Remove speaker note for unauthorized users (#162)

Remove speaker note for unauthorized users
OpenSlides · Apr 26, 2021 · d3e251a · d3e251a
1 parent f17ad9d
commit d3e251a
Show file tree

Hide file tree

Showing 10 changed files with 176 additions and 18 deletions.
diff --git a/cmd/autoupdate/main.go b/cmd/autoupdate/main.go
@@ -226,8 +226,8 @@ func openslidesRequiredUsers() map[string]func(json.RawMessage) (map[int]bool, s
 func openslidesRestricters(ds restricter.HasPermer) map[string]restricter.Element {
 	basePerm := restricter.BasePermission(ds)
 	return map[string]restricter.Element{
-		"agenda/item":             agenda.Restrict(ds),
-		"agenda/list-of-speakers": basePerm(agenda.CanSeeListOfSpeakers),
+		"agenda/item":             agenda.RestrictItem(ds),
+		"agenda/list-of-speakers": agenda.RestrictListOfSpeakers(ds),
 
 		"assignments/assignment":        basePerm(assignment.CanSee),
 		"assignments/assignment-poll":   poll.RestrictPoll(ds, assignment.CanSee, assignment.CanManage, []string{"amount_global_yes", "amount_global_no", "amount_global_abstain"}),

diff --git a/internal/apps/agenda/models.go b/internal/apps/agenda/models.go
@@ -26,12 +26,13 @@ type listOfSpeakers struct {
 		Collection string `json:"collection"`
 	} `json:"content_object"`
 	Speakers []struct {
-		UserID       int                    `json:"user_id"`
-		Marked       json.RawMessage        `json:"marked"`
-		PointOfOrder bool                   `json:"point_of_order"`
-		Weight       *projector.OptionalInt `json:"weight"`
-		BeginTime    json.RawMessage        `json:"begin_time"`
-		EndTime      json.RawMessage        `json:"end_time"`
+		UserID       int                     `json:"user_id"`
+		Marked       json.RawMessage         `json:"marked"`
+		PointOfOrder bool                    `json:"point_of_order"`
+		ProSpeech    *projector.OptionalBool `json:"pro_speech"`
+		Weight       *projector.OptionalInt  `json:"weight"`
+		BeginTime    json.RawMessage         `json:"begin_time"`
+		EndTime      json.RawMessage         `json:"end_time"`
 	} `json:"speakers"`
 	Closed json.RawMessage `json:"closed"`
 }

diff --git a/internal/apps/agenda/projector.go b/internal/apps/agenda/projector.go
@@ -159,11 +159,12 @@ func ListOfSpeakersSlide() projector.CallableFunc {
 }
 
 type formattedSpeaker struct {
-	User         string                 `json:"user"`
-	Marked       json.RawMessage        `json:"marked"`
-	PointOfOrder bool                   `json:"point_of_order"`
-	Weight       *projector.OptionalInt `json:"weight"`
-	EndTime      json.RawMessage        `json:"end_time"`
+	User         string                  `json:"user"`
+	Marked       json.RawMessage         `json:"marked"`
+	PointOfOrder bool                    `json:"point_of_order"`
+	ProSpeech    *projector.OptionalBool `json:"pro_speech"`
+	Weight       *projector.OptionalInt  `json:"weight"`
+	EndTime      json.RawMessage         `json:"end_time"`
 }
 
 func titleInformation(ds projector.Datastore, los listOfSpeakers) (map[string]*projector.OptionalStr, error) {
@@ -218,6 +219,7 @@ func listOfSpeakerSlideData(ds projector.Datastore, los listOfSpeakers) (json.Ra
 			User:         username,
 			Marked:       speaker.Marked,
 			PointOfOrder: speaker.PointOfOrder,
+			ProSpeech:    speaker.ProSpeech,
 			Weight:       speaker.Weight,
 			EndTime:      speaker.EndTime,
 		}

diff --git a/internal/apps/agenda/restrict.go b/internal/apps/agenda/restrict.go
@@ -14,11 +14,12 @@ const (
 
 	// CanSeeListOfSpeakers is the permission string if a user can see the list
 	// of speakers.
-	CanSeeListOfSpeakers = "agenda.can_see_list_of_speakers"
+	CanSeeListOfSpeakers     = "agenda.can_see_list_of_speakers"
+	pCanManageListOfSpeakers = "agenda.can_manage_list_of_speakers"
 )
 
-// Restrict handels restrictions of agenda/item elements.
-func Restrict(r restricter.HasPermer) restricter.ElementFunc {
+// RestrictItem handels restrictions of agenda/item elements.
+func RestrictItem(r restricter.HasPermer) restricter.ElementFunc {
 	return func(uid int, element json.RawMessage) (json.RawMessage, error) {
 		if !r.HasPerm(uid, pCanSee) {
 			return nil, nil
@@ -67,3 +68,56 @@ func Restrict(r restricter.HasPermer) restricter.ElementFunc {
 		return element, nil
 	}
 }
+
+// RestrictListOfSpeakers restricts the list of speakers: The field "note" is
+// removed for every speaker, if the user is not a manager, the speaker user or
+// the config agenda_list_of_speakers_speaker_note_for_everyone is set.
+func RestrictListOfSpeakers(r restricter.HasPermer) restricter.ElementFunc {
+	return func(uid int, element json.RawMessage) (json.RawMessage, error) {
+		if !r.HasPerm(uid, CanSeeListOfSpeakers) {
+			return nil, nil
+		}
+
+		var notesForEveryone bool
+		if err := r.ConfigValue("agenda_list_of_speakers_speaker_note_for_everyone", &notesForEveryone); err != nil {
+			return nil, fmt.Errorf("getting agenda_list_of_speakers_speaker_note_for_everyone: %w", err)
+		}
+
+		if notesForEveryone || r.HasPerm(uid, pCanManageListOfSpeakers) {
+			return element, nil
+		}
+
+		// Delete each speaker's note for speakers which user is not the one to restrict for.
+		var los map[string]json.RawMessage
+		if err := json.Unmarshal(element, &los); err != nil {
+			return nil, fmt.Errorf("decoding list of speakers: %w", err)
+		}
+		var speakers []map[string]json.RawMessage
+		if err := json.Unmarshal(los["speakers"], &speakers); err != nil {
+			return nil, fmt.Errorf("decoding speakers: %w", err)
+		}
+
+		for _, speaker := range speakers {
+			var userId int
+			if err := json.Unmarshal(speaker["user_id"], &userId); err != nil {
+				return nil, fmt.Errorf("decoding speaker: %w", err)
+			}
+			if uid == userId {
+				continue
+			}
+			delete(speaker, "note")
+		}
+
+		speakersEncoded, err := json.Marshal(speakers)
+		if err != nil {
+			return nil, fmt.Errorf("encoding speakers: %w", err)
+		}
+
+		los["speakers"] = speakersEncoded
+		element, err = json.Marshal(los)
+		if err != nil {
+			return nil, fmt.Errorf("encoding list of speakers: %w", err)
+		}
+		return element, nil
+	}
+}
diff --git a/internal/apps/agenda/restrict_test.go b/internal/apps/agenda/restrict_test.go
@@ -51,7 +51,7 @@ const (
 
 func TestRestrict(t *testing.T) {
 	permer := new(test.HasPermMock)
-	r := agenda.Restrict(permer)
+	r := agenda.RestrictItem(permer)
 
 	for _, tt := range []struct {
 		name     string

diff --git a/internal/projector/helpers.go b/internal/projector/helpers.go
@@ -119,3 +119,44 @@ func (o *OptionalStr) MarshalJSON() ([]byte, error) {
 	}
 	return json.Marshal(o.value)
 }
+
+// OptionalBool is a type that can be null or an bool.
+type OptionalBool struct {
+	value bool
+	exist bool
+}
+
+// Value returns the value of the type. Returns false if it does not exist.
+func (o *OptionalBool) Value() bool {
+	if o == nil {
+		return false
+	}
+	return o.value
+}
+
+// Null returns true, if, the value does not exist.
+func (o *OptionalBool) Null() bool {
+	if o == nil {
+		return true
+	}
+	return !o.exist
+}
+
+// UnmarshalJSON builds this type from json.
+func (o *OptionalBool) UnmarshalJSON(b []byte) error {
+	if bytes.Equal(b, []byte(`null`)) {
+		o.exist = false
+		return nil
+	}
+
+	o.exist = true
+	return json.Unmarshal(b, &o.value)
+}
+
+// MarshalJSON decodes the type to json.
+func (o *OptionalBool) MarshalJSON() ([]byte, error) {
+	if o.Null() {
+		return []byte(`null`), nil
+	}
+	return json.Marshal(o.value)
+}
diff --git a/internal/restricter/interface.go b/internal/restricter/interface.go
@@ -14,11 +14,12 @@ type Element interface {
 	Restrict(int, json.RawMessage) (json.RawMessage, error)
 }
 
-// HasPermer tells if a user has a specivic perm.
+// HasPermer tells if a user has a specific perm.
 type HasPermer interface {
 	HasPerm(uid int, perm string) bool
 	IsSuperadmin(uid int) bool
 	InGroups(uid int, groups []int) bool
 	UserRequired(uid int) []string
 	Get(collection string, id int, v interface{}) error
+	ConfigValue(key string, v interface{}) error
 }