diff --git a/group/group.go b/group/group.go index ea38658..c5fec13 100644 --- a/group/group.go +++ b/group/group.go @@ -563,7 +563,7 @@ func AddClient(group string, c Client, creds ClientCredentials) (*Group, error) clients := g.getClientsUnlocked(nil) if !member("system", c.Permissions()) { - username, perms, err := g.description.GetPermission(group, creds) + username, perms, err := g.getPermission(creds) if err != nil { return nil, err } @@ -815,7 +815,7 @@ func (g *Group) GetChatHistory() []ChatHistoryEntry { return h } -func matchClient(group string, creds ClientCredentials, users []ClientPattern) (bool, bool) { +func matchClient(creds ClientCredentials, users []ClientPattern) (bool, bool) { matched := false for _, u := range users { if u.Username == creds.Username { @@ -1103,12 +1103,14 @@ func readDescription(name string) (*Description, error) { return &desc, nil } -func (desc *Description) GetPermission(group string, creds ClientCredentials) (string, []string, error) { +// called locked +func (g *Group) getPermission(creds ClientCredentials) (string, []string, error) { + desc := g.description if creds.Token == "" { if !desc.AllowAnonymous && creds.Username == "" { return "", nil, ErrAnonymousNotAuthorised } - if found, good := matchClient(group, creds, desc.Op); found { + if found, good := matchClient(creds, desc.Op); found { if good { var p []string p = []string{"op", "present"} @@ -1119,13 +1121,13 @@ func (desc *Description) GetPermission(group string, creds ClientCredentials) (s } return "", nil, ErrNotAuthorised } - if found, good := matchClient(group, creds, desc.Presenter); found { + if found, good := matchClient(creds, desc.Presenter); found { if good { return creds.Username, []string{"present"}, nil } return "", nil, ErrNotAuthorised } - if found, good := matchClient(group, creds, desc.Other); found { + if found, good := matchClient(creds, desc.Other); found { if good { return creds.Username, nil, nil } @@ -1164,7 +1166,7 @@ func (desc *Description) GetPermission(group string, creds ClientCredentials) (s continue } } - if url.Path == path.Join("/group", group)+"/" { + if url.Path == path.Join("/group", g.name)+"/" { ok = true break } @@ -1175,6 +1177,12 @@ func (desc *Description) GetPermission(group string, creds ClientCredentials) (s return sub, perms, nil } +func (g *Group) GetPermission(creds ClientCredentials) (string, []string, error) { + g.mu.Lock() + defer g.mu.Unlock() + return g.getPermission(creds) +} + type Status struct { Name string `json:"name"` Location string `json:"location"` diff --git a/webserver/webserver.go b/webserver/webserver.go index 9cfe962..b3dd5ee 100644 --- a/webserver/webserver.go +++ b/webserver/webserver.go @@ -591,17 +591,17 @@ func handleGroupAction(w http.ResponseWriter, r *http.Request, group string) { } func checkGroupPermissions(w http.ResponseWriter, r *http.Request, groupname string) bool { - desc, err := group.GetDescription(groupname) - if err != nil { - return false - } - user, pass, ok := r.BasicAuth() if !ok { return false } - _, p, err := desc.GetPermission(groupname, + g := group.Get(groupname) + if g == nil { + return false + } + + _, p, err := g.GetPermission( group.ClientCredentials{ Username: user, Password: pass,