From 161b5dbbf43d505b727e0ed3cae15458a72147f9 Mon Sep 17 00:00:00 2001
From: dec05eba <dec05eba@protonmail.com>
Date: Tue, 8 May 2018 18:36:51 +0200
Subject: Only allow owner of message to delete it

---
 src/Channel.cpp      |  8 ++++----
 src/MessageBoard.cpp | 24 +++++++++++++++++++-----
 src/main.cpp         |  2 +-
 3 files changed, 24 insertions(+), 10 deletions(-)

(limited to 'src')

diff --git a/src/Channel.cpp b/src/Channel.cpp
index 678dddd..ed037a4 100644
--- a/src/Channel.cpp
+++ b/src/Channel.cpp
@@ -111,12 +111,12 @@ namespace dchat
             addLocalMessage(msg, localUser, 0, odhtdb::Hash());
     }
     
-    void Channel::deleteLocalMessage(const odhtdb::Hash &id)
+    void Channel::deleteLocalMessage(const odhtdb::Hash &id, const odhtdb::Signature::PublicKey &requestedByUser)
     {
-        messageBoard.deleteMessage(id);
+        messageBoard.deleteMessage(id, requestedByUser);
     }
     
-    void Channel::deleteMessage(const odhtdb::Hash &id)
+    void Channel::deleteMessage(const odhtdb::Hash &id, const odhtdb::Signature::PublicKey &requestedByUser)
     {
         if(database && localUser->type == User::Type::ONLINE)
         {
@@ -131,7 +131,7 @@ namespace dchat
             database->commit();
         }
         else
-            deleteLocalMessage(id);
+            deleteLocalMessage(id, requestedByUser);
     }
     
     void Channel::addUserLocally(User *user)
diff --git a/src/MessageBoard.cpp b/src/MessageBoard.cpp
index bdaccf3..f2796e5 100644
--- a/src/MessageBoard.cpp
+++ b/src/MessageBoard.cpp
@@ -16,6 +16,7 @@
 #include <SFML/Window/Mouse.hpp>
 #include <SFML/Graphics/Rect.hpp>
 #include <SFML/Graphics/Text.hpp>
+#include <odhtdb/User.hpp>
 #include <cmath>
 
 using namespace std;
@@ -76,11 +77,20 @@ namespace dchat
         scrollToBottom = true;
     }
     
-    void MessageBoard::deleteMessage(const odhtdb::Hash &id)
+    void MessageBoard::deleteMessage(const odhtdb::Hash &id, const odhtdb::Signature::PublicKey &requestedByUser)
     {
         lock_guard<mutex> lock(messageProcessMutex);
         auto it = messageIdMap.find(id);
         if(it == messageIdMap.end()) return;
+        if(it->second->user->type == User::Type::ONLINE)
+        {
+            auto onlineUser = static_cast<const OnlineUser*>(it->second->user);
+            if(onlineUser->databaseUser->getPublicKey() != requestedByUser)
+            {
+                fprintf(stderr, "Warning: user %s requested to delete a message owned by user %s, ignoring request\n", requestedByUser.toString().c_str(), onlineUser->databaseUser->getPublicKey().toString().c_str());
+                return;
+            }
+        }
         
         for(usize i = 0; i < messages.size(); ++i)
         {
@@ -282,20 +292,24 @@ namespace dchat
             message->text.processEvent(event);
         }
         
-        if(event.type == sf::Event::MouseButtonPressed && event.mouseButton.button == sf::Mouse::Button::Right)
+        OnlineUser *localOnlineUser = nullptr;
+        if(channel->getLocalUser()->type == User::Type::ONLINE)
+            localOnlineUser = static_cast<OnlineUser*>(channel->getLocalUser());
+        
+        if(localOnlineUser && event.type == sf::Event::MouseButtonPressed && event.mouseButton.button == sf::Mouse::Button::Right)
         {
             for(auto it : messageIdMap)
             {
                 it.second->text.processEvent(event);
                 auto textPos = it.second->text.getPosition();
-                if(event.mouseButton.x >= textPos.x && event.mouseButton.x <= textPos.x + it.second->text.getMaxWidth() && event.mouseButton.y >= textPos.y && event.mouseButton.y <= textPos.y + it.second->text.getHeight())
+                if(it.second->user == channel->getLocalUser() && event.mouseButton.x >= textPos.x && event.mouseButton.x <= textPos.x + it.second->text.getMaxWidth() && event.mouseButton.y >= textPos.y && event.mouseButton.y <= textPos.y + it.second->text.getHeight())
                 {
                     auto contextMenu = GlobalContextMenu::getEditMessageContextMenu();
                     contextMenu->setPosition(sf::Vector2f(event.mouseButton.x, event.mouseButton.y));
                     contextMenu->setVisible(true);
-                    GlobalContextMenu::setClickDeleteMessageCallbackFunc([this, it](ContextMenuItem *menuItem)
+                    GlobalContextMenu::setClickDeleteMessageCallbackFunc([this, it, localOnlineUser](ContextMenuItem *menuItem)
                     {
-                        channel->deleteMessage(it.first);
+                        channel->deleteMessage(it.first, localOnlineUser->databaseUser->getPublicKey());
                         GlobalContextMenu::setClickDeleteMessageCallbackFunc(nullptr);
                     });
                     return;
diff --git a/src/main.cpp b/src/main.cpp
index 83ef11a..910724e 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -102,7 +102,7 @@ void channelAddStoredMessage(Channel *channel, const odhtdb::Hash &requestHash,
                 sibs::SafeDeserializer deserializer((const u8*)decryptedData.data, decryptedData.size);
                 odhtdb::Hash messageId;
                 deserializer.extract((u8*)messageId.getData(), odhtdb::HASH_BYTE_SIZE);
-                channel->deleteLocalMessage(messageId);
+                channel->deleteLocalMessage(messageId, creatorPublicKey);
                 break;
             }
             case ChannelDataType::NICKNAME_CHANGE:
-- 
cgit v1.2.3