From 1695c9dfff0ed3e1dc4cff4e7e8f359dd088139e Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <daniel@firewall-services.com>
Date: Wed, 14 May 2014 22:14:25 +0200
Subject: [PATCH] Only the owner is allowed to lock/unlock a room

---
 public/vroom.pl | 27 +++++++++------------------
 1 file changed, 9 insertions(+), 18 deletions(-)

diff --git a/public/vroom.pl b/public/vroom.pl
index 448f160..aba4324 100755
--- a/public/vroom.pl
+++ b/public/vroom.pl
@@ -504,28 +504,19 @@ post '/action' => sub {
   }
   if ($action =~ m/(un)?lock/){
     my ($lock,$success);
-    if ($action eq 'lock'){
-      $lock = 1;
-      $success = $self->l('ROOM_LOCKED');
-    }
-    else{
-      $lock = 0;
-      $success = $self->l('ROOM_UNLOCKED');
+    my $msg = 'ERROR_OCCURED';
+    my $status = 'error';
+    if (!$self->session($room) || $self->session($room)->{role} ne 'owner'){
+      $msg = 'NOT_ALLOWED';
     }
-    my $room = $self->param('room');
-    my $res = $self->lock_room($room,$lock);
-    unless ($res){
-      return $self->render(
-               json => {
-                 msg    => $self->l('ERROR_OCCURED'),
-                 status => 'error'
-               },
-             );
+    elsif ($self->lock_room($room,($action eq 'lock') ? '1':'0')){
+      $status = 'success';
+      $msg = ($action eq 'lock') ? 'ROOM_LOCKED' : 'ROOM_UNLOCKED';
     }
     return $self->render(
              json => {
-               msg    => $success,
-               status => 'success'
+               msg    => $self->l($msg),
+               status => $status
              }
            );
   }