Add PUT endpoint to modify room details

Author: jagerman

api.yaml

@@ -66,6 +66,67 @@ paths:
             Forbidden. Returned if the user is banned from the room or otherwise does not have read
             access to the room.
           content: {}
+    put:
+      tags: [Rooms]
+      summary: Updates room details/settings.
+      parameters:
+        - $ref: "#/components/parameters/pathRoomToken"
+      requestBody:
+        description:
+          JSON body containing the room details to update.  Any field can be omitted to leave it at
+          its current value.  The invoking user must have admin permissions in the room to call this
+          method.
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                name:
+                  type: string
+                  description: >
+                    New user-displayed single-line name/title of this room.  UTF-8 encoded;
+                    newlines, tabs and other control characters (i.e. all codepoints below \u0020)
+                    will be stripped out.
+                  maxLength: 100
+                  example: "My New Room"
+                description:
+                  type: string
+                  description: >
+                    Long description to show to users, typically in smaller text below the room
+                    name.  UTF-8 encoded, and permits newlines, tabs; other control characters below
+                    \u0020 will be stripped out.  Can be `null` or an empty string to remove the
+                    description entirely.
+                  example: "This is the room for all things new.\n\nHi mom!"
+                default_read:
+                  type: boolean
+                  description: >
+                    Sets the default "read" permission (if true: users can read messages) for users
+                    in this room who do not otherwise have specific permissions applied.
+                  example: true
+                default_write:
+                  type: boolean
+                  description: >
+                    Sets the default "write" permission (if true: users can post messages) for users
+                      in the room who do not otherwise have specific permissions applied.
+                  example: false
+                default_upload:
+                  type: boolean
+                  description: >
+                    Sets the default "upload" permission (if true: users can post messages
+                      containing attachments) for users in the room who do not otherwise have
+                      specific permissions applied.
+                  example: false
+      responses:
+        200:
+          description: The room was successfully updated.  Currently returns an empty json dict.
+          content:
+            application/json:
+              schema:
+                type: object
+        403:
+          description: Forbidden.  Returned if the user does not have admin permission in this room.
+
   /room/{roomToken}/pollInfo/{info_updated}:
     get:
       tags: [Rooms]

sogs/model/room.py

@@ -213,9 +213,10 @@ def name(self):
     @name.setter
     def name(self, name: str):
         """Sets the room's human-readable name."""
-        with db.transaction():
-            query("UPDATE rooms SET name = :n WHERE id = :r", r=self.id, n=name)
-            self._refresh()
+        if name != self._name:
+            with db.transaction():
+                query("UPDATE rooms SET name = :n WHERE id = :r", r=self.id, n=name)
+                self._refresh()
 
     @property
     def description(self):
@@ -225,9 +226,10 @@ def description(self):
     @description.setter
     def description(self, desc):
         """Sets the room's human-readable description."""
-        with db.transaction():
-            query("UPDATE rooms SET description = :d WHERE id = :r", r=self.id, d=desc)
-            self._refresh()
+        if desc != self._description:
+            with db.transaction():
+                query("UPDATE rooms SET description = :d WHERE id = :r", r=self.id, d=desc)
+                self._refresh()
 
     @property
     def image_id(self):
@@ -322,25 +324,28 @@ def default_upload(self):
     def default_read(self, read: bool):
         """Sets the default read permission of the room"""
 
-        with db.transaction():
-            query("UPDATE rooms SET read = :read WHERE id = :r", r=self.id, read=read)
-            self._refresh(perms=True)
+        if read != self._default_read:
+            with db.transaction():
+                query("UPDATE rooms SET read = :read WHERE id = :r", r=self.id, read=read)
+                self._refresh(perms=True)
 
     @default_write.setter
     def default_write(self, write: bool):
         """Sets the default write permission of the room"""
 
-        with db.transaction():
-            query("UPDATE rooms SET write = :write WHERE id = :r", r=self.id, write=write)
-            self._refresh(perms=True)
+        if write != self._default_write:
+            with db.transaction():
+                query("UPDATE rooms SET write = :write WHERE id = :r", r=self.id, write=write)
+                self._refresh(perms=True)
 
     @default_upload.setter
     def default_upload(self, upload: bool):
         """Sets the default upload permission of the room"""
 
-        with db.transaction():
-            query("UPDATE rooms SET upload = :upload WHERE id = :r", r=self.id, upload=upload)
-            self._refresh(perms=True)
+        if upload != self._default_upload:
+            with db.transaction():
+                query("UPDATE rooms SET upload = :upload WHERE id = :r", r=self.id, upload=upload)
+                self._refresh(perms=True)
 
     def active_users(self, cutoff=config.ROOM_DEFAULT_ACTIVE_THRESHOLD * 86400):
         """

sogs/routes/rooms.py

@@ -1,5 +1,6 @@
-from .. import config, http, utils
+from .. import config, db, http, utils
 from ..model import room as mroom
+from ..web import app
 from . import auth
 
 from flask import abort, jsonify, g, Blueprint, request
@@ -58,6 +59,65 @@ def get_rooms():
     return jsonify([get_one_room(r) for r in mroom.get_readable_rooms(g.user)])
 
 
+BAD_NAME_CHARS = {c: None for c in range(32)}
+BAD_DESCRIPTION_CHARS = {c: None for c in range(32) if not (0x09 <= c <= 0x0A)}
+
+
+@rooms.put("/room/<Room:room>")
+@auth.user_required
+def update_room(room):
+
+    if not room.check_admin(g.user):
+        abort(http.FORBIDDEN)
+
+    req = request.json
+
+    with db.transaction():
+        did = False
+        if 'name' in req:
+            n = req['name']
+            if not isinstance(n, str):
+                app.logger.warning(f"Room update with invalid name: {type(n)} != str")
+                abort(http.BAD_REQUEST)
+            room.name = n.translate(BAD_NAME_CHARS)
+            did = True
+        if 'description' in req:
+            d = req['description']
+            if not (d is None or isinstance(d, str)):
+                app.logger.warning(f"Room update: invalid description: {type(d)} is not str, null")
+                abort(http.BAD_REQUEST)
+            if d is not None:
+                d = d.translate(BAD_DESCRIPTION_CHARS)
+                if len(d) == 0:
+                    d = None
+
+            room.description = d
+            did = True
+        read, write, upload = (req.get('default_' + x) for x in ('read', 'write', 'upload'))
+        for val in (read, write, upload):
+            if not (val is None or isinstance(val, bool) or isinstance(val, int)):
+                app.logger.warning(
+                    f"Room update: default_read/write/upload must be bool, not {type(val)}"
+                )
+                abort(http.BAD_REQUEST)
+
+        if read is not None:
+            room.default_read = bool(read)
+            did = True
+        if write is not None:
+            room.default_write = bool(write)
+            did = True
+        if upload is not None:
+            room.default_upload = bool(upload)
+            did = True
+
+        if not did:
+            app.logger.warning("Room update: must include at least one field to update")
+            abort(http.BAD_REQUEST)
+
+    return jsonify({})
+
+
 @rooms.get("/room/<Room:room>/pollInfo/<int:info_updated>")
 def poll_room_info(room, info_updated):
     if g.user:

tests/test_room_routes.py

@@ -134,6 +134,188 @@ def test_list(client, room, user, user2, admin, mod, global_mod, global_admin):
     assert r.json == {**r3_expected, **exp_gadmin}
 
 
+def test_updates(client, room, user, user2, mod, admin, global_mod, global_admin):
+    url_room = '/room/test-room'
+    r = sogs_get(client, url_room, user)
+    assert r.status_code == 200
+    expect_room = {
+        "token": "test-room",
+        "name": "Test room",
+        "description": "Test suite testing room",
+        "info_updates": 2,
+        "message_sequence": 0,
+        "created": room.created,
+        "active_users": 0,
+        "active_users_cutoff": int(86400 * sogs.config.ROOM_DEFAULT_ACTIVE_THRESHOLD),
+        "moderators": [mod.session_id],
+        "admins": [admin.session_id],
+        "read": True,
+        "write": True,
+        "upload": True,
+    }
+    assert r.json == expect_room
+
+    for u in (user, user2, mod, global_mod):
+        r = sogs_put(client, url_room, {"name": "OMG ROOM!"}, u)
+        assert r.status_code == 403
+
+    assert sogs_get(client, url_room, user).json == expect_room
+
+    r = sogs_put(client, url_room, {"name": "OMG ROOM!"}, admin)
+    assert r.status_code == 200
+    expect_room['name'] = "OMG ROOM!"
+    expect_room['info_updates'] += 1
+
+    assert sogs_get(client, url_room, user).json == expect_room
+
+    r = sogs_put(
+        client, url_room, {"name": "rrr", "description": "Tharr be pirrrates!"}, global_admin
+    )
+    assert r.status_code == 200
+    expect_room['name'] = 'rrr'
+    expect_room['description'] = 'Tharr be pirrrates!'
+    expect_room['info_updates'] += 2
+
+    assert sogs_get(client, url_room, user).json == expect_room
+
+    r = sogs_put(client, url_room, {"default_write": False}, admin)
+    assert r.status_code == 200
+    expect_room['write'] = False
+    expect_room['upload'] = False  # upload requires default_upload *and* write
+    # expect_room['info_updates'] += 0  # permission updates don't increment info_updates
+
+    assert sogs_get(client, url_room, user).json == expect_room
+
+    expect_mod = {
+        'read': True,
+        'write': True,
+        'upload': True,
+        'default_read': True,
+        'default_write': False,
+        'default_upload': True,
+        'moderator': True,
+        'moderators': [mod.session_id],
+        'admins': [admin.session_id],
+        'hidden_moderators': [global_mod.session_id],
+        'hidden_admins': [global_admin.session_id],
+    }
+    assert sogs_get(client, url_room, mod).json == {**expect_room, **expect_mod}
+
+    r = sogs_put(client, url_room, {"default_upload": False, "default_read": True}, admin)
+    assert r.status_code == 200
+    expect_mod['default_upload'] = False
+
+    assert sogs_get(client, url_room, user).json == expect_room
+    assert sogs_get(client, url_room, mod).json == {**expect_room, **expect_mod}
+
+    r = sogs_put(client, url_room, {"default_read": False}, admin)
+    assert r.status_code == 200
+    expect_room['read'] = False
+    expect_mod['default_read'] = False
+
+    assert sogs_get(client, url_room, user).json == expect_room
+    assert sogs_get(client, url_room, mod).json == {**expect_room, **expect_mod}
+
+    r = sogs_put(
+        client,
+        url_room,
+        {
+            "default_read": True,
+            "default_write": True,
+            "default_upload": True,
+            "name": "Gudaye, mytes!",
+            "description": (
+                "Room for learning to speak Australian\n\n"
+                "Throw a shrimpie on the barbie and crack a coldie from the bottle-o!"
+            ),
+        },
+        admin,
+    )
+    assert r.status_code == 200
+    for x in ('read', 'write', 'upload'):
+        expect_room[x] = True
+    expect_room['name'] = "Gudaye, mytes!"
+    expect_room['description'] = (
+        "Room for learning to speak Australian\n\n"
+        "Throw a shrimpie on the barbie and crack a coldie from the bottle-o!"
+    )
+    expect_room['info_updates'] += 2
+    for x in ('read', 'write', 'upload'):
+        expect_mod['default_' + x] = True
+
+    assert sogs_get(client, url_room, user).json == expect_room
+    assert sogs_get(client, url_room, mod).json == {**expect_room, **expect_mod}
+
+    r = sogs_put(client, url_room, {"description": None}, admin)
+    assert r.status_code == 200
+
+    del expect_room['description']
+    expect_room['info_updates'] += 1
+
+    assert sogs_get(client, url_room, user).json == expect_room
+    assert sogs_get(client, url_room, mod).json == {**expect_room, **expect_mod}
+
+    r = sogs_put(client, url_room, {"description": "ddd"}, admin)
+    expect_room['description'] = 'ddd'
+    expect_room['info_updates'] += 1
+    assert sogs_get(client, url_room, user).json == expect_room
+
+    # empty string description should be treated as null
+    r = sogs_put(client, url_room, {"description": ""}, admin)
+    del expect_room['description']
+    expect_room['info_updates'] += 1
+    assert sogs_get(client, url_room, user).json == expect_room
+
+    # Name strips out all control chars (i.e. anything below \x20); description strips out all
+    # except newline (\x0a) and tab (\x09).
+    r = sogs_put(
+        client,
+        url_room,
+        {
+            "description": f"a{''.join(chr(c) for c in range(33))}z",
+            "name": f"a{''.join(chr(c) for c in range(33))}z",
+        },
+        admin,
+    )
+    expect_room['description'] = 'a\x09\x0a z'
+    expect_room['name'] = 'a z'
+    expect_room['info_updates'] += 2
+
+    assert sogs_get(client, url_room, user).json == expect_room
+    assert sogs_get(client, url_room, mod).json == {**expect_room, **expect_mod}
+
+    # Test bad arguments properly err:
+    assert [
+        sogs_put(client, url_room, data, admin).status_code
+        for data in (
+            {},
+            {'name': 42},
+            {'name': None},
+            {'description': 42},
+            {'default_read': "foo"},
+            {'default_write': "bar"},
+            {'default_upload': None},
+        )
+    ] == [400] * 7
+
+    assert sogs_get(client, url_room, user).json == expect_room
+    assert sogs_get(client, url_room, mod).json == {**expect_room, **expect_mod}
+
+    # Last but not least let's fill up name and description with emoji!
+    emoname = "💰 🐈 🍌 🌋 ‽"
+    emodesc = (
+        "💾 🚌 🗑 📱 🆗 😴 👖 💲 🍹 📉 🍩 🛎 🚣 ⚫️ 🐕 🕒 🏕 🎩 🆕 🍭 💋 🐌 📡 🚫 "
+        "🕢 🚮 🎳 🚠 📦 😛 ♋️ 🌼 🏭 👼 🙆 👗 🏡 😞 🎠 ⭕️ 💚 💁 💸 🌟 ☀️ 🍀 🎶 🍿"
+    )
+    r = sogs_put(client, url_room, {"description": emodesc, "name": emoname}, admin)
+    expect_room['description'] = emodesc
+    expect_room['name'] = emoname
+    expect_room['info_updates'] += 2
+
+    assert sogs_get(client, url_room, user).json == expect_room
+    assert sogs_get(client, url_room, mod).json == {**expect_room, **expect_mod}
+
+
 def test_polling(client, room, user, user2, mod, admin, global_mod, global_admin):
     r = sogs_get(client, "/room/test-room", user)
     assert r.status_code == 200