Frontend: Implement support for adding channels
This commit is contained in:
@@ -27,6 +27,35 @@ use feature qw(switch);
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
sub verifyRequestPrivileges {
|
||||
my $aRequest = $_[0];
|
||||
my $aClient = $_[1];
|
||||
my $aPrivileges = $_[2];
|
||||
my $aConnection = $_[3];
|
||||
|
||||
if(!defined($aRequest->{"cookies"}{"session"}) || !frontend_session::isValidSession($aRequest->{"cookies"}{"session"})) {
|
||||
frontend::redirect($aClient, "/");
|
||||
return 0;
|
||||
}
|
||||
if(defined($aRequest->{"headers"}{"Content-Type"}) && $aRequest->{"headers"}{"Content-Type"} ne "application/x-www-form-urlencoded") {
|
||||
frontend::sendBadRequest($aClient, "Unsupported form Content-Type (application/x-www-form-urlencoded required)");
|
||||
return 0;
|
||||
}
|
||||
if(!defined($aRequest->{"content"})) {
|
||||
frontend::sendBadRequest($aClient, "Request content required");
|
||||
return 0;
|
||||
}
|
||||
my $session = $frontend_session::sessions{$aRequest->{"cookies"}{"session"}};
|
||||
my $query = $aConnection->prepare(qq(select privileges from users where name=?;));
|
||||
$query->execute($session->{"username"});
|
||||
my @row = $query->fetchrow_array();
|
||||
if($row[0]<$aPrivileges) {
|
||||
frontend::sendForbidden($aClient, "Insufficient permissions to perform this operation");
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
sub verifyChannelAccess {
|
||||
my $aRequest = $_[0];
|
||||
my $aClient = $_[1];
|
||||
@@ -309,35 +338,48 @@ sub handlePath {
|
||||
|
||||
return 1;
|
||||
}
|
||||
when("/add_server_action") {
|
||||
if(!defined($aRequest->{"cookies"}{"session"}) || !frontend_session::isValidSession($aRequest->{"cookies"}{"session"})) {
|
||||
frontend::redirect($aClient, "/");
|
||||
when("/add_user_action") {
|
||||
if(!verifyRequestPrivileges($aRequest, $aClient, 1, $aConnection)) {
|
||||
return 1;
|
||||
}
|
||||
if(defined($aRequest->{"headers"}{"Content-Type"}) && $aRequest->{"headers"}{"Content-Type"} ne "application/x-www-form-urlencoded") {
|
||||
frontend::sendBadRequest($aClient, "Unsupported form Content-Type (application/x-www-form-urlencoded required)");
|
||||
return 1;
|
||||
}
|
||||
if(!defined($aRequest->{"content"})) {
|
||||
frontend::sendBadRequest($aClient, "Request content required");
|
||||
return 1;
|
||||
}
|
||||
my $session = $frontend_session::sessions{$aRequest->{"cookies"}{"session"}};
|
||||
|
||||
my $query = $aConnection->prepare(qq(select privileges from users where name=?;));
|
||||
$query->execute($session->{"username"});
|
||||
my @row = $query->fetchrow_array();
|
||||
if($row[0]<2) {
|
||||
frontend::sendForbidden($aClient, "Insufficient permissions to perform this operation");
|
||||
return 1;
|
||||
}
|
||||
|
||||
my %parameters = frontend::parsePathParameters($aRequest->{"content"});
|
||||
if(!defined($parameters{"name"})) {
|
||||
if(!defined($parameters{"name"}) || length($parameters{"name"})==0) {
|
||||
frontend::sendBadRequest($aClient, "Username required");
|
||||
return 1;
|
||||
}
|
||||
if(!defined($parameters{"password"}) || length($parameters{"password"})==0) {
|
||||
frontend::sendBadRequest($aClient, "Password required");
|
||||
return 1;
|
||||
}
|
||||
if(!defined($parameters{"confirmPassword"}) || length($parameters{"confirmPassword"})==0) {
|
||||
frontend::sendBadRequest($aClient, "Confirm password required");
|
||||
return 1;
|
||||
}
|
||||
if($parameters{"password"} ne $parameters{"confirmPassword"}) {
|
||||
frontend::sendBadRequest($aClient, "Password and confirm password don't match");
|
||||
return 1;
|
||||
}
|
||||
my $query = $aConnection->prepare(qq(select id from users where name=?;));
|
||||
$query->execute($parameters{"name"});
|
||||
my @row = $query->fetchrow_array();
|
||||
if(scalar(@row)>0) {
|
||||
frontend::sendConflict($aClient, "User $parameters{'name'} already exists");
|
||||
return 1;
|
||||
}
|
||||
frontend::createUser($parameters{"name"}, $parameters{"password"}, defined($parameters{"operator"}), $aConnection);
|
||||
frontend::redirect($aClient, "/user_added.html");
|
||||
return 1;
|
||||
}
|
||||
when("/add_server_action") {
|
||||
if(!verifyRequestPrivileges($aRequest, $aClient, 2, $aConnection)) {
|
||||
return 1;
|
||||
}
|
||||
my %parameters = frontend::parsePathParameters($aRequest->{"content"});
|
||||
if(!defined($parameters{"name"}) || length($parameters{"name"})==0) {
|
||||
frontend::sendBadRequest($aClient, "Server name required");
|
||||
return 1;
|
||||
}
|
||||
if(!defined($parameters{"address"})) {
|
||||
if(!defined($parameters{"address"}) || length($parameters{"address"})==0) {
|
||||
frontend::sendBadRequest($aClient, "Server address required");
|
||||
return 1;
|
||||
}
|
||||
@@ -346,9 +388,9 @@ sub handlePath {
|
||||
$port = $parameters{"port"};
|
||||
}
|
||||
|
||||
$query = $aConnection->prepare(qq(select id from servers where name=?;));
|
||||
my $query = $aConnection->prepare(qq(select id from servers where name=?;));
|
||||
$query->execute($parameters{"name"});
|
||||
@row = $query->fetchrow_array();
|
||||
my @row = $query->fetchrow_array();
|
||||
if(scalar(@row)>0) {
|
||||
frontend::sendConflict($aClient, "Server with name $parameters{'name'} already exists");
|
||||
return 1;
|
||||
@@ -369,41 +411,22 @@ sub handlePath {
|
||||
return 1;
|
||||
}
|
||||
when("/add_channel_action") {
|
||||
if(!defined($aRequest->{"cookies"}{"session"}) || !frontend_session::isValidSession($aRequest->{"cookies"}{"session"})) {
|
||||
frontend::redirect($aClient, "/");
|
||||
if(!verifyRequestPrivileges($aRequest, $aClient, 2, $aConnection)) {
|
||||
return 1;
|
||||
}
|
||||
if(defined($aRequest->{"headers"}{"Content-Type"}) && $aRequest->{"headers"}{"Content-Type"} ne "application/x-www-form-urlencoded") {
|
||||
frontend::sendBadRequest($aClient, "Unsupported form Content-Type (application/x-www-form-urlencoded required)");
|
||||
return 1;
|
||||
}
|
||||
if(!defined($aRequest->{"content"})) {
|
||||
frontend::sendBadRequest($aClient, "Request content required");
|
||||
return 1;
|
||||
}
|
||||
my $session = $frontend_session::sessions{$aRequest->{"cookies"}{"session"}};
|
||||
|
||||
my $query = $aConnection->prepare(qq(select privileges from users where name=?;));
|
||||
$query->execute($session->{"username"});
|
||||
my @row = $query->fetchrow_array();
|
||||
if($row[0]<2) {
|
||||
frontend::sendForbidden($aClient, "Insufficient permissions to perform this operation");
|
||||
return 1;
|
||||
}
|
||||
|
||||
my %parameters = frontend::parsePathParameters($aRequest->{"content"});
|
||||
if(!defined($parameters{"channel"})) {
|
||||
if(!defined($parameters{"channel"}) length($parameters{"channel"})==0) {
|
||||
frontend::sendBadRequest($aClient, "Channel name required");
|
||||
return 1;
|
||||
}
|
||||
if(!defined($parameters{"server"})) {
|
||||
if(!defined($parameters{"server"}) || length($parameters{"server"})==0) {
|
||||
frontend::sendBadRequest($aClient, "Server ID required");
|
||||
return 1;
|
||||
}
|
||||
|
||||
$query = $aConnection->prepare(qq(select name from servers where id=?;));
|
||||
my $query = $aConnection->prepare(qq(select name from servers where id=?;));
|
||||
$query->execute($parameters{"server"});
|
||||
@row = $query->fetchrow_array();
|
||||
my @row = $query->fetchrow_array();
|
||||
if(scalar(@row)==0) {
|
||||
frontend::sendBadRequest($aClient, "Invalid server ID");
|
||||
return 1;
|
||||
|
||||
Reference in New Issue
Block a user