From 57365db9d889c2b99f27d832eed5b8af469b3de8 Mon Sep 17 00:00:00 2001 From: mrkubax10 Date: Sat, 16 Sep 2023 17:06:10 +0200 Subject: [PATCH] Frontend: Add channel access granting/revoking support --- database_settings.sql | 5 +- frontend.pm | 2 +- frontend_routes.pm | 76 +++++++++++++++++++++++++++++- static/channel_access_granted.html | 10 ++++ static/channel_access_revoked.html | 10 ++++ 5 files changed, 98 insertions(+), 5 deletions(-) create mode 100644 static/channel_access_granted.html create mode 100644 static/channel_access_revoked.html diff --git a/database_settings.sql b/database_settings.sql index cc2f12a..1e8919c 100644 --- a/database_settings.sql +++ b/database_settings.sql @@ -16,7 +16,6 @@ create table servers(id int primary key not null, port int not null ); -create table accessors(id int primary key not null, - channel_id int not null, -- foreign key in channels table - user_id int not null -- foreign key in users table +create table accessors(user_id int not null, -- foreign key in users table + channel_id int not null -- foreign key in channels table ); diff --git a/frontend.pm b/frontend.pm index f4b5e94..b553003 100644 --- a/frontend.pm +++ b/frontend.pm @@ -340,7 +340,7 @@ sub redirect { my $response = getBaseResponse(307, "Temporary Redirect"); $response.="Content-Length: 0\r\n"; - $response.="Location: $aLocation\r\n"; + $response.="Location: $aLocation\r\n\r\n"; $aClient->send($response); } diff --git a/frontend_routes.pm b/frontend_routes.pm index 20a126d..aa960bf 100644 --- a/frontend_routes.pm +++ b/frontend_routes.pm @@ -338,6 +338,80 @@ sub handlePath { return 1; } + when("/manage_access_action") { + if(!verifyRequestPrivileges($aRequest, $aClient, 1, $aConnection)) { + return 1; + } + my %parameters = frontend::parsePathParameters($aRequest->{"content"}); + if(!defined($parameters{"user"}) || length($parameters{"user"})==0) { + frontend::sendBadRequest($aClient, "User required"); + return 1; + } + if(!defined($parameters{"channel"}) || length($parameters{"channel"})==0) { + frontend::sendBadRequest($aClient, "Channel required"); + return 1; + } + if(defined($parameters{"grant"})) { + my $query = $aConnection->prepare(qq(select id from channels where id=?;)); + $query->execute($parameters{"channel"}); + my @row = $query->fetchrow_array(); + if(scalar(@row)==0) { + frontend::sendBadRequest($aClient, "Channel with ID $parameters{'channel'} doesn't exist"); + return 1; + } + if($row[0]==1) { + frontend::sendBadRequest($aClient, "Channel with ID $parameters{'channel'} is public"); + return 1; + } + $query = $aConnection->prepare(qq(select id from users where id=?;)); + $query->execute($parameters{"user"}); + @row = $query->fetchrow_array(); + if(scalar(@row)==0) { + frontend::sendBadRequest($aClient, "User with ID $parameters{'user'} doesn't exist"); + return 1; + } + $query = $aConnection->prepare(qq(select user_id from accessors where user_id=? and channel_id=?;)); + $query->execute($parameters{"user"}, $parameters{"channel"}); + @row = $query->fetchrow_array(); + if(scalar(@row)>0) { + frontend::sendBadRequest($aClient, "User with ID $parameters{'user'} already has access to channel with ID $parameters{'channel'}"); + return 1; + } + $query = $aConnection->prepare(qq(insert into accessors values(?, ?);)); + $query->execute($parameters{"user"}, $parameters{"channel"}); + frontend::redirect($aClient, "/channel_access_granted.html"); + } + elsif(defined($parameters{"revoke"})) { + my $query = $aConnection->prepare(qq(select id from channels where id=?;)); + $query->execute($parameters{"channel"}); + my @row = $query->fetchrow_array(); + if(scalar(@row)==0) { + frontend::sendBadRequest($aClient, "Channel with ID $parameters{'channel'} doesn't exist"); + return 1; + } + $query = $aConnection->prepare(qq(select id from users where id=?;)); + $query->execute($parameters{"user"}); + @row = $query->fetchrow_array(); + if(scalar(@row)==0) { + frontend::sendBadRequest($aClient, "User with ID $parameters{'user'} doesn't exist"); + return 1; + } + $query = $aConnection->prepare(qq(select user_id from accessors where user_id=? and channel_id=?;)); + $query->execute($parameters{"user"}, $parameters{"channel"}); + @row = $query->fetchrow_array(); + if(scalar(@row)==0) { + frontend::sendBadRequest($aClient, "User with ID $parameters{'user'} doesn't have access to channel with ID $parameters{'channel'}"); + return 1; + } + $query = $aConnection->prepare(qq(delete from accessors where user_id=? and channel_id=?;)); + $query->execute($parameters{"user"}, $parameters{"channel"}); + frontend::redirect($aClient, "/channel_access_revoked.html"); + } + else { + frontend::sendBadRequest($aClient, "Action (grant or revoke) required"); + } + return 1; + } when("/add_user_action") { if(!verifyRequestPrivileges($aRequest, $aClient, 1, $aConnection)) { return 1; @@ -415,7 +489,7 @@ sub handlePath { return 1; } my %parameters = frontend::parsePathParameters($aRequest->{"content"}); - if(!defined($parameters{"channel"}) length($parameters{"channel"})==0) { + if(!defined($parameters{"channel"}) || length($parameters{"channel"})==0) { frontend::sendBadRequest($aClient, "Channel name required"); return 1; } diff --git a/static/channel_access_granted.html b/static/channel_access_granted.html new file mode 100644 index 0000000..e63d1b3 --- /dev/null +++ b/static/channel_access_granted.html @@ -0,0 +1,10 @@ + + + + Channel access granted + + +

Channel access successfully granted

+ Return to user panel + + diff --git a/static/channel_access_revoked.html b/static/channel_access_revoked.html new file mode 100644 index 0000000..74f2013 --- /dev/null +++ b/static/channel_access_revoked.html @@ -0,0 +1,10 @@ + + + + Channel access revoked + + +

Channel access successfully revoked

+ Return to user panel + +