Make the /action handler accessible under /admin

And bypass auth check when accessed through /admin/action
10 years ago · 387048cfc0
parent 34d8649e3e
commit 387048cfc0
1 changed files with 9 additions and 8 deletions
--- a/public/vroom.pl
+++ b/public/vroom.pl
@ -997,12 +997,13 @@ get '/(*room)' => sub {
 };

 # Route for various room actions
-post '/action' => sub {
+post '/*action' => [action => [qw/action admin\/action/]] => sub {
  my $self = shift;
  my $action = $self->param('action');
+  my $prefix = ($self->stash('action') eq 'admin/action') ? 'admin':'room';
  my $room = $self->param('room') || "";
  # Refuse any action from non members of the room
-  if (!$self->session('name') || !$self->has_joined($self->session('name'), $room) || !$self->session($room) || !$self->session($room)->{role}){
+  if ($prefix ne 'admin' && (!$self->session('name') || !$self->has_joined($self->session('name'), $room) || !$self->session($room) || !$self->session($room)->{role})){
    return $self->render(
             json => {
               msg    => $self->l('ERROR_NOT_LOGGED_IN'),
@ -1036,7 +1037,7 @@ post '/action' => sub {
    my $message = $self->param('message');
    my $status  = 'error';
    my $msg     = $self->l('ERROR_OCCURRED');
-    if (!$self->session($room) || $self->session($room)->{role} ne 'owner'){
+    if ($prefix ne 'admin' && $self->session($room)->{role} ne 'owner'){
      $msg = 'NOT_ALLOWED';
    }
    elsif ($rcpt !~ m/\S+@\S+\.\S+$/){
@ -1075,7 +1076,7 @@ post '/action' => sub {
    my $msg = 'ERROR_OCCURRED';
    my $status = 'error';
    # Only the owner can lock or unlock a room
-    if (!$self->session($room) || $self->session($room)->{role} ne 'owner'){
+    if ($prefix ne 'admin' && $self->session($room)->{role} ne 'owner'){
      $msg = $self->l('NOT_ALLOWED');
    }
    elsif ($self->lock_room($room,($action eq 'lock') ? '1':'0')){
@ -1146,7 +1147,7 @@ post '/action' => sub {
    my $msg = $self->l('ERROR_OCCURRED');
    my $status = 'error';
    # Once again, only the owner can do this
-    if ($self->session($room)->{role} eq 'owner'){
+    if ($prefix eq 'admin' || $self->session($room)->{role} eq 'owner'){
      if ($type eq 'owner'){
        # Forbid a few common room names to be reserved
        if (grep { $room eq $_ } @{$config->{commonRoomNames}}){
@ -1244,7 +1245,7 @@ post '/action' => sub {
    my $type   = $self->param('type');
    my $status = 'error';
    my $msg    = $self->l('ERROR_OCCURRED');
-    if ($self->session($room)->{role} ne 'owner'){
+    if ($prefix ne 'admin' && $self->session($room)->{role} ne 'owner'){
      $msg = $self->l('NOT_ALLOWED');
    }
    elsif ($email !~ m/^\S+@\S+\.\S+$/){
@ -1270,7 +1271,7 @@ post '/action' => sub {
    my $type = $self->param('type');
    my $status = 'error';
    my $msg    = $self->l('ERROR_OCCURRED');
-    if ($self->session($room)->{role} ne 'owner'){
+    if ($prefix ne 'admin' && $self->session($room)->{role} ne 'owner'){
      $msg = $self->l('NOT_ALLOWED');
    }
    elsif($type eq 'set' && $self->ask_for_name($room,'1')){
@ -1379,7 +1380,7 @@ post '/action' => sub {
  elsif ($action eq 'deleteRoom'){
    my $status = 'error';
    my $msg    = $self->l('ERROR_OCCURRED');
-    if ($self->session($room)->{role} ne 'owner'){
+    if ($prefix ne 'admin' && $self->session($room)->{role} ne 'owner'){
      $msg = $self->l('NOT_ALLOWED');
    }
    elsif ($self->delete_room($room)){