Only allow owner (creator) to set a passord

11 years ago · 76468a8958
parent 065eac4be5
commit 76468a8958
2 changed files with 32 additions and 13 deletions
--- a/public/js/vroom.js
+++ b/public/js/vroom.js
@ -608,15 +608,20 @@ function initVroom(room) {
        password: pass,
        room: roomName
      },
-      error: function(data) {
-        var msg = (data && data.msg) ? data.msg : locale.ERROR_OCCURED;
+      error: function() {
+        var msg = locale.ERROR_OCCURED;
        $.notify(msg, 'error');
      },
      success: function(data) {
-        $.notify(data.msg, 'success');
        $('#joinPass').val('');
+        if (data.status == 'success'){
+          $.notify(data.msg, 'success');
          webrtc.sendToAll('password_protect_on', {});
        }
+        else{
+          $.notify(data.msg, 'error');
+        }
+      }
    });
  });

@ -627,15 +632,20 @@ function initVroom(room) {
        action: 'setJoinPassword',
        room: roomName 
      },
-      error: function(data) {
-        var msg = (data && data.msg) ? data.msg : locale.ERROR_OCCURED;
+      error: function() {
+        var msg = locale.ERROR_OCCURED;
        $.notify(msg, 'error');
      },
      success: function(data) {
-        $.notify(data.msg, 'success');
        $('#joinPass').val('');
+        if (data.status == 'success'){
+          $.notify(data.msg, 'success');
          webrtc.sendToAll('password_protect_off', {});
        }
+        else{
+          $.notify(data.msg, 'error');
+        }
+      }
    });
  });

--- a/public/vroom.pl
+++ b/public/vroom.pl
@ -296,6 +296,7 @@ post '/create' => sub {
  $self->res->headers->cache_control('max-age=1, no-cache');
  my $name = $self->param('roomName') || $self->get_random_name();
  $self->login;
+  $self->session($name => {role => 'owner'});
  unless ($self->valid_room_name($name)){
    return $self->render('error',
      room => $name,
@ -490,20 +491,28 @@ post '/action' => sub {
  }
  elsif ($action eq 'setJoinPassword'){
    my $pass = $self->param('password');
-    $pass = undef if ($pass eq '');
-    my $res = $self->set_join_pass($room,$pass);
+    $pass = undef if ($pass && $pass eq '');
+    my $res = undef;
+    my $errmsg = 'ERROR_OCCURED';
+    if ($self->session($room)->{role} eq 'owner'){
+      $res = $self->set_join_pass($room,$pass);
+    }
+    else{
+      $errmsg = 'NOT_ALLOWED';
+    }
    if (!$res){
      return $self->render(
               json => {
-                 msg => $self->l('ERROR_OCCURED'),
+                 msg    => $self->l($errmsg),
+                 status => 'error'
               },
-               status   => '500'
             );
    }
    else{
      return $self->render(
               json => {
                 msg    => ($pass) ? $self->l('JOIN_PASSWORD_SET') : $self->l('JOIN_PASSWORD_REMOVED'),
+                 status => 'success'
               }
             );
    }