Frontend: Add channel access granting/revoking support

2023-09-16 17:06:10 +02:00 · 2023-09-16 17:06:10 +02:00 · 57365db9d8
commit 57365db9d8
parent fe114e749c
5 changed files with 98 additions and 5 deletions
--- a/database_settings.sql
+++ b/database_settings.sql
@ -16,7 +16,6 @@ create table servers(id int primary key not null,
 	port int not null
 );

-create table accessors(id int primary key not null,
-	channel_id int not null, -- foreign key in channels table
-	user_id int not null -- foreign key in users table
+create table accessors(user_id int not null, -- foreign key in users table
+	channel_id int not null -- foreign key in channels table
 );
--- a/frontend.pm
+++ b/frontend.pm
@ -340,7 +340,7 @@ sub redirect {

 	my $response = getBaseResponse(307, "Temporary Redirect");
 	$response.="Content-Length: 0\r\n";
-	$response.="Location: $aLocation\r\n";
+	$response.="Location: $aLocation\r\n\r\n";
 	$aClient->send($response);
 }

--- a/frontend_routes.pm
+++ b/frontend_routes.pm
@ -338,6 +338,80 @@ sub handlePath {

 		return 1;
 	}
+	when("/manage_access_action") {
+		if(!verifyRequestPrivileges($aRequest, $aClient, 1, $aConnection)) {
+			return 1;
+		}
+		my %parameters = frontend::parsePathParameters($aRequest->{"content"});
+		if(!defined($parameters{"user"}) || length($parameters{"user"})==0) {
+			frontend::sendBadRequest($aClient, "User required");
+			return 1;
+		}
+		if(!defined($parameters{"channel"}) || length($parameters{"channel"})==0) {
+			frontend::sendBadRequest($aClient, "Channel required");
+			return 1;
+		}
+		if(defined($parameters{"grant"})) {
+			my $query = $aConnection->prepare(qq(select id from channels where id=?;));
+			$query->execute($parameters{"channel"});
+			my @row = $query->fetchrow_array();
+			if(scalar(@row)==0) {
+				frontend::sendBadRequest($aClient, "Channel with ID $parameters{'channel'} doesn't exist");
+				return 1;
+			}
+			if($row[0]==1) {
+				frontend::sendBadRequest($aClient, "Channel with ID $parameters{'channel'} is public");
+				return 1;
+			}
+			$query = $aConnection->prepare(qq(select id from users where id=?;));
+			$query->execute($parameters{"user"});
+			@row = $query->fetchrow_array();
+			if(scalar(@row)==0) {
+				frontend::sendBadRequest($aClient, "User with ID $parameters{'user'} doesn't exist");
+				return 1;
+			}
+			$query = $aConnection->prepare(qq(select user_id from accessors where user_id=? and channel_id=?;));
+			$query->execute($parameters{"user"}, $parameters{"channel"});
+			@row = $query->fetchrow_array();
+			if(scalar(@row)>0) {
+				frontend::sendBadRequest($aClient, "User with ID $parameters{'user'} already has access to channel with ID $parameters{'channel'}");
+				return 1;
+			}
+			$query = $aConnection->prepare(qq(insert into accessors values(?, ?);));
+			$query->execute($parameters{"user"}, $parameters{"channel"});
+			frontend::redirect($aClient, "/channel_access_granted.html");
+		}
+		elsif(defined($parameters{"revoke"})) {
+			my $query = $aConnection->prepare(qq(select id from channels where id=?;));
+			$query->execute($parameters{"channel"});
+			my @row = $query->fetchrow_array();
+			if(scalar(@row)==0) {
+				frontend::sendBadRequest($aClient, "Channel with ID $parameters{'channel'} doesn't exist");
+				return 1;
+			}
+			$query = $aConnection->prepare(qq(select id from users where id=?;));
+			$query->execute($parameters{"user"});
+			@row = $query->fetchrow_array();
+			if(scalar(@row)==0) {
+				frontend::sendBadRequest($aClient, "User with ID $parameters{'user'} doesn't exist");
+				return 1;
+			}
+			$query = $aConnection->prepare(qq(select user_id from accessors where user_id=? and channel_id=?;));
+			$query->execute($parameters{"user"}, $parameters{"channel"});
+			@row = $query->fetchrow_array();
+			if(scalar(@row)==0) {
+				frontend::sendBadRequest($aClient, "User with ID $parameters{'user'} doesn't have access to channel with ID $parameters{'channel'}");
+				return 1;
+			}
+			$query = $aConnection->prepare(qq(delete from accessors where user_id=? and channel_id=?;));
+			$query->execute($parameters{"user"}, $parameters{"channel"});
+			frontend::redirect($aClient, "/channel_access_revoked.html");
+		}
+		else {
+			frontend::sendBadRequest($aClient, "Action (grant or revoke) required");
+		}
+		return 1;
+	}
 	when("/add_user_action") {
 		if(!verifyRequestPrivileges($aRequest, $aClient, 1, $aConnection)) {
 			return 1;
@ -415,7 +489,7 @@ sub handlePath {
 			return 1;
 		}
 		my %parameters = frontend::parsePathParameters($aRequest->{"content"});
-		if(!defined($parameters{"channel"}) length($parameters{"channel"})==0) {
+		if(!defined($parameters{"channel"}) || length($parameters{"channel"})==0) {
 			frontend::sendBadRequest($aClient, "Channel name required");
 			return 1;
 		}
--- a/static/channel_access_granted.html
+++ b/static/channel_access_granted.html
@ -0,0 +1,10 @@
+<!DOCTYPE HTML>
+<html>
+	<head>
+		<title>Channel access granted</title>
+	</head>
+	<body>
+		<p>Channel access successfully granted</p>
+		<a href="/panel">Return to user panel</a>
+	</body>
+</html>
--- a/static/channel_access_revoked.html
+++ b/static/channel_access_revoked.html
@ -0,0 +1,10 @@
+<!DOCTYPE HTML>
+<html>
+	<head>
+		<title>Channel access revoked</title>
+	</head>
+	<body>
+		<p>Channel access successfully revoked</p>
+		<a href="/panel">Return to user panel</a>
+	</body>
+</html>