From 4827ff10b7747f6baf31fb4fda0e308938f44b48 Mon Sep 17 00:00:00 2001 From: Settel Date: Fri, 9 Dec 2022 20:48:33 +0100 Subject: [PATCH] bugfix: set cameo flag only for admin user (clone user object) --- server/src/handler/private.go | 6 ++++-- server/src/user/user.go | 21 ++++++++++++++++++++- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/server/src/handler/private.go b/server/src/handler/private.go index 28b7b0f..4cdaff2 100644 --- a/server/src/handler/private.go +++ b/server/src/handler/private.go @@ -3,8 +3,9 @@ package handler import ( "fmt" "net/http" - "sirlab.de/go/knowyt/user" "strings" + + "sirlab.de/go/knowyt/user" ) func (authMux *AuthMux) PrivateHandleFunc(pattern string, handlerFunc PrivateHandlerFunc) { @@ -43,7 +44,8 @@ func (authMux *AuthMux) getUserFromSession(r *http.Request) (*user.User, error) if usr.IsAdmin() { if cookieCameo, err := r.Cookie("knowyt-auth-cameo"); err == nil { - if usrNew, err := authMux.app.GetUserById(cookieCameo.Value); err == nil { + if usrCameo, err := authMux.app.GetUserById(cookieCameo.Value); err == nil { + usrNew := usrCameo.DeepCloneUserObj() usrNew.SetCameo(usr) return usrNew, nil } diff --git a/server/src/user/user.go b/server/src/user/user.go index b615a47..258ec76 100644 --- a/server/src/user/user.go +++ b/server/src/user/user.go @@ -5,9 +5,10 @@ import ( "fmt" "os" "path" - "sirlab.de/go/knowyt/fileutil" "strings" "time" + + "sirlab.de/go/knowyt/fileutil" ) func NewUserFromFile(fileName string) (*User, error) { @@ -48,6 +49,24 @@ func CreateUser(fileName, gameId string) *User { } } +func (usr *User) DeepCloneUserObj() *User { + usr.mu.Lock() + defer usr.mu.Unlock() + + usrNew := User{ + id: usr.id, + filename: usr.filename, + authcode: usr.authcode, + name: usr.name, + role: usr.role, + gameId: usr.gameId, + created: usr.created, + lastLoggedIn: usr.lastLoggedIn, + cameo: usr.cameo, + } + return &usrNew +} + func (usr *User) SaveUser() error { usr.mu.Lock() defer usr.mu.Unlock()