From 8d1067fc5111a32cfa127f564bc89ef1cfaa051b Mon Sep 17 00:00:00 2001
From: Manuel Martin <manmartin@mozilla.com>
Date: Fri, 23 Jun 2023 16:49:17 +0200
Subject: [PATCH] Auth permission updates

---
 lib/ret_web/channels/hub_channel.ex | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/ret_web/channels/hub_channel.ex b/lib/ret_web/channels/hub_channel.ex
index 1f5c2156c..1c69228a5 100644
--- a/lib/ret_web/channels/hub_channel.ex
+++ b/lib/ret_web/channels/hub_channel.ex
@@ -297,7 +297,11 @@ defmodule RetWeb.HubChannel do
     account = Guardian.Phoenix.Socket.current_resource(socket)
     hub = socket |> hub_for_socket
 
-    if (type != "photo" and type != "video") or account |> can?(spawn_camera(hub)) do
+    if (type == "photo" and type == "video" and !account |> can?(spawn_camera(hub))) or
+         (type == "permission" and !Ret.Hub.is_owner?(account.account_id)) do
+      {:noreply, socket}
+    end
+
       broadcast!(
         socket,
         event,
@@ -306,7 +310,6 @@ defmodule RetWeb.HubChannel do
         |> Map.put(:session_id, socket.assigns.session_id)
         |> payload_with_from(socket)
       )
-    end
 
     {:noreply, socket}
   end