From de3a5e9cb617626b7bc7c0f0ae84436c391bed15 Mon Sep 17 00:00:00 2001
From: Klaus Klein <klauswk1@hotmail.com>
Date: Thu, 1 Jun 2017 10:12:11 -0300
Subject: [PATCH] Mostly working, still problems with user subs

---
 bigbluebutton-html5/imports/api/acl/Acl.js          | 12 +++++++++++-
 .../imports/api/breakouts/server/publishers.js      |  2 +-
 .../imports/api/captions/server/publishers.js       |  2 +-
 .../imports/api/chat/server/methods.js              |  2 +-
 .../imports/api/chat/server/publishers.js           |  2 +-
 .../imports/api/cursor/server/publishers.js         |  2 +-
 .../imports/api/deskshare/server/publishers.js      |  2 +-
 .../imports/api/meetings/server/eventHandlers.js    |  4 ++--
 .../api/meetings/server/handlers/getAllMeetings.js  |  2 +-
 .../imports/api/meetings/server/publishers.js       |  2 +-
 .../imports/api/polls/server/methods.js             |  2 +-
 .../imports/api/polls/server/publishers.js          |  2 +-
 .../imports/api/presentations/server/publishers.js  |  2 +-
 .../imports/api/shapes/server/publishers.js         |  2 +-
 .../imports/api/slides/server/methods.js            |  2 +-
 .../imports/api/slides/server/publishers.js         |  2 +-
 .../imports/api/users/server/methods.js             |  4 +++-
 .../api/users/server/methods/listenOnlyToggle.js    |  2 +-
 .../imports/api/users/server/publishers.js          |  8 ++++----
 bigbluebutton-html5/imports/startup/mapToAcl.js     | 13 +++++++------
 20 files changed, 42 insertions(+), 29 deletions(-)

diff --git a/bigbluebutton-html5/imports/api/acl/Acl.js b/bigbluebutton-html5/imports/api/acl/Acl.js
index c2e111ebd5..1752a17857 100644
--- a/bigbluebutton-html5/imports/api/acl/Acl.js
+++ b/bigbluebutton-html5/imports/api/acl/Acl.js
@@ -9,9 +9,13 @@ export class Acl {
 
   subscribe(channel,credentials){
     check(channel, String);
+    console.log("Channell",channel);
+    console.log("credentials",credentials);
 
     let subscriptions = this.getSubscriptions(credentials);
 
+    console.log("subscriptions",subscriptions);
+
     if (subscriptions) {
       return !!this.checkPermission(channel, subscriptions);
     }
@@ -21,6 +25,9 @@ export class Acl {
   getSubscriptions(credentials){
     let role = this.getRole(credentials);
 
+    if(!role.subscribe){
+      return [];
+    }
     return role.subscriptions;
   }
 
@@ -35,6 +42,9 @@ export class Acl {
   getMethods(credentials){
     let role = this.getRole(credentials);
 
+    if(!role.methods){
+      return [];
+    }
     return role.methods;
   }
 
@@ -63,9 +73,9 @@ export class Acl {
     });
 
     if(!user){
+      console.log("Usuario vazio");
       return false;
     }
-
     return this.roleExist(this.aclConfig, user.user.role);
   }
 
diff --git a/bigbluebutton-html5/imports/api/breakouts/server/publishers.js b/bigbluebutton-html5/imports/api/breakouts/server/publishers.js
index 43132c36d0..da57796205 100644
--- a/bigbluebutton-html5/imports/api/breakouts/server/publishers.js
+++ b/bigbluebutton-html5/imports/api/breakouts/server/publishers.js
@@ -5,7 +5,7 @@ import mapToAcl from '/imports/startup/mapToAcl';
 
 Meteor.publish('breakouts', function() {
   breakouts = breakouts.bind(this);
-  return mapToAcl(breakouts,'breakouts')(arguments);
+  return mapToAcl('breakouts',breakouts)(arguments);
 });
 
 function breakouts(credentials) {
diff --git a/bigbluebutton-html5/imports/api/captions/server/publishers.js b/bigbluebutton-html5/imports/api/captions/server/publishers.js
index 5349463ce1..b9c181dafb 100644
--- a/bigbluebutton-html5/imports/api/captions/server/publishers.js
+++ b/bigbluebutton-html5/imports/api/captions/server/publishers.js
@@ -7,7 +7,7 @@ import mapToAcl from '/imports/startup/mapToAcl';
 
 Meteor.publish('captions', function() {
   captions = captions.bind(this);
-  return mapToAcl(captions,'captions')(arguments);
+  return mapToAcl('captions',captions)(arguments);
 });
 
 function captions(credentials) {
diff --git a/bigbluebutton-html5/imports/api/chat/server/methods.js b/bigbluebutton-html5/imports/api/chat/server/methods.js
index 3b5c566b47..559dfbd011 100644
--- a/bigbluebutton-html5/imports/api/chat/server/methods.js
+++ b/bigbluebutton-html5/imports/api/chat/server/methods.js
@@ -2,6 +2,6 @@ import { Meteor } from 'meteor/meteor';
 import sendChat from './methods/sendChat';
 import mapToAcl from '/imports/startup/mapToAcl';
 
-Meteor.methods(mapToAcl({
+Meteor.methods(mapToAcl(['sendChat',],{
   sendChat,
 }));
diff --git a/bigbluebutton-html5/imports/api/chat/server/publishers.js b/bigbluebutton-html5/imports/api/chat/server/publishers.js
index af75ebb522..737ceab5c5 100755
--- a/bigbluebutton-html5/imports/api/chat/server/publishers.js
+++ b/bigbluebutton-html5/imports/api/chat/server/publishers.js
@@ -7,7 +7,7 @@ import mapToAcl from '/imports/startup/mapToAcl';
 
 Meteor.publish('chat', function() {
   chat = chat.bind(this);
-  return mapToAcl(chat,'chat')(arguments);
+  return mapToAcl('chat', chat)(arguments);
 });
 
 function chat(credentials) {
diff --git a/bigbluebutton-html5/imports/api/cursor/server/publishers.js b/bigbluebutton-html5/imports/api/cursor/server/publishers.js
index db749fd5b0..7077e80043 100755
--- a/bigbluebutton-html5/imports/api/cursor/server/publishers.js
+++ b/bigbluebutton-html5/imports/api/cursor/server/publishers.js
@@ -7,7 +7,7 @@ import mapToAcl from '/imports/startup/mapToAcl';
 
 Meteor.publish('cursor', function() {
   cursor = cursor.bind(this);
-  return mapToAcl(cursor, 'cursor')(arguments);
+  return mapToAcl('cursor', cursor)(arguments);
 });
 
 function cursor(credentials) {
diff --git a/bigbluebutton-html5/imports/api/deskshare/server/publishers.js b/bigbluebutton-html5/imports/api/deskshare/server/publishers.js
index 8b95e0ff2d..8b490db19a 100755
--- a/bigbluebutton-html5/imports/api/deskshare/server/publishers.js
+++ b/bigbluebutton-html5/imports/api/deskshare/server/publishers.js
@@ -5,7 +5,7 @@ import mapToAcl from '/imports/startup/mapToAcl';
 
 Meteor.publish('deskshare', function() {
   deskshare = deskshare.bind(this);
-  return mapToAcl(deskshare, 'deskshare')(arguments);
+  return mapToAcl('deskshare', deskshare)(arguments);
 });
 
 function deskshare(credentials) {
diff --git a/bigbluebutton-html5/imports/api/meetings/server/eventHandlers.js b/bigbluebutton-html5/imports/api/meetings/server/eventHandlers.js
index 6b5a931ad8..1d0bdffd0c 100644
--- a/bigbluebutton-html5/imports/api/meetings/server/eventHandlers.js
+++ b/bigbluebutton-html5/imports/api/meetings/server/eventHandlers.js
@@ -3,7 +3,7 @@ import handleMeetingDestruction from './handlers/meetingDestruction';
 import handleRecordingStatusChange from './handlers/recordingStatusChange';
 import handlePermissionSettingsChange from './handlers/permissionSettingsChange';
 import handleMeetingCreation from './handlers/meetingCreation';
-import handleGetAllMettings from './handlers/getAllMeetings';
+import handleGetAllMeetings from './handlers/getAllMeetings';
 import handleStunTurnReply from './handlers/stunTurnReply';
 
 RedisPubSub.on('meeting_destroyed_event', handleMeetingDestruction);
@@ -13,5 +13,5 @@ RedisPubSub.on('disconnect_all_users_message', handleMeetingDestruction);
 RedisPubSub.on('recording_status_changed_message', handleRecordingStatusChange);
 RedisPubSub.on('new_permission_settings', handlePermissionSettingsChange);
 RedisPubSub.on('meeting_created_message', handleMeetingCreation);
-RedisPubSub.on('get_all_meetings_reply_message', handleGetAllMettings);
+RedisPubSub.on('get_all_meetings_reply_message', handleGetAllMeetings);
 RedisPubSub.on('send_stun_turn_info_reply_message', handleStunTurnReply);
diff --git a/bigbluebutton-html5/imports/api/meetings/server/handlers/getAllMeetings.js b/bigbluebutton-html5/imports/api/meetings/server/handlers/getAllMeetings.js
index 16b27d8f1b..fb114adcad 100644
--- a/bigbluebutton-html5/imports/api/meetings/server/handlers/getAllMeetings.js
+++ b/bigbluebutton-html5/imports/api/meetings/server/handlers/getAllMeetings.js
@@ -4,7 +4,7 @@ import Meetings from '/imports/api/meetings';
 import addMeeting from '../modifiers/addMeeting';
 import removeMeeting from '../modifiers/removeMeeting';
 
-export default function handleGetAllMettings({ payload }) {
+export default function handleGetAllMeetings({ payload }) {
   let meetings = payload.meetings;
 
   check(meetings, Array);
diff --git a/bigbluebutton-html5/imports/api/meetings/server/publishers.js b/bigbluebutton-html5/imports/api/meetings/server/publishers.js
index 982eadd494..e00f68770b 100644
--- a/bigbluebutton-html5/imports/api/meetings/server/publishers.js
+++ b/bigbluebutton-html5/imports/api/meetings/server/publishers.js
@@ -7,7 +7,7 @@ import mapToAcl from '/imports/startup/mapToAcl';
 
 Meteor.publish('meetings', function() {
   meetings = meetings.bind(this);
-  return mapToAcl(meetings, 'meetings')(arguments);
+  return mapToAcl('meetings', meetings)(arguments);
 });
 
 function meetings(credentials) {
diff --git a/bigbluebutton-html5/imports/api/polls/server/methods.js b/bigbluebutton-html5/imports/api/polls/server/methods.js
index 755c8ae5e1..7f8cb06673 100644
--- a/bigbluebutton-html5/imports/api/polls/server/methods.js
+++ b/bigbluebutton-html5/imports/api/polls/server/methods.js
@@ -2,6 +2,6 @@ import { Meteor } from 'meteor/meteor';
 import publishVote from './methods/publishVote';
 import mapToAcl from '/imports/startup/mapToAcl';
 
-Meteor.methods(mapToAcl({
+Meteor.methods(mapToAcl(['publishVote',],{
   publishVote,
 }));
diff --git a/bigbluebutton-html5/imports/api/polls/server/publishers.js b/bigbluebutton-html5/imports/api/polls/server/publishers.js
index 4528c3bb11..3175abdaaf 100755
--- a/bigbluebutton-html5/imports/api/polls/server/publishers.js
+++ b/bigbluebutton-html5/imports/api/polls/server/publishers.js
@@ -7,7 +7,7 @@ import mapToAcl from '/imports/startup/mapToAcl';
 
 Meteor.publish('polls', function() {
   polls = polls.bind(this);
-  return mapToAcl(polls, 'polls')(arguments);
+  return mapToAcl('polls', polls)(arguments);
 });
 
 function polls(credentials) {
diff --git a/bigbluebutton-html5/imports/api/presentations/server/publishers.js b/bigbluebutton-html5/imports/api/presentations/server/publishers.js
index 9c0fde310a..3217db5e4f 100755
--- a/bigbluebutton-html5/imports/api/presentations/server/publishers.js
+++ b/bigbluebutton-html5/imports/api/presentations/server/publishers.js
@@ -7,7 +7,7 @@ import mapToAcl from '/imports/startup/mapToAcl';
 
 Meteor.publish('presentations', function() {
   presentations = presentations.bind(this);
-  return mapToAcl(presentations, 'presentations')(arguments);
+  return mapToAcl('presentations', presentations)(arguments);
 });
 
 function presentations(credentials) {
diff --git a/bigbluebutton-html5/imports/api/shapes/server/publishers.js b/bigbluebutton-html5/imports/api/shapes/server/publishers.js
index 389f15929b..6537e3a5fd 100644
--- a/bigbluebutton-html5/imports/api/shapes/server/publishers.js
+++ b/bigbluebutton-html5/imports/api/shapes/server/publishers.js
@@ -7,7 +7,7 @@ import mapToAcl from '/imports/startup/mapToAcl';
 
 Meteor.publish('shapes', function() {
   shapes = shapes.bind(this);
-  return mapToAcl(shapes, 'shapes')(arguments);
+  return mapToAcl('shapes', shapes)(arguments);
 });
 
 function shapes(credentials) {
diff --git a/bigbluebutton-html5/imports/api/slides/server/methods.js b/bigbluebutton-html5/imports/api/slides/server/methods.js
index f4589762d9..4846b500e8 100644
--- a/bigbluebutton-html5/imports/api/slides/server/methods.js
+++ b/bigbluebutton-html5/imports/api/slides/server/methods.js
@@ -2,7 +2,7 @@ import { Meteor } from 'meteor/meteor';
 import switchSlide from './methods/switchSlide';
 import mapToAcl from '/imports/startup/mapToAcl';
 
-Meteor.methods(mapToAcl({
+Meteor.methods(mapToAcl(['switchSlide','switchSlideMessage',],{
   switchSlide,
   switchSlideMessage: switchSlide, // legacy
 }));
diff --git a/bigbluebutton-html5/imports/api/slides/server/publishers.js b/bigbluebutton-html5/imports/api/slides/server/publishers.js
index 251e01cc8c..07623e5853 100644
--- a/bigbluebutton-html5/imports/api/slides/server/publishers.js
+++ b/bigbluebutton-html5/imports/api/slides/server/publishers.js
@@ -7,7 +7,7 @@ import mapToAcl from '/imports/startup/mapToAcl';
 
 Meteor.publish('slides', function() {
   slides = slides.bind(this);
-  return mapToAcl(slides, 'slides')(arguments);
+  return mapToAcl('slides', slides)(arguments);
 });
 
 function slides(credentials) {
diff --git a/bigbluebutton-html5/imports/api/users/server/methods.js b/bigbluebutton-html5/imports/api/users/server/methods.js
index c7ee1ec012..b703a3db8a 100644
--- a/bigbluebutton-html5/imports/api/users/server/methods.js
+++ b/bigbluebutton-html5/imports/api/users/server/methods.js
@@ -8,7 +8,9 @@ import setEmojiStatus from './methods/setEmojiStatus';
 import validateAuthToken from './methods/validateAuthToken';
 import mapToAcl from '/imports/startup/mapToAcl';
 
-Meteor.methods(mapToAcl({
+Meteor.methods(mapToAcl(['kickUser','listenOnlyToggle','userLogout',
+'assignPresenter','setEmojiStatus','muteUser','unmuteUser']
+,{
   kickUser,
   listenOnlyToggle,
   userLogout,
diff --git a/bigbluebutton-html5/imports/api/users/server/methods/listenOnlyToggle.js b/bigbluebutton-html5/imports/api/users/server/methods/listenOnlyToggle.js
index c694f36748..0e7e67e757 100644
--- a/bigbluebutton-html5/imports/api/users/server/methods/listenOnlyToggle.js
+++ b/bigbluebutton-html5/imports/api/users/server/methods/listenOnlyToggle.js
@@ -46,7 +46,7 @@ export default function listenOnlyToggle(credentials, isJoining = true) {
   let payload = {
     userid: requesterUserId,
     meeting_id: meetingId,
-    voice_conf: Metting.voiceConf,
+    voice_conf: Meeting.voiceConf,
     name: User.user.name,
   };
 
diff --git a/bigbluebutton-html5/imports/api/users/server/publishers.js b/bigbluebutton-html5/imports/api/users/server/publishers.js
index c9a7cc5d57..834d0faf99 100644
--- a/bigbluebutton-html5/imports/api/users/server/publishers.js
+++ b/bigbluebutton-html5/imports/api/users/server/publishers.js
@@ -32,9 +32,9 @@ Meteor.publish('current-user', function (credentials) {
   return Users.find(selector, options);
 });
 
-Meteor.publish('users', function() {
-  users = users.bind(this);
-  return mapToAcl(users,'users')(arguments);
+Meteor.publish('users', function () {
+  let boundUsers = users.bind(this);
+  return mapToAcl('users',boundUsers)(arguments);
 });
 
 function users(credentials) {
@@ -69,4 +69,4 @@ function users(credentials) {
   Logger.info(`Publishing Users for ${meetingId} ${requesterUserId} ${requesterToken}`);
 
   return Users.find(selector, options);
-}
\ No newline at end of file
+}
diff --git a/bigbluebutton-html5/imports/startup/mapToAcl.js b/bigbluebutton-html5/imports/startup/mapToAcl.js
index 79b8798b8e..905ac2de3a 100644
--- a/bigbluebutton-html5/imports/startup/mapToAcl.js
+++ b/bigbluebutton-html5/imports/startup/mapToAcl.js
@@ -15,7 +15,7 @@ const injectAclActionCheck = (name, handler) => {
   }
 };
 
-const injectAclSubscribeCheck = (name, handler) => {
+const injectAclSubscribeCheck = (name,handler) => {
   return (...args) => {
     const credentials = args[args.length - 1];
     if (!Acl.subscribe(name, credentials)) {
@@ -26,12 +26,13 @@ const injectAclSubscribeCheck = (name, handler) => {
   }
 };
 
-export default mapToAcl = (handler,name) => {
-  if(name){
-    return injectAclSubscribeCheck(name,handler);
+export default mapToAcl = (name,handler) => {
+  //The Meteor#methods require an object, while the Meteor#subscribe and function.
+  if(handler instanceof Function){
+    return injectAclSubscribeCheck(name, handler);
   }
-  return Object.keys(handler).reduce((previous, current) => {
-    previous[current] = injectAclActionCheck(current, handler[current]);
+  return Object.keys(handler).reduce((previous, current, index) => {
+    previous[current] = injectAclActionCheck(name[index], handler[current]);
     return previous;
   }, {})
 };
-- 
GitLab