Only allow owner (creator) to set a passord

public/js/vroom.js

@@ -608,14 +608,19 @@ function initVroom(room) {
         password: pass,
         room: roomName
       },
-      error: function(data) {
+      error: function() {
-        var msg = (data && data.msg) ? data.msg : locale.ERROR_OCCURED;
+        var msg = locale.ERROR_OCCURED;
         $.notify(msg, 'error');
       },
       success: function(data) {
-        $.notify(data.msg, 'success');
         $('#joinPass').val('');
-        webrtc.sendToAll('password_protect_on', {});
+        if (data.status == 'success'){
+          $.notify(data.msg, 'success');
+          webrtc.sendToAll('password_protect_on', {});
+        }
+        else{
+          $.notify(data.msg, 'error');
+        }
       }
     });
   });
@@ -627,14 +632,19 @@ function initVroom(room) {
         action: 'setJoinPassword',
         room: roomName 
       },
-      error: function(data) {
+      error: function() {
-        var msg = (data && data.msg) ? data.msg : locale.ERROR_OCCURED;
+        var msg = locale.ERROR_OCCURED;
         $.notify(msg, 'error');
       },
       success: function(data) {
-        $.notify(data.msg, 'success');
         $('#joinPass').val('');
-        webrtc.sendToAll('password_protect_off', {});
+        if (data.status == 'success'){
+          $.notify(data.msg, 'success');
+          webrtc.sendToAll('password_protect_off', {});
+        }
+        else{
+          $.notify(data.msg, 'error');
+        }
       }
     });
   });

public/vroom.pl

@@ -296,6 +296,7 @@ post '/create' => sub {
   $self->res->headers->cache_control('max-age=1, no-cache');
   my $name = $self->param('roomName') || $self->get_random_name();
   $self->login;
+  $self->session($name => {role => 'owner'});
   unless ($self->valid_room_name($name)){
     return $self->render('error',
       room => $name,
@@ -490,20 +491,28 @@ post '/action' => sub {
   }
   elsif ($action eq 'setJoinPassword'){
     my $pass = $self->param('password');
-    $pass = undef if ($pass eq '');
+    $pass = undef if ($pass && $pass eq '');
-    my $res = $self->set_join_pass($room,$pass);
+    my $res = undef;
+    my $errmsg = 'ERROR_OCCURED';
+    if ($self->session($room)->{role} eq 'owner'){
+      $res = $self->set_join_pass($room,$pass);
+    }
+    else{
+      $errmsg = 'NOT_ALLOWED';
+    }
     if (!$res){
       return $self->render(
                json => {
-                 msg => $self->l('ERROR_OCCURED'),
+                 msg    => $self->l($errmsg),
+                 status => 'error'
                },
-               status   => '500'
              );
     }
     else{
       return $self->render(
                json => {
-                 msg => ($pass) ? $self->l('JOIN_PASSWORD_SET') : $self->l('JOIN_PASSWORD_REMOVED'),
+                 msg    => ($pass) ? $self->l('JOIN_PASSWORD_SET') : $self->l('JOIN_PASSWORD_REMOVED'),
+                 status => 'success'
                }
              );
     }