Fix create and delete room permission checks

infinityoneframework · Mar 10, 2018 · 5c67753 · 5c67753
1 parent 7c13e9b
commit 5c67753
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 13 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,13 +14,14 @@
 * Update rooms after admin delete room
 * UCx-3798 - Add owner role when creating a room.
 * Add fix_owner_roles release task
-* Fix administration permissions
 
 ### Bug Fixes
 
 * Off-line users now see alerts generated while off-line when logging back in
 * Fixed hiding unread-bar when last message not visible on browser focus.
 * Close open subscriptions when logging out or closing browser.
+* Fix administration permissions
+* Fix create and delete room permission checks
 
 
 ## 0.3.1 (2018-01-05)

diff --git a/plugins/ucc_chat/lib/ucc_chat/models/channel.ex b/plugins/ucc_chat/lib/ucc_chat/models/channel.ex
@@ -11,7 +11,6 @@ defmodule UccChat.Channel do
 
   require Logger
 
-
   def update(channel, user, params) do
     # Logger.warn "update params: " <> inspect(params)
     channel
@@ -64,7 +63,7 @@ defmodule UccChat.Channel do
   end
 
   defp can_delete?(channel, user) do
-    Permissions.has_permission? user, "delete-" <> Permissions.room_type(channel.type)
+    Permissions.has_permission? user, "delete-" <> Permissions.room_type(channel.type), channel.id
   end
 
   def changeset(user, params) do
@@ -117,27 +116,25 @@ defmodule UccChat.Channel do
     true
   end
 
+
+  def has_permission?(user, %{id: nil} = data, changes) do
+    Permissions.has_permission?(user, type_permission("create", changes[:type] || 0))
+  end
+
   def has_permission?(user, data, changes) do
-    # Logger.warn "changes: " <> inspect(changes)
     changes
     |> Enum.all?(fn {field, value} ->
       has_permission?(user, data, field, value)
     end)
   end
 
   defp has_permission?(user, %{id: channel_id, type: _type}, _field, _value) do
-    # Logger.warn "{field, value}: " <> inspect({field, value})
-    # permission = type_permission("edit", type)
     Permissions.has_permission?(user, "edit-room", channel_id)
-    # false
   end
 
   defp has_permission?(_user, %{id: _channel_id}, _field, _value) do
     false
   end
-  # defp has_permission?(user, %{type: 1}), do: Permissions.has_permission?(user, "create-p")
-  # defp has_permission?(user, %{type: 2}), do: Permissions.has_permission?(user, "create-d")
-  # defp has_permission?(user, _), do: Permissions.has_permission?(user, "create-c")
 
   def total_rooms do
     from c in @schema, select: count(c.id)

diff --git a/plugins/ucc_chat/lib/ucc_chat/services/channel_service.ex b/plugins/ucc_chat/lib/ucc_chat/services/channel_service.ex
@@ -711,9 +711,10 @@ defmodule UccChat.ChannelService do
           channel_command(socket, :join, channel, user_id, channel_id)
 
           {:ok, ~g"Channel created successfully"}
-        {:error, _} ->
+        {:error, _, changeset} ->
+          message = UccChatWeb.SharedView.format_errors(changeset)
           {:error,
-            gettext("There was a problem creating #%{name} channel.", name: name)}
+            gettext("There was a problem creating #%{name} channel. ", name: name) <> message}
       end
     end
   end

diff --git a/plugins/ucc_chat/lib/ucc_chat_web/templates/flex_bar/channel_settings.html.slime b/plugins/ucc_chat/lib/ucc_chat_web/templates/flex_bar/channel_settings.html.slime
@@ -13,7 +13,7 @@
             = if field[:visible] do
               = flex_form_line(f, field, @editing, @channel_type)
 
-        = if has_permission? @current_user, "delete-" <> Permissions.room_type(@channel_type) do
+        = if has_permission? @current_user, "delete-" <> Permissions.room_type(@channel_type), @changeset.data.id do
           nav
             button type="submit" style="display:none"
             button.button.danger.delete(title="#{~g(Delete)}" rebel-click="flex_form_delete")