From c4bfe21f4e505489aee9d4f55a05d13ab8ddff8b Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Sun, 18 Jan 2015 19:02:22 +0100 Subject: [PATCH] More fixes in key_can_do_this --- vroom.pl | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/vroom.pl b/vroom.pl index b42cffe..a794a6d 100755 --- a/vroom.pl +++ b/vroom.pl @@ -911,7 +911,6 @@ helper key_can_do_this => sub { return 0; } my $key = $self->get_key_by_token($data->{token}); - my $room = $self->get_room_by_name($data->{param}->{room}); if (!$key){ $self->app->log->debug("Invalid API key"); return 0; @@ -922,7 +921,7 @@ helper key_can_do_this => sub { return 1; } # Global actions can only be performed by admin keys - if (!$room){ + if (!$data->{param}->{room}){ $self->app->log->debug("Invalid room ID"); return 0; } @@ -933,10 +932,10 @@ helper key_can_do_this => sub { FROM `room_keys` LEFT JOIN `rooms` ON `room_keys`.`room_id`=`rooms`.`id` WHERE `room_keys`.`key_id`=? - AND `room_keys`.`room_id`=? + AND `rooms`.`name`=? LIMIT 1'); }; - $sth->execute($key->{id},$room->{id}); + $sth->execute($key->{id},$data->{param}->{room}); $sth->bind_columns(\$key->{role}); $sth->fetch; my $actions = API_ACTIONS; @@ -946,7 +945,7 @@ helper key_can_do_this => sub { return 1; } # If this key as simple partitipant priv in this room, only allow participant actions - elsif ($key->{role} eq 'partitipant' && $actions->{participant}->{$data->{action}}){ + elsif ($key->{role} eq 'participant' && $actions->{participant}->{$data->{action}}){ return 1; } # Else, deny @@ -1402,7 +1401,7 @@ any '/api' => sub { # There's no owner password, so you cannot auth return $self->render( json => { - msg => 'NOT_ALLOWED', + msg => $self->l('NOT_ALLOWED'), status => 'error' } );