Merge branch 'merge-with-tests' of https://github.com/antobinary/bigbluebutton into merge-with-tests

2014-11-14 14:31:53 -02:00 · 2014-11-14 14:31:53 -02:00 · 92584c1cad
commit 92584c1cad
parent 0a92c0e138 9ef7ad5edc
2 changed files with 60 additions and 44 deletions
--- a/labs/meteor-client/app/server/collection_methods/users.coffee
+++ b/labs/meteor-client/app/server/collection_methods/users.coffee
@ -56,60 +56,54 @@ Meteor.methods
 	# loweredByUserId: userId of person lowering
 	# loweredBySecret: the secret of the requestor
 	userLowerHand: (meetingId, toLowerUserId, loweredByUserId, loweredBySecret) ->
-		requester = Meteor.Users.findOne({meetingId:meetingId, userId: loweredByUserId})
-		if loweredBySecret is requester.userSecret
-			# check for permission:
-			if loweredByUserId is toLowerUserId #or  requester.user.role is "MODERATOR" # TODO make this const?
-				message =
-					"payload":
-						"userid": toLowerUserId
-						"meeting_id": meetingId
-						"raise_hand": false
-						"lowered_by": loweredByUserId
-					"header":
-						"timestamp": new Date().getTime()
-						"name": "user_lowered_hand_message"
-						"version": "0.0.1"
-
-				# publish to pubsub
-				publish Meteor.config.redis.channels.toBBBApps.users, message
-				return
+		action = ->
+			if toLowerUserId is loweredByUserId
+				return 'lowerOwnHand'
 			else
-				Meteor.log.info "in meetingId=#{meetingId} userId=#{loweredByUserId} tried to lower the hand of userId=#{toLowerUserId} without permission"
-		else
-			Meteor.log.info "in meetingId=#{meetingId} userId=#{loweredByUserId} tried to lower the hand of userId=#{toLowerUserId} without permission"
-			return
+				return 'lowerOthersHand'
+
+		if isAllowedTo(action(), meetingId, loweredByUserId, loweredBySecret)
+			message =
+				payload:
+					userid: toLowerUserId
+					meeting_id: meetingId
+					raise_hand: false
+					lowered_by: loweredByUserId
+				header:
+					timestamp: new Date().getTime()
+					name: "user_lowered_hand_message"
+					version: "0.0.1"
+
+			# publish to pubsub
+			publish Meteor.config.redis.channels.toBBBApps.users, message
+		return

 	# meetingId: the meetingId which both users are in 
 	# toRaiseUserId: the userid of the user to have their hand lowered
 	# raisedByUserId: userId of person lowering
 	# raisedBySecret: the secret of the requestor
 	userRaiseHand: (meetingId, toRaiseUserId, raisedByUserId, raisedBySecret) ->
-		requester = Meteor.Users.findOne({meetingId:meetingId, userId: raisedByUserId})
-		if raisedBySecret is requester.userSecret
-			# check for permission:
-			if raisedByUserId is toRaiseUserId # TODO make this const?
-				message =
-					"payload":
-						"userid": toRaiseUserId
-						"meeting_id": meetingId
-						"raise_hand": false
-						"lowered_by": raisedByUserId
-					"header":
-						"timestamp": new Date().getTime()
-						"name": "user_raised_hand_message"
-						"version": "0.0.1"
-
-				# publish to pubsub
-				publish Meteor.config.redis.channels.toBBBApps.users, message
-				return
+		action = ->
+			if toRaiseUserId is raisedByUserId
+				return 'raiseOwnHand'
 			else
-				Meteor.log.info "in meetingId=#{meetingId} userId=#{raisedByUserId} tried to raise the hand of userId=#{toRaiseUserId} without permission"
-		else
-			Meteor.log.info "in meetingId=#{meetingId} userId=#{loweredByUserId} tried to raise the hand of userId=#{toLowerUserId} without permission"
-			return
+				return 'raiseOthersHand'

+		if isAllowedTo(action(), meetingId, raisedByUserId, raisedBySecret)
+			message =
+				payload:
+					userid: toRaiseUserId
+					meeting_id: meetingId
+					raise_hand: false
+					lowered_by: raisedByUserId
+				header:
+					timestamp: new Date().getTime()
+					name: "user_raised_hand_message"
+					version: "0.0.1"

+			# publish to pubsub
+			publish Meteor.config.redis.channels.toBBBApps.users, message
+		return

 	userLogout: (meetingId, userId) ->
 		Meteor.log.info "a user is logging out from #{meetingId}:" + userId
--- a/labs/meteor-client/app/server/user_permissions.coffee
+++ b/labs/meteor-client/app/server/user_permissions.coffee
@ -0,0 +1,22 @@
+# TODO we should look into publishing the Users collection so that includes
+# the secret of the specific user but not of the other users
+
+moderator = null
+presenter = null
+viewer =
+  # raising/lowering hand
+  raiseOwnHand : true
+  lowerOwnHand : true
+
+@isAllowedTo = (action, meetingId, userId, secret) ->
+
+  user = Meteor.Users.findOne({meetingId:meetingId, userId: userId})
+  if user?
+    # we check if the user is who he claims to be
+    if secret is user.userSecret
+      if user.user?.role is 'VIEWER'
+        return viewer[action] or false
+    Meteor.log.info "in meetingId=#{meetingId} userId=#{userId} tried to perform #{action} without permission" #TODO make this a warning
+
+    # the current version of the HTML5 client represents only VIEWER users
+  return false