From abf67127639563d2a95b3e44886ef1d0217d89ec Mon Sep 17 00:00:00 2001 From: Rupert Rawnsley Date: Mon, 21 Nov 2022 16:45:33 +0000 Subject: [PATCH 1/2] API endpoints to add and remove room owners --- lib/ret/api/rooms.ex | 16 ++++++++++++++++ lib/ret_web/resolvers/room_resolver.ex | 25 +++++++++++++++++++++++++ lib/ret_web/schema/room_types.ex | 23 +++++++++++++++++++++-- 3 files changed, 62 insertions(+), 2 deletions(-) diff --git a/lib/ret/api/rooms.ex b/lib/ret/api/rooms.ex index b13cdd13c..87569a090 100644 --- a/lib/ret/api/rooms.ex +++ b/lib/ret/api/rooms.ex @@ -104,4 +104,20 @@ defmodule Ret.Api.Rooms do RetWeb.Endpoint.broadcast("hub:" <> hub.hub_sid, "hub_refresh", payload) end + + def authed_update_owner(event, hub_sid, %Credentials{} = credentials, params) when event in ["add_owner", "remove_owner"] do + hub = Hub |> Repo.get_by(hub_sid: hub_sid) + if is_nil(hub) do + {:error, "Cannot find room with id: " <> hub_sid} + else + if can?(credentials, update_room(hub)) do + case RetWeb.Endpoint.broadcast("hub:" <> hub.hub_sid, event, %{ "session_id" => params.session_id }) do + {:error, reason} -> {:error, reason} + :ok -> {:ok, hub} + end + else + {:error, :invalid_credentials} + end + end + end end diff --git a/lib/ret_web/resolvers/room_resolver.ex b/lib/ret_web/resolvers/room_resolver.ex index 020a5e384..03dfb280a 100644 --- a/lib/ret_web/resolvers/room_resolver.ex +++ b/lib/ret_web/resolvers/room_resolver.ex @@ -146,4 +146,29 @@ defmodule RetWeb.Resolvers.RoomResolver do def update_room(_parent, _args, _resolutions) do resolver_error(:unauthorized, "Unauthorized access") end + + def add_owner(_parent, %{id: hub_sid} = args, %{ + context: %{ + credentials: %Credentials{} = credentials + } + }) do + Ret.Api.Rooms.authed_update_owner("add_owner", hub_sid, credentials, args) + end + + def add_owner(_parent, _args, _resolutions) do + resolver_error(:unauthorized, "Unauthorized access") + end + + def remove_owner(_parent, %{id: hub_sid} = args, %{ + context: %{ + credentials: %Credentials{} = credentials + } + }) do + Ret.Api.Rooms.authed_update_owner("remove_owner", hub_sid, credentials, args) + end + + def remove_owner(_parent, _args, _resolutions) do + resolver_error(:unauthorized, "Unauthorized access") + end + end diff --git a/lib/ret_web/schema/room_types.ex b/lib/ret_web/schema/room_types.ex index baa056537..2feb4ae07 100644 --- a/lib/ret_web/schema/room_types.ex +++ b/lib/ret_web/schema/room_types.ex @@ -237,10 +237,29 @@ defmodule RetWeb.Schema.RoomTypes do @desc "Arbitrary json data associated with this room" arg(:user_data, :json) - # TODO: add/remove owner - resolve(&Resolvers.RoomResolver.update_room/3) end + + @desc "Add an owner to the room specified by the given id" + field :add_owner, :room do + @desc "The id of the room" + arg(:id, non_null(:string)) + @desc "The session id of the user to promote" + arg(:session_id, non_null(:string)) + + resolve(&Resolvers.RoomResolver.add_owner/3) + end + + @desc "Remove an owner to the room specified by the given id" + field :remove_owner, :room do + @desc "The id of the room" + arg(:id, non_null(:string)) + @desc "The session id of the user to demote" + arg(:session_id, non_null(:string)) + + resolve(&Resolvers.RoomResolver.remove_owner/3) + end + end object :room_subscriptions do From 11c5675abd9dc9eb03347c07c0e44384ede97420 Mon Sep 17 00:00:00 2001 From: Rupert Rawnsley Date: Tue, 22 Nov 2022 15:45:32 +0000 Subject: [PATCH 2/2] Missing permissions required for Account based API authentication --- lib/ret/api/rooms.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ret/api/rooms.ex b/lib/ret/api/rooms.ex index 87569a090..0fb329dc4 100644 --- a/lib/ret/api/rooms.ex +++ b/lib/ret/api/rooms.ex @@ -106,7 +106,7 @@ defmodule Ret.Api.Rooms do end def authed_update_owner(event, hub_sid, %Credentials{} = credentials, params) when event in ["add_owner", "remove_owner"] do - hub = Hub |> Repo.get_by(hub_sid: hub_sid) + hub = Hub |> Repo.get_by(hub_sid: hub_sid) |> Repo.preload([:hub_role_memberships, :hub_bindings]) if is_nil(hub) do {:error, "Cannot find room with id: " <> hub_sid} else