diff --git a/lib/metadata.js b/lib/metadata.js index 11214931b..2a33bb21c 100644 --- a/lib/metadata.js +++ b/lib/metadata.js @@ -73,7 +73,7 @@ commands.UPDATE_EXPIRATION = function () { throw new Error("E_NOT_IMPLEMENTED"); }; -var handleCommand = function (meta, line) { +var handleCommand = Meta.handleCommand = function (meta, line) { var command = line[0]; var args = line[1]; //var time = line[2]; @@ -84,6 +84,7 @@ var handleCommand = function (meta, line) { commands[command](meta, args); }; +Meta.commands = Object.keys(commands); Meta.createLineHandler = function (ref, errorHandler) { ref.meta = {}; @@ -125,4 +126,3 @@ Meta.createLineHandler = function (ref, errorHandler) { }; }; -Meta.commands = Object.keys(commands); diff --git a/rpc.js b/rpc.js index c6600125e..32afa4f30 100644 --- a/rpc.js +++ b/rpc.js @@ -347,27 +347,39 @@ var setMetadata = function (Env, data, unsafeKey, cb) { if (!command || typeof (command) !== 'string') { return void cb ('INVALID_COMMAND'); } if (Meta.commands.indexOf(command) === -1) { return void('UNSUPPORTED_COMMAND'); } - // XXX should we add checks to "metadata.js" to make sure data.value is - // valid for the selected command? - getMetadata(Env, channel, function (err, metadata) { if (err) { return void cb(err); } if (!(metadata && Array.isArray(metadata.owners))) { return void cb('E_NO_OWNERS'); } + // Confirm that the channel is owned by the user in question - if (metadata.owners.indexOf(unsafeKey) === -1) { + // or the user is accepting a pending ownerhsip offer + if (metadata.pending_owners && Array.isArray(metadata.pending_owners) && + metadata.pending_owners.indexOf(unsafeKey) !== -1 && + metadata.owners.indexOf(unsafeKey) === -1) { + + // If you are a pending owner, make sure you can only add yourelf as an owner + if (command !== 'ADD_OWNERS' || !Array.isArray(data.value) || data.value.length !== 1 + || data.value[0] !== unsafeKey) { + return void cb('INSUFFICIENT_PERMISSIONS'); + } + + } else if (metadata.owners.indexOf(unsafeKey) === -1) { return void cb('INSUFFICIENT_PERMISSIONS'); } // Add the new metadata line - var line = JSON.stringify([command, data.value]); - return void Env.msgStore.writeMetadata(channel, line, function (e) { + var line = [command, data.value, +new Date()]; + try { + Meta.handleCommand(metadata, line); + } catch (e) { + return void cb(e); + } + + return void Env.msgStore.writeMetadata(channel, JSON.stringify(line), function (e) { if (e) { return void cb(e); } - getMetadata(Env, channel, function (err, metadata) { - // XXX handle error here? - cb(void 0, metadata); - }); + cb(void 0, metadata); }); }); };