Merge pull request #48 from jagerman/room-updating

Room info update endpoint

Author: jagerman

api.yaml

@@ -66,6 +66,67 @@ paths:
             Forbidden. Returned if the user is banned from the room or otherwise does not have read
             access to the room.
           content: {}
+    put:
+      tags: [Rooms]
+      summary: Updates room details/settings.
+      parameters:
+        - $ref: "#/components/parameters/pathRoomToken"
+      requestBody:
+        description:
+          JSON body containing the room details to update.  Any field can be omitted to leave it at
+          its current value.  The invoking user must have admin permissions in the room to call this
+          method.
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                name:
+                  type: string
+                  description: >
+                    New user-displayed single-line name/title of this room.  UTF-8 encoded;
+                    newlines, tabs and other control characters (i.e. all codepoints below \u0020)
+                    will be stripped out.
+                  maxLength: 100
+                  example: "My New Room"
+                description:
+                  type: string
+                  description: >
+                    Long description to show to users, typically in smaller text below the room
+                    name.  UTF-8 encoded, and permits newlines, tabs; other control characters below
+                    \u0020 will be stripped out.  Can be `null` or an empty string to remove the
+                    description entirely.
+                  example: "This is the room for all things new.\n\nHi mom!"
+                default_read:
+                  type: boolean
+                  description: >
+                    Sets the default "read" permission (if true: users can read messages) for users
+                    in this room who do not otherwise have specific permissions applied.
+                  example: true
+                default_write:
+                  type: boolean
+                  description: >
+                    Sets the default "write" permission (if true: users can post messages) for users
+                      in the room who do not otherwise have specific permissions applied.
+                  example: false
+                default_upload:
+                  type: boolean
+                  description: >
+                    Sets the default "upload" permission (if true: users can post messages
+                      containing attachments) for users in the room who do not otherwise have
+                      specific permissions applied.
+                  example: false
+      responses:
+        200:
+          description: The room was successfully updated.  Currently returns an empty json dict.
+          content:
+            application/json:
+              schema:
+                type: object
+        403:
+          description: Forbidden.  Returned if the user does not have admin permission in this room.
+
   /room/{roomToken}/pollInfo/{info_updated}:
     get:
       tags: [Rooms]
@@ -123,6 +184,12 @@ paths:
                     $ref: "#/components/schemas/Room/properties/global_moderator"
                   global_admin:
                     $ref: "#/components/schemas/Room/properties/global_admin"
+                  default_read:
+                    $ref: "#/components/schemas/Room/properties/default_read"
+                  default_write:
+                    $ref: "#/components/schemas/Room/properties/default_write"
+                  default_upload:
+                    $ref: "#/components/schemas/Room/properties/default_upload"
                   details:
                     allOf:
                       - $ref: "#/components/schemas/Room"
@@ -1465,6 +1532,26 @@ components:
             Whether the requesting user has permissions to upload attachments to messages posted to
             the room.  (Note that changes to this property do not cause an `info_update` increment.)
           example: true
+        default_read:
+          type: boolean
+          description: >
+            Whether new users have permission to read posts in this room by default.  This property
+            is only returned if the calling user has moderator/admin permissions.
+          example: true
+        default_write:
+          type: boolean
+          description: >
+            Whether new users have permission to write posts in this room by default.  This property
+            is only returned if the calling user has moderator/admin permissions.
+          example: true
+        default_upload:
+          type: boolean
+          description: >
+            Whether new users have permission to upload attachments to posts in this room by
+            default.  This property is only returned if the calling user has moderator/admin
+            permissions.
+          example: true
+
     Message:
       title: The content of a posted message
       type: object
@@ -1576,9 +1663,6 @@ components:
       description: "Session ID of a user."
       schema:
         $ref: "#/components/schemas/SessionID"
-        
-
-
 
   securitySchemes:
     pubkey:

sogs/model/room.py

@@ -213,9 +213,10 @@ def name(self):
     @name.setter
     def name(self, name: str):
         """Sets the room's human-readable name."""
-        with db.transaction():
-            query("UPDATE rooms SET name = :n WHERE id = :r", r=self.id, n=name)
-            self._refresh()
+        if name != self._name:
+            with db.transaction():
+                query("UPDATE rooms SET name = :n WHERE id = :r", r=self.id, n=name)
+                self._refresh()
 
     @property
     def description(self):
@@ -225,9 +226,10 @@ def description(self):
     @description.setter
     def description(self, desc):
         """Sets the room's human-readable description."""
-        with db.transaction():
-            query("UPDATE rooms SET description = :d WHERE id = :r", r=self.id, d=desc)
-            self._refresh()
+        if desc != self._description:
+            with db.transaction():
+                query("UPDATE rooms SET description = :d WHERE id = :r", r=self.id, d=desc)
+                self._refresh()
 
     @property
     def image_id(self):
@@ -322,25 +324,28 @@ def default_upload(self):
     def default_read(self, read: bool):
         """Sets the default read permission of the room"""
 
-        with db.transaction():
-            query("UPDATE rooms SET read = :read WHERE id = :r", r=self.id, read=read)
-            self._refresh(perms=True)
+        if read != self._default_read:
+            with db.transaction():
+                query("UPDATE rooms SET read = :read WHERE id = :r", r=self.id, read=read)
+                self._refresh(perms=True)
 
     @default_write.setter
     def default_write(self, write: bool):
         """Sets the default write permission of the room"""
 
-        with db.transaction():
-            query("UPDATE rooms SET write = :write WHERE id = :r", r=self.id, write=write)
-            self._refresh(perms=True)
+        if write != self._default_write:
+            with db.transaction():
+                query("UPDATE rooms SET write = :write WHERE id = :r", r=self.id, write=write)
+                self._refresh(perms=True)
 
     @default_upload.setter
     def default_upload(self, upload: bool):
         """Sets the default upload permission of the room"""
 
-        with db.transaction():
-            query("UPDATE rooms SET upload = :upload WHERE id = :r", r=self.id, upload=upload)
-            self._refresh(perms=True)
+        if upload != self._default_upload:
+            with db.transaction():
+                query("UPDATE rooms SET upload = :upload WHERE id = :r", r=self.id, upload=upload)
+                self._refresh(perms=True)
 
     def active_users(self, cutoff=config.ROOM_DEFAULT_ACTIVE_THRESHOLD * 86400):
         """

sogs/routes/auth.py

@@ -123,6 +123,44 @@ def required_user_wrapper(*args, **kwargs):
     return required_user_wrapper
 
 
+def require_mod(room, *, admin=False):
+    """Checks a room for moderator or admin permission; aborts with 401 Unauthorized if there is no
+    user in the request, and 403 Forbidden if g.user does not have moderator (or admin, if
+    specified) permission."""
+    require_user()
+    if not (room.check_admin(g.user) if admin else room.check_moderator(g.user)):
+        abort_with_reason(
+            http.FORBIDDEN,
+            f"This endpoint requires {'admin' if admin else 'moderator'} room permissions",
+        )
+
+
+def mod_required(f):
+    """Decorator for an endpoint that requires a user that has moderator permission in the given
+    room.  The function must take a `room` argument by name, as is typically used with flask
+    endpoints with a <Room:room> argument."""
+
+    @wraps(f)
+    def required_mod_wrapper(*args, room, **kwargs):
+        require_mod(room)
+        return f(*args, room=room, **kwargs)
+
+    return required_mod_wrapper
+
+
+def admin_required(f):
+    """Decorator for an endpoint that requires a user that has admin permission in the given room.
+    The function must take a `room` argument by name, as is typically used with flask endpoints with
+    a <Room:room> argument."""
+
+    @wraps(f)
+    def required_admin_wrapper(*args, room, **kwargs):
+        require_mod(room, admin=True)
+        return f(*args, room=room, **kwargs)
+
+    return required_admin_wrapper
+
+
 @app.before_request
 def handle_http_auth():
     """

sogs/routes/rooms.py

@@ -1,5 +1,6 @@
-from .. import config, http, utils
+from .. import config, db, http, utils
 from ..model import room as mroom
+from ..web import app
 from . import auth
 
 from flask import abort, jsonify, g, Blueprint, request
@@ -17,21 +18,21 @@ def get_one_room(room):
     rr = {
         'token': room.token,
         'name': room.name,
-        'description': room.description,
         'info_updates': room.info_updates,
         'message_sequence': room.message_sequence,
         'created': room.created,
         'active_users': room.active_users(),
         'active_users_cutoff': int(config.ROOM_DEFAULT_ACTIVE_THRESHOLD * 86400),
         'moderators': mods,
         'admins': admins,
-        'moderator': room.check_moderator(g.user),
-        'admin': room.check_admin(g.user),
         'read': room.check_read(g.user),
         'write': room.check_write(g.user),
         'upload': room.check_upload(g.user),
     }
 
+    if room.description is not None:
+        rr['description'] = room.description
+
     if room.image_id is not None:
         rr['image_id'] = room.image_id
 
@@ -44,6 +45,13 @@ def get_one_room(room):
     if h_admins:
         rr['hidden_admins'] = h_admins
 
+    if room.check_moderator(g.user):
+        rr['moderator'] = True
+        rr['default_read'] = room.default_read
+        rr['default_write'] = room.default_write
+        rr['default_upload'] = room.default_upload
+    if room.check_admin(g.user):
+        rr['admin'] = True
     if g.user:
         if g.user.global_moderator:
             rr['global_moderator'] = True
@@ -58,6 +66,62 @@ def get_rooms():
     return jsonify([get_one_room(r) for r in mroom.get_readable_rooms(g.user)])
 
 
+BAD_NAME_CHARS = {c: None for c in range(32)}
+BAD_DESCRIPTION_CHARS = {c: None for c in range(32) if not (0x09 <= c <= 0x0A)}
+
+
+@rooms.put("/room/<Room:room>")
+@auth.admin_required
+def update_room(room):
+
+    req = request.json
+
+    with db.transaction():
+        did = False
+        if 'name' in req:
+            n = req['name']
+            if not isinstance(n, str):
+                app.logger.warning(f"Room update with invalid name: {type(n)} != str")
+                abort(http.BAD_REQUEST)
+            room.name = n.translate(BAD_NAME_CHARS)
+            did = True
+        if 'description' in req:
+            d = req['description']
+            if not (d is None or isinstance(d, str)):
+                app.logger.warning(f"Room update: invalid description: {type(d)} is not str, null")
+                abort(http.BAD_REQUEST)
+            if d is not None:
+                d = d.translate(BAD_DESCRIPTION_CHARS)
+                if len(d) == 0:
+                    d = None
+
+            room.description = d
+            did = True
+        read, write, upload = (req.get('default_' + x) for x in ('read', 'write', 'upload'))
+        for val in (read, write, upload):
+            if not (val is None or isinstance(val, bool) or isinstance(val, int)):
+                app.logger.warning(
+                    f"Room update: default_read/write/upload must be bool, not {type(val)}"
+                )
+                abort(http.BAD_REQUEST)
+
+        if read is not None:
+            room.default_read = bool(read)
+            did = True
+        if write is not None:
+            room.default_write = bool(write)
+            did = True
+        if upload is not None:
+            room.default_upload = bool(upload)
+            did = True
+
+        if not did:
+            app.logger.warning("Room update: must include at least one field to update")
+            abort(http.BAD_REQUEST)
+
+    return jsonify({})
+
+
 @rooms.get("/room/<Room:room>/pollInfo/<int:info_updated>")
 def poll_room_info(room, info_updated):
     if g.user:
@@ -66,8 +130,6 @@ def poll_room_info(room, info_updated):
     result = {
         'token': room.token,
         'active_users': room.active_users(),
-        'moderator': room.check_moderator(g.user),
-        'admin': room.check_admin(g.user),
         'read': room.check_read(g.user),
         'write': room.check_write(g.user),
         'upload': room.check_upload(g.user),
@@ -76,6 +138,13 @@ def poll_room_info(room, info_updated):
     if room.info_updates != info_updated:
         result['details'] = get_one_room(room)
 
+    if room.check_moderator(g.user):
+        result['moderator'] = True
+        result['default_read'] = room.default_read
+        result['default_write'] = room.default_write
+        result['default_upload'] = room.default_upload
+    if room.check_admin(g.user):
+        result['admin'] = True
     if g.user:
         if g.user.global_moderator:
             result['global_moderator'] = True