Require client to specify explicitly in websockets whether restricted users should be seen
This is only allowed to those having the user privilege AdminPrivilegeManageUsers, having being identified by the API AND having sent a message of type set_restricted_visibility stating specifically in the data that they want to get info also about restricted users. This also includes some more information in the new_scores, such as the username and userid of the user who submitted the score.
This commit is contained in:
Morgan Bazalgette
31
app/websockets/restricted_visibility.go
Normal file
31
app/websockets/restricted_visibility.go
Normal file
@@ -0,0 +1,31 @@
|
||||
package websockets
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
|
||||
"zxq.co/ripple/rippleapi/common"
|
||||
)
|
||||
|
||||
// SetRestrictedVisibility sets whether the information of restricted users
|
||||
// can be seen.
|
||||
func SetRestrictedVisibility(c *conn, message incomingMessage) {
|
||||
var visibility bool
|
||||
|
||||
err := json.Unmarshal(message.Data, &visibility)
|
||||
if err != nil {
|
||||
c.WriteJSON(TypeInvalidMessage, err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
var userIsManager bool
|
||||
if c.User != nil && (c.User.UserPrivileges&uint64(common.AdminPrivilegeManageUsers) > 0) {
|
||||
userIsManager = true
|
||||
}
|
||||
|
||||
c.Mtx.Lock()
|
||||
visibility = visibility && userIsManager
|
||||
c.RestrictedVisible = visibility
|
||||
c.Mtx.Unlock()
|
||||
|
||||
c.WriteJSON(TypeRestrictedVisibilitySet, visibility)
|
||||
}
|
||||
Reference in New Issue
Block a user