More fixes in key_can_do_this

master
Daniel Berteaud 10 years ago
parent 8f4b707d4c
commit c4bfe21f4e
  1. 11
      vroom.pl

@ -911,7 +911,6 @@ helper key_can_do_this => sub {
return 0;
}
my $key = $self->get_key_by_token($data->{token});
my $room = $self->get_room_by_name($data->{param}->{room});
if (!$key){
$self->app->log->debug("Invalid API key");
return 0;
@ -922,7 +921,7 @@ helper key_can_do_this => sub {
return 1;
}
# Global actions can only be performed by admin keys
if (!$room){
if (!$data->{param}->{room}){
$self->app->log->debug("Invalid room ID");
return 0;
}
@ -933,10 +932,10 @@ helper key_can_do_this => sub {
FROM `room_keys`
LEFT JOIN `rooms` ON `room_keys`.`room_id`=`rooms`.`id`
WHERE `room_keys`.`key_id`=?
AND `room_keys`.`room_id`=?
AND `rooms`.`name`=?
LIMIT 1');
};
$sth->execute($key->{id},$room->{id});
$sth->execute($key->{id},$data->{param}->{room});
$sth->bind_columns(\$key->{role});
$sth->fetch;
my $actions = API_ACTIONS;
@ -946,7 +945,7 @@ helper key_can_do_this => sub {
return 1;
}
# If this key as simple partitipant priv in this room, only allow participant actions
elsif ($key->{role} eq 'partitipant' && $actions->{participant}->{$data->{action}}){
elsif ($key->{role} eq 'participant' && $actions->{participant}->{$data->{action}}){
return 1;
}
# Else, deny
@ -1402,7 +1401,7 @@ any '/api' => sub {
# There's no owner password, so you cannot auth
return $self->render(
json => {
msg => 'NOT_ALLOWED',
msg => $self->l('NOT_ALLOWED'),
status => 'error'
}
);

Loading…
Cancel
Save