsAdmin() {
 		conf = append(conf, db.WithStatus(model.RoomStatusActive))
 	} else {
@ -208,6 +208,9 @@ func (u *User) HasRoomAdminPermission(room *Room, permission model.RoomAdminPerm
 	if u.IsAdmin() {
 		return true
 	}
+	if u.IsGuest() {
+		return false
+	}
 	return room.HasAdminPermission(u.ID, permission)
 }

@ -236,11 +239,55 @@ func (u *User) SetRoomPassword(room *Room, password string) error {
 	return room.SetPassword(password)
 }

-func (u *User) SetRole(role model.Role) error {
-	if err := db.SetRoleByID(u.ID, role); err != nil {
+func (u *User) SetUserRole() error {
+	if u.IsGuest() {
+		return errors.New("cannot set guest role")
+	}
+	if err := db.SetUserRoleByID(u.ID); err != nil {
+		return err
+	}
+	u.Role = model.RoleUser
+	return nil
+}
+
+func (u *User) SetAdminRole() error {
+	if u.IsGuest() {
+		return errors.New("guest cannot be admin")
+	}
+	if err := db.SetAdminRoleByID(u.ID); err != nil {
+		return err
+	}
+	u.Role = model.RoleAdmin
+	return nil
+}
+
+func (u *User) SetRootRole() error {
+	if u.IsGuest() {
+		return errors.New("guest cannot be root")
+	}
+	if err := db.SetRootRoleByID(u.ID); err != nil {
+		return err
+	}
+	u.Role = model.RoleRoot
+	return nil
+}
+
+func (u *User) Ban() error {
+	if u.IsGuest() {
+		return errors.New("guest cannot be banned")
+	}
+	if err := db.BanUserByID(u.ID); err != nil {
+		return err
+	}
+	u.Role = model.RoleBanned
+	return nil
+}
+
+func (u *User) Unban() error {
+	if err := db.UnbanUserByID(u.ID); err != nil {
 		return err
 	}
-	u.Role = role
+	u.Role = model.RoleUser
 	return nil
 }

@ -253,14 +300,10 @@ func (u *User) SetUsername(username string) error {
 }

 func (u *User) UpdateRoomMovie(room *Room, movieID string, movie *model.BaseMovie) error {
-	m, err := room.GetMovieByID(movieID)
-	if err != nil {
-		return err
-	}
-	if m.Movie.CreatorID != u.ID && !u.HasRoomPermission(room, model.PermissionEditMovie) {
+	if !u.HasRoomPermission(room, model.PermissionEditMovie) {
 		return model.ErrNoPermission
 	}
-	err = room.UpdateMovie(movieID, movie)
+	err := room.UpdateMovie(movieID, movie)
 	if err != nil {
 		return err
 	}
--- a/internal/op/users.go
+++ b/internal/op/users.go
@ -122,7 +122,11 @@ func GetUserByProvider(p provider.OAuth2Provider, pid string) (*UserEntry, error
 }

 func CompareAndDeleteUser(user *UserEntry) error {
-	err := db.DeleteUserByID(user.Value().ID)
+	id := user.Value().ID
+	if id == db.GuestUserID {
+		return errors.New("cannot delete guest user")
+	}
+	err := db.DeleteUserByID(id)
 	if err != nil {
 		return err
 	}
@ -130,6 +134,9 @@ func CompareAndDeleteUser(user *UserEntry) error {
 }

 func DeleteUserByID(id string) error {
+	if id == db.GuestUserID {
+		return errors.New("cannot delete guest user")
+	}
 	err := db.DeleteUserByID(id)
 	if err != nil {
 		return err
--- a/server/handlers/admin.go
+++ b/server/handlers/admin.go
@ -349,7 +349,7 @@ func ApprovePendingUser(ctx *gin.Context) {
 		return
 	}

-	err = user.SetRole(dbModel.RoleUser)
+	err = user.SetUserRole()
 	if err != nil {
 		log.WithError(err).Error("set role by id error")
 		ctx.AbortWithStatusJSON(http.StatusInternalServerError, model.NewApiErrorResp(err))
@ -388,7 +388,7 @@ func BanUser(ctx *gin.Context) {
 		return
 	}

-	err = u.Value().SetRole(dbModel.RoleBanned)
+	err = u.Value().Ban()
 	if err != nil {
 		log.WithError(err).Error("set role error")
 		ctx.AbortWithStatusJSON(http.StatusInternalServerError, model.NewApiErrorResp(err))
@ -421,7 +421,7 @@ func UnBanUser(ctx *gin.Context) {
 		return
 	}

-	err = u.Value().SetRole(dbModel.RoleUser)
+	err = u.Value().Unban()
 	if err != nil {
 		log.WithError(err).Error("set role error")
 		ctx.AbortWithStatusJSON(http.StatusInternalServerError, model.NewApiErrorResp(err))
--- a/server/handlers/root.go
+++ b/server/handlers/root.go
@ -5,7 +5,6 @@ import (

 	"github.com/gin-gonic/gin"
 	"github.com/sirupsen/logrus"
-	dbModel "github.com/synctv-org/synctv/internal/model"
 	"github.com/synctv-org/synctv/internal/op"
 	"github.com/synctv-org/synctv/server/model"
 )
@ -38,7 +37,7 @@ func AddAdmin(ctx *gin.Context) {
 		return
 	}

-	if err := u.Value().SetRole(dbModel.RoleAdmin); err != nil {
+	if err := u.Value().SetAdminRole(); err != nil {
 		log.Errorf("failed to set role: %v", err)
 		ctx.AbortWithStatusJSON(http.StatusInternalServerError, model.NewApiErrorResp(err))
 		return
@ -75,7 +74,7 @@ func DeleteAdmin(ctx *gin.Context) {
 		return
 	}

-	if err := u.Value().SetRole(dbModel.RoleUser); err != nil {
+	if err := u.Value().SetUserRole(); err != nil {
 		log.Errorf("failed to set role: %v", err)
 		ctx.AbortWithStatusJSON(http.StatusInternalServerError, model.NewApiErrorResp(err))
 		return