From 437eb44003112ccd28f8f78974b116a7e8f55e2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miroslav=20=C5=A0ediv=C3=BD?= <sedivy.miro@gmail.com>
Date: Wed, 3 Nov 2021 21:59:38 +0100
Subject: [PATCH] inactive cursors access control.

---
 internal/api/members/controler.go  | 14 +++++++------
 internal/member/dummy/provider.go  | 14 +++++++------
 internal/member/object/provider.go | 32 +++++++++++++++++-------------
 internal/session/manager.go        | 16 +++++++++++++++
 internal/session/session.go        |  2 +-
 internal/types/member.go           | 16 ++++++++-------
 internal/types/session.go          |  1 +
 internal/websocket/manager.go      |  3 +--
 8 files changed, 62 insertions(+), 36 deletions(-)

diff --git a/internal/api/members/controler.go b/internal/api/members/controler.go
index d26d979d..e5de26b0 100644
--- a/internal/api/members/controler.go
+++ b/internal/api/members/controler.go
@@ -57,12 +57,14 @@ func (h *MembersHandler) membersCreate(w http.ResponseWriter, r *http.Request) e
 	data := &MemberCreatePayload{
 		// default values
 		Profile: types.MemberProfile{
-			IsAdmin:            false,
-			CanLogin:           true,
-			CanConnect:         true,
-			CanWatch:           true,
-			CanHost:            true,
-			CanAccessClipboard: true,
+			IsAdmin:               false,
+			CanLogin:              true,
+			CanConnect:            true,
+			CanWatch:              true,
+			CanHost:               true,
+			CanAccessClipboard:    true,
+			SendsInactiveCursor:   true,
+			CanSeeInactiveCursors: true,
 		},
 	}
 
diff --git a/internal/member/dummy/provider.go b/internal/member/dummy/provider.go
index 5dafd59d..073d8327 100644
--- a/internal/member/dummy/provider.go
+++ b/internal/member/dummy/provider.go
@@ -9,12 +9,14 @@ import (
 func New() types.MemberProvider {
 	return &MemberProviderCtx{
 		profile: types.MemberProfile{
-			IsAdmin:            true,
-			CanLogin:           true,
-			CanConnect:         true,
-			CanWatch:           true,
-			CanHost:            true,
-			CanAccessClipboard: true,
+			IsAdmin:               true,
+			CanLogin:              true,
+			CanConnect:            true,
+			CanWatch:              true,
+			CanHost:               true,
+			CanAccessClipboard:    true,
+			SendsInactiveCursor:   true,
+			CanSeeInactiveCursors: true,
 		},
 	}
 }
diff --git a/internal/member/object/provider.go b/internal/member/object/provider.go
index 4dbdb77e..1bcb5c49 100644
--- a/internal/member/object/provider.go
+++ b/internal/member/object/provider.go
@@ -22,26 +22,30 @@ func (provider *MemberProviderCtx) Connect() error {
 	if provider.config.AdminPassword != "" {
 		// create default admin account at startup
 		_, err = provider.Insert("admin", provider.config.AdminPassword, types.MemberProfile{
-			Name:               "Administrator",
-			IsAdmin:            true,
-			CanLogin:           true,
-			CanConnect:         true,
-			CanWatch:           true,
-			CanHost:            true,
-			CanAccessClipboard: true,
+			Name:                  "Administrator",
+			IsAdmin:               true,
+			CanLogin:              true,
+			CanConnect:            true,
+			CanWatch:              true,
+			CanHost:               true,
+			CanAccessClipboard:    true,
+			SendsInactiveCursor:   true,
+			CanSeeInactiveCursors: true,
 		})
 	}
 
 	if provider.config.UserPassword != "" {
 		// create default user account at startup
 		_, err = provider.Insert("user", provider.config.UserPassword, types.MemberProfile{
-			Name:               "User",
-			IsAdmin:            false,
-			CanLogin:           true,
-			CanConnect:         true,
-			CanWatch:           true,
-			CanHost:            true,
-			CanAccessClipboard: true,
+			Name:                  "User",
+			IsAdmin:               false,
+			CanLogin:              true,
+			CanConnect:            true,
+			CanWatch:              true,
+			CanHost:               true,
+			CanAccessClipboard:    true,
+			SendsInactiveCursor:   true,
+			CanSeeInactiveCursors: false,
 		})
 	}
 
diff --git a/internal/session/manager.go b/internal/session/manager.go
index d7697ab9..f94e2131 100644
--- a/internal/session/manager.go
+++ b/internal/session/manager.go
@@ -254,6 +254,22 @@ func (manager *SessionManagerCtx) AdminBroadcast(event string, payload interface
 	}
 }
 
+func (manager *SessionManagerCtx) InactiveCursorsBroadcast(event string, payload interface{}, exclude interface{}) {
+	for _, session := range manager.List() {
+		if !session.State().IsConnected || !session.Profile().CanSeeInactiveCursors {
+			continue
+		}
+
+		if exclude != nil {
+			if in, _ := utils.ArrayIn(session.ID(), exclude); in {
+				continue
+			}
+		}
+
+		session.Send(event, payload)
+	}
+}
+
 // ---
 // events
 // ---
diff --git a/internal/session/session.go b/internal/session/session.go
index 79461927..8e9c4d77 100644
--- a/internal/session/session.go
+++ b/internal/session/session.go
@@ -54,7 +54,7 @@ func (session *SessionCtx) IsHost() bool {
 }
 
 func (session *SessionCtx) SetCursor(cursor types.Cursor) {
-	if session.manager.InactiveCursors() {
+	if session.manager.InactiveCursors() && session.profile.SendsInactiveCursor {
 		session.manager.SetCursor(cursor, session)
 	}
 }
diff --git a/internal/types/member.go b/internal/types/member.go
index 17173754..c220b856 100644
--- a/internal/types/member.go
+++ b/internal/types/member.go
@@ -9,13 +9,15 @@ var (
 )
 
 type MemberProfile struct {
-	Name               string `json:"name"`
-	IsAdmin            bool   `json:"is_admin"`
-	CanLogin           bool   `json:"can_login"`
-	CanConnect         bool   `json:"can_connect"`
-	CanWatch           bool   `json:"can_watch"`
-	CanHost            bool   `json:"can_host"`
-	CanAccessClipboard bool   `json:"can_access_clipboard"`
+	Name                  string `json:"name"`
+	IsAdmin               bool   `json:"is_admin"`
+	CanLogin              bool   `json:"can_login"`
+	CanConnect            bool   `json:"can_connect"`
+	CanWatch              bool   `json:"can_watch"`
+	CanHost               bool   `json:"can_host"`
+	CanAccessClipboard    bool   `json:"can_access_clipboard"`
+	SendsInactiveCursor   bool   `json:"sends_inactive_cursor"`
+	CanSeeInactiveCursors bool   `json:"can_see_inactive_cursors"`
 }
 
 type MemberProvider interface {
diff --git a/internal/types/session.go b/internal/types/session.go
index dd96f924..e8a6ed64 100644
--- a/internal/types/session.go
+++ b/internal/types/session.go
@@ -60,6 +60,7 @@ type SessionManager interface {
 
 	Broadcast(event string, payload interface{}, exclude interface{})
 	AdminBroadcast(event string, payload interface{}, exclude interface{})
+	InactiveCursorsBroadcast(event string, payload interface{}, exclude interface{})
 
 	OnCreated(listener func(session Session))
 	OnDeleted(listener func(session Session))
diff --git a/internal/websocket/manager.go b/internal/websocket/manager.go
index b81e8cc1..115a9aae 100644
--- a/internal/websocket/manager.go
+++ b/internal/websocket/manager.go
@@ -173,8 +173,7 @@ func (manager *WebSocketManagerCtx) Start() {
 						)
 					}
 
-					// TODO: Send to subscribers only.
-					manager.sessions.AdminBroadcast(event.SESSION_CURSORS, cursors, nil)
+					manager.sessions.InactiveCursorsBroadcast(event.SESSION_CURSORS, cursors, nil)
 				}
 			}
 		}()