]> git.r.bdr.sh - rbdr/mobius/blobdiff - hotline/transaction_handlers.go
git.r.bdr.sh / rbdr / mobius / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request #62 from jhalter/add_basic_stats
[rbdr/mobius] / hotline / transaction_handlers.go
diff --git a/hotline/transaction_handlers.go b/hotline/transaction_handlers.go
index 46fe362bf687b1165e3854de3a3105af2e3f7d08..2d03b0723c496239d08ff5bf7f80d86aaba9b1ae 100644 (file)
--- a/hotline/transaction_handlers.go
+++ b/hotline/transaction_handlers.go
@@ -321,14 +321,29 @@ func HandleSendInstantMsg(cc *ClientConn, t *Transaction) (res []Transaction, er
                reply.Fields = append(reply.Fields, NewField(fieldQuotingMsg, t.GetField(fieldQuotingMsg).Data))
        }
 
                reply.Fields = append(reply.Fields, NewField(fieldQuotingMsg, t.GetField(fieldQuotingMsg).Data))
        }
 
-       res = append(res, *reply)
-
        id, _ := byteToInt(ID.Data)
        otherClient, ok := cc.Server.Clients[uint16(id)]
        if !ok {
                return res, errors.New("invalid client ID")
        }
 
        id, _ := byteToInt(ID.Data)
        otherClient, ok := cc.Server.Clients[uint16(id)]
        if !ok {
                return res, errors.New("invalid client ID")
        }
 
+       // Check if target user has "Refuse private messages" flag
+       flagBitmap := big.NewInt(int64(binary.BigEndian.Uint16(otherClient.Flags)))
+       if flagBitmap.Bit(userFLagRefusePChat) == 1 {
+               res = append(res,
+                       *NewTransaction(
+                               tranServerMsg,
+                               cc.ID,
+                               NewField(fieldData, []byte(string(otherClient.UserName)+" does not accept private messages.")),
+                               NewField(fieldUserName, otherClient.UserName),
+                               NewField(fieldUserID, *otherClient.ID),
+                               NewField(fieldOptions, []byte{0, 2}),
+                       ),
+               )
+       } else {
+               res = append(res, *reply)
+       }
+
        // Respond with auto reply if other client has it enabled
        if len(otherClient.AutoReply) > 0 {
                res = append(res,
        // Respond with auto reply if other client has it enabled
        if len(otherClient.AutoReply) > 0 {
                res = append(res,
@@ -790,6 +805,15 @@ func HandleUpdateUser(cc *ClientConn, t *Transaction) (res []Transaction, err er
                        newAccess := accessBitmap{}
                        copy(newAccess[:], getField(fieldUserAccess, &subFields).Data[:])
 
                        newAccess := accessBitmap{}
                        copy(newAccess[:], getField(fieldUserAccess, &subFields).Data[:])
 
+                       // Prevent account from creating new account with greater permission
+                       for i := 0; i < 64; i++ {
+                               if newAccess.IsSet(i) {
+                                       if !cc.Authorize(i) {
+                                               return append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself.")), err
+                                       }
+                               }
+                       }
+
                        err := cc.Server.NewUser(login, string(getField(fieldUserName, &subFields).Data), string(getField(fieldUserPassword, &subFields).Data), newAccess)
                        if err != nil {
                                return []Transaction{}, err
                        err := cc.Server.NewUser(login, string(getField(fieldUserName, &subFields).Data), string(getField(fieldUserPassword, &subFields).Data), newAccess)
                        if err != nil {
                                return []Transaction{}, err
@@ -819,6 +843,16 @@ func HandleNewUser(cc *ClientConn, t *Transaction) (res []Transaction, err error
        newAccess := accessBitmap{}
        copy(newAccess[:], t.GetField(fieldUserAccess).Data[:])
 
        newAccess := accessBitmap{}
        copy(newAccess[:], t.GetField(fieldUserAccess).Data[:])
 
+       // Prevent account from creating new account with greater permission
+       for i := 0; i < 64; i++ {
+               if newAccess.IsSet(i) {
+                       if !cc.Authorize(i) {
+                               res = append(res, cc.NewErrReply(t, "Cannot create account with more access than yourself."))
+                               return res, err
+                       }
+               }
+       }
+
        if err := cc.Server.NewUser(login, string(t.GetField(fieldUserName).Data), string(t.GetField(fieldUserPassword).Data), newAccess); err != nil {
                return []Transaction{}, err
        }
        if err := cc.Server.NewUser(login, string(t.GetField(fieldUserName).Data), string(t.GetField(fieldUserPassword).Data), newAccess); err != nil {
                return []Transaction{}, err
        }
Friendship Quest remix of mobius, a hotline server in go #cli