Endpoint to promote and demote moderators

Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-12-18 05:20:50 +01:00 · 2017-07-10 16:50:07 +02:00 · 2017-07-10 16:50:07 +02:00 · 86a3566e25
commit 86a3566e25
parent 225d7c64a8
4 changed files with 125 additions and 7 deletions
--- a/appinfo/routes.php
+++ b/appinfo/routes.php
@ -148,6 +148,24 @@ return [
 				'token' => '^[a-z0-9]{4,30}$',
 			],
 		],
+		[
+			'name' => 'Room#promoteModerator',
+			'url' => '/api/{apiVersion}/room/{token}/moderators',
+			'verb' => 'POST',
+			'requirements' => [
+				'apiVersion' => 'v1',
+				'token' => '^[a-z0-9]{4,30}$',
+			],
+		],
+		[
+			'name' => 'Room#demoteModerator',
+			'url' => '/api/{apiVersion}/room/{token}/moderators',
+			'verb' => 'DELETE',
+			'requirements' => [
+				'apiVersion' => 'v1',
+				'token' => '^[a-z0-9]{4,30}$',
+			],
+		],
 	],
 ];

--- a/lib/Controller/RoomController.php
+++ b/lib/Controller/RoomController.php
@ -500,6 +500,78 @@ class RoomController extends OCSController {
 		return new DataResponse();
 	}

+	/**
+	 * @NoAdminRequired
+	 *
+	 * @param string $token
+	 * @param string $participant
+	 * @return DataResponse
+	 */
+	public function promoteModerator($token, $participant) {
+		try {
+			$room = $this->manager->getRoomForParticipantByToken($token, $this->userId);
+			$currentParticipant = $room->getParticipant($this->userId);
+		} catch (RoomNotFoundException $e) {
+			return new DataResponse([], Http::STATUS_NOT_FOUND);
+		} catch (\RuntimeException $e) {
+			return new DataResponse([], Http::STATUS_NOT_FOUND);
+		}
+
+		if (!in_array($currentParticipant->getParticipantType(), [Participant::OWNER, Participant::MODERATOR], true)) {
+			return new DataResponse([], Http::STATUS_FORBIDDEN);
+		}
+
+		try {
+			$targetParticipant = $room->getParticipant($participant);
+		} catch (\RuntimeException $e) {
+			return new DataResponse([], Http::STATUS_NOT_FOUND);
+		}
+
+		if (!in_array($targetParticipant->getParticipantType(), [Participant::OWNER, Participant::MODERATOR], true)) {
+			return new DataResponse([''], Http::STATUS_PRECONDITION_FAILED);
+		}
+
+		$room->setParticipantType($participant, Participant::MODERATOR);
+
+		return new DataResponse();
+	}
+
+	/**
+	 * @NoAdminRequired
+	 *
+	 * @param string $token
+	 * @param string $participant
+	 * @return DataResponse
+	 */
+	public function demoteModerator($token, $participant) {
+		try {
+			$room = $this->manager->getRoomForParticipantByToken($token, $this->userId);
+			$currentParticipant = $room->getParticipant($this->userId);
+		} catch (RoomNotFoundException $e) {
+			return new DataResponse([], Http::STATUS_NOT_FOUND);
+		} catch (\RuntimeException $e) {
+			return new DataResponse([], Http::STATUS_NOT_FOUND);
+		}
+
+		if (!in_array($currentParticipant->getParticipantType(), [Participant::OWNER, Participant::MODERATOR], true)) {
+			return new DataResponse([], Http::STATUS_FORBIDDEN);
+		}
+
+		try {
+			$targetParticipant = $room->getParticipant($participant);
+		} catch (\RuntimeException $e) {
+			return new DataResponse([], Http::STATUS_NOT_FOUND);
+		}
+
+		if ($targetParticipant->getParticipantType() !== Participant::MODERATOR) {
+			return new DataResponse([''], Http::STATUS_PRECONDITION_FAILED);
+		}
+
+		$room->setParticipantType($participant, Participant::USER);
+
+		return new DataResponse();
+	}
+
 	/**
 	 * @param IUser $actor
 	 * @param IUser $user
--- a/lib/Manager.php
+++ b/lib/Manager.php
@ -69,7 +69,8 @@ class Manager {
 		while ($row = $result->fetch()) {
 			$room = new Room($this->db, $this->secureRandom, (int) $row['id'], (int) $row['type'], $row['token'], $row['name']);
 			if ($participant !== null && isset($row['userId'])) {
-				$room->setParticipant(new Participant($this->db, $room, $row['userId'], (int) $row['participantType'], (int) $row['lastPing'], $row['sessionId']));
+				$room->setParticipant($row['userId'],
+					new Participant($this->db, $room, $row['userId'], (int) $row['participantType'], (int) $row['lastPing'], $row['sessionId']));
 			}
 			$rooms[] = $room;
 		}
@ -111,7 +112,8 @@ class Manager {

 		$room = new Room($this->db, $this->secureRandom, (int) $row['id'], (int) $row['type'], $row['token'], $row['name']);
 		if ($participant !== null && isset($row['userId'])) {
-			$room->setParticipant(new Participant($this->db, $room, $row['userId'], (int) $row['participantType'], (int) $row['lastPing'], $row['sessionId']));
+			$room->setParticipant($row['userId'],
+				new Participant($this->db, $room, $row['userId'], (int) $row['participantType'], (int) $row['lastPing'], $row['sessionId']));
 		}

 		if ($participant === null && $room->getType() !== Room::PUBLIC_CALL) {
@ -155,7 +157,8 @@ class Manager {

 		$room = new Room($this->db, $this->secureRandom, (int) $row['id'], (int) $row['type'], $row['token'], $row['name']);
 		if ($participant !== null && isset($row['userId'])) {
-			$room->setParticipant(new Participant($this->db, $room, $row['userId'], (int) $row['participantType'], (int) $row['lastPing'], $row['sessionId']));
+			$room->setParticipant($row['userId'],
+				new Participant($this->db, $room, $row['userId'], (int) $row['participantType'], (int) $row['lastPing'], $row['sessionId']));
 		}

 		if ($room->getType() === Room::PUBLIC_CALL) {
--- a/lib/Room.php
+++ b/lib/Room.php
@ -49,6 +49,8 @@ class Room {
 	/** @var string */
 	private $name;

+	/** @var string */
+	protected $currentUser;
 	/** @var Participant */
 	protected $participant;

@ -100,9 +102,11 @@ class Room {
 	}

 	/**
+	 * @param string $userId
 	 * @param Participant $participant
 	 */
-	public function setParticipant(Participant $participant) {
+	public function setParticipant($userId, Participant $participant) {
+		$this->currentUser = $userId;
 		$this->participant = $participant;
 	}

@ -112,7 +116,11 @@ class Room {
 	 * @throws \RuntimeException When the user is not a participant
 	 */
 	public function getParticipant($userId) {
-		if ($this->participant instanceof Participant) {
+		if (!is_string($userId) || $userId === '') {
+			throw new \RuntimeException('Not a user');
+		}
+
+		if ($this->currentUser === $userId && $this->participant instanceof Participant) {
 			return $this->participant;
 		}

@ -129,8 +137,12 @@ class Room {
 			throw new \RuntimeException('User is not a participant');
 		}

-		$this->participant = new Participant($this->db, $this, $row['userId'], (int) $row['participantType'], (int) $row['lastPing'], $row['sessionId']);
-		return $this->participant;
+		if ($this->currentUser === $userId) {
+			$this->participant = new Participant($this->db, $this, $row['userId'], (int) $row['participantType'], (int) $row['lastPing'], $row['sessionId']);
+			return $this->participant;
+		}
+
+		return new Participant($this->db, $this, $row['userId'], (int) $row['participantType'], (int) $row['lastPing'], $row['sessionId']);
 	}

 	public function deleteRoom() {
@ -231,6 +243,19 @@ class Room {
 		$query->execute();
 	}

+	/**
+	 * @param string $participant
+	 * @param int $participantType
+	 */
+	public function setParticipantType($participant, $participantType) {
+		$query = $this->db->getQueryBuilder();
+		$query->update('spreedme_room_participants')
+			->set('participantType', $query->createNamedParameter($participantType, IQueryBuilder::PARAM_INT))
+			->where($query->expr()->eq('roomId', $query->createNamedParameter($this->getId(), IQueryBuilder::PARAM_INT)))
+			->andWhere($query->expr()->eq('userId', $query->createNamedParameter($participant)));
+		$query->execute();
+	}
+
 	/**
 	 * @param IUser $user
 	 */