Merge pull request #163 from camphor-/non-creator-not-be-able-to-archive

ARCHIVEとSTOPのときはセッション作成者しか操作できないようにする
camphor- · Jul 29, 2020 · e9c24b7 · e9c24b7
2 parents f248662 + da9e49c
commit e9c24b7
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 3 deletions.
diff --git a/usecase/session_state.go b/usecase/session_state.go
@@ -149,6 +149,11 @@ func (s *SessionStateUseCase) pause(ctx context.Context, sess *entity.Session) e
 
 // archive はセッションのstateをARCHIVEDに変更します。
 func (s *SessionStateUseCase) archive(ctx context.Context, session *entity.Session) error {
+	userID, _ := service.GetUserIDFromContext(ctx)
+	if !session.IsCreator(userID) {
+		return fmt.Errorf("user is not creator: %w", entity.ErrSessionNotAllowToControlOthers)
+	}
+
 	switch session.StateType {
 	case entity.Play:
 		if err := s.playerCli.Pause(ctx, session.DeviceID); err != nil && !errors.Is(err, entity.ErrActiveDeviceNotFound) {
@@ -176,6 +181,11 @@ func (s *SessionStateUseCase) archive(ctx context.Context, session *entity.Sessi
 
 // stop はセッションのstateをSTOPに変更します。
 func (s *SessionStateUseCase) stop(ctx context.Context, session *entity.Session) error {
+	userID, _ := service.GetUserIDFromContext(ctx)
+	if !session.IsCreator(userID) {
+		return fmt.Errorf("user is not creator: %w", entity.ErrSessionNotAllowToControlOthers)
+	}
+
 	switch session.StateType {
 	case entity.Stop:
 		return nil

diff --git a/web/handler/session_state_test.go b/web/handler/session_state_test.go
@@ -613,6 +613,7 @@ func TestSessionHandler_State_STOP(t *testing.T) {
 		{
 			name:                "StateType=ARCHIVED: 手動でアーカイブを解除して202",
 			sessionID:           "sessionID",
+			userID:              "creator_id",
 			prepareMockPlayerFn: func(m *mock_spotify.MockPlayer) {},
 			prepareMockPusherFn: func(m *mock_event.MockPusher) {
 				m.EXPECT().Push(&event.PushMessage{SessionID: "sessionID", Msg: entity.EventUnarchive})
@@ -665,38 +666,54 @@ func TestSessionHandler_State_STOP(t *testing.T) {
 			wantErr:  false,
 			wantCode: http.StatusAccepted,
 		},
+		{
+			name:                  "セッション作成者以外の操作のときは400",
+			sessionID:             "sessionID",
+			userID:                "non_creator_id",
+			prepareMockPlayerFn:   func(m *mock_spotify.MockPlayer) {},
+			prepareMockPusherFn:   func(m *mock_event.MockPusher) {},
+			prepareMockUserRepoFn: func(m *mock_repository.MockUser) {},
+			prepareMockSessionRepoFn: func(m *mock_repository.MockSession) {
+				m.EXPECT().FindByID(gomock.Any(), "sessionID").Return(&entity.Session{StateType: entity.Pause, CreatorID: "creator_id"}, nil)
+			},
+			wantErr:  true,
+			wantCode: http.StatusBadRequest,
+		},
 		{
 			name:                  "StateType=PLAY: 不正なstateの変更なので400",
 			sessionID:             "sessionID",
+			userID:                "creator_id",
 			prepareMockPlayerFn:   func(m *mock_spotify.MockPlayer) {},
 			prepareMockPusherFn:   func(m *mock_event.MockPusher) {},
 			prepareMockUserRepoFn: func(m *mock_repository.MockUser) {},
 			prepareMockSessionRepoFn: func(m *mock_repository.MockSession) {
-				m.EXPECT().FindByID(gomock.Any(), "sessionID").Return(&entity.Session{StateType: entity.Play}, nil)
+				m.EXPECT().FindByID(gomock.Any(), "sessionID").Return(&entity.Session{StateType: entity.Play, CreatorID: "creator_id"}, nil)
 			},
 			wantErr:  true,
 			wantCode: http.StatusBadRequest,
 		},
 		{
 			name:                  "StateType=PAUSE: 不正なstateの変更なので400",
 			sessionID:             "sessionID",
+			userID:                "creator_id",
 			prepareMockPlayerFn:   func(m *mock_spotify.MockPlayer) {},
 			prepareMockPusherFn:   func(m *mock_event.MockPusher) {},
 			prepareMockUserRepoFn: func(m *mock_repository.MockUser) {},
 			prepareMockSessionRepoFn: func(m *mock_repository.MockSession) {
-				m.EXPECT().FindByID(gomock.Any(), "sessionID").Return(&entity.Session{StateType: entity.Pause}, nil)
+				m.EXPECT().FindByID(gomock.Any(), "sessionID").Return(&entity.Session{StateType: entity.Pause, CreatorID: "creator_id"}, nil)
 			},
 			wantErr:  true,
 			wantCode: http.StatusBadRequest,
 		},
 		{
 			name:                  "StateType=STOP: なにもせずに202",
 			sessionID:             "sessionID",
+			userID:                "creator_id",
 			prepareMockPlayerFn:   func(m *mock_spotify.MockPlayer) {},
 			prepareMockPusherFn:   func(m *mock_event.MockPusher) {},
 			prepareMockUserRepoFn: func(m *mock_repository.MockUser) {},
 			prepareMockSessionRepoFn: func(m *mock_repository.MockSession) {
-				m.EXPECT().FindByID(gomock.Any(), "sessionID").Return(&entity.Session{StateType: entity.Stop}, nil)
+				m.EXPECT().FindByID(gomock.Any(), "sessionID").Return(&entity.Session{StateType: entity.Stop, CreatorID: "creator_id"}, nil)
 			},
 			wantErr:  false,
 			wantCode: http.StatusAccepted,
@@ -747,6 +764,7 @@ func TestSessionHandler_State_ARCHIVED(t *testing.T) {
 		{
 			name:      "StateType=PLAY: Spotifyでの再生を一時停止した後、正しくアーカイブされて202",
 			sessionID: "sessionID",
+			userID:    "creator_id",
 			prepareMockPlayerFn: func(m *mock_spotify.MockPlayer) {
 				m.EXPECT().Pause(gomock.Any(), "device_id").Return(nil)
 			},
@@ -788,6 +806,7 @@ func TestSessionHandler_State_ARCHIVED(t *testing.T) {
 		{
 			name:                "StateType=PAUSE: 正しくアーカイブされて202",
 			sessionID:           "sessionID",
+			userID:              "creator_id",
 			prepareMockPlayerFn: func(m *mock_spotify.MockPlayer) {},
 			prepareMockPusherFn: func(m *mock_event.MockPusher) {
 				m.EXPECT().Push(&event.PushMessage{SessionID: "sessionID", Msg: entity.EventArchived})
@@ -827,6 +846,7 @@ func TestSessionHandler_State_ARCHIVED(t *testing.T) {
 		{
 			name:                "StateType=STOP: 正しくアーカイブされて202",
 			sessionID:           "sessionID",
+			userID:              "creator_id",
 			prepareMockPlayerFn: func(m *mock_spotify.MockPlayer) {},
 			prepareMockPusherFn: func(m *mock_event.MockPusher) {
 				m.EXPECT().Push(&event.PushMessage{SessionID: "sessionID", Msg: entity.EventArchived})
@@ -866,6 +886,7 @@ func TestSessionHandler_State_ARCHIVED(t *testing.T) {
 		{
 			name:                  "StateType=ARCHIVED: 既にアーカイブされているので何もせずに202",
 			sessionID:             "sessionID",
+			userID:                "creator_id",
 			prepareMockPlayerFn:   func(m *mock_spotify.MockPlayer) {},
 			prepareMockPusherFn:   func(m *mock_event.MockPusher) {},
 			prepareMockUserRepoFn: func(m *mock_repository.MockUser) {},
@@ -887,6 +908,31 @@ func TestSessionHandler_State_ARCHIVED(t *testing.T) {
 			wantErr:  false,
 			wantCode: http.StatusAccepted,
 		},
+		{
+			name:                  "セッション作成者以外のときは400",
+			sessionID:             "sessionID",
+			userID:                "non_creator_id",
+			prepareMockPlayerFn:   func(m *mock_spotify.MockPlayer) {},
+			prepareMockPusherFn:   func(m *mock_event.MockPusher) {},
+			prepareMockUserRepoFn: func(m *mock_repository.MockUser) {},
+			prepareMockSessionRepoFn: func(m *mock_repository.MockSession) {
+				m.EXPECT().FindByID(gomock.Any(), "sessionID").Return(&entity.Session{
+					ID:        "sessionID",
+					Name:      "session_name",
+					CreatorID: "creator_id",
+					QueueHead: 0,
+					DeviceID:  "device_id",
+					StateType: entity.Archived,
+					QueueTracks: []*entity.QueueTrack{
+						{Index: 0, URI: "spotify:track:5uQ0vKy2973Y9IUCd1wMEF"},
+						{Index: 1, URI: "spotify:track:49BRCNV7E94s7Q2FUhhT3w"},
+					},
+					AllowToControlByOthers: true,
+				}, nil)
+			},
+			wantErr:  true,
+			wantCode: http.StatusBadRequest,
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {