From de696d422a836b05aaf58ba3daa567bc32ef98b8 Mon Sep 17 00:00:00 2001
From: Michelle <michelle.winkler@miichelle.moe>
Date: Thu, 23 Apr 2026 09:32:55 +0200
Subject: [PATCH] fix: anyone_can_start not working as Admin

---
 server/routes/rooms.js   | 10 ++++++----
 src/pages/RoomDetail.jsx |  7 +++++--
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/server/routes/rooms.js b/server/routes/rooms.js
index d159d50..6ebbc78 100644
--- a/server/routes/rooms.js
+++ b/server/routes/rooms.js
@@ -485,9 +485,10 @@ router.post('/:uid/start', authenticateToken, async (req, res) => {
       return res.status(404).json({ error: 'Room not found' });
     }
 
-    // Check access: owner or shared
+    // Check access: owner, admin, shared, or anyone_can_start
     const isOwner = room.user_id === req.user.id;
-    if (!isOwner) {
+    const isAdmin = req.user.role === 'admin';
+    if (!isOwner && !isAdmin && !room.anyone_can_start) {
       const share = await db.get('SELECT id FROM room_shares WHERE room_id = ? AND user_id = ?', [room.id, req.user.id]);
       if (!share) {
         return res.status(403).json({ error: 'No permission' });
@@ -559,9 +560,10 @@ router.post('/:uid/end', authenticateToken, async (req, res) => {
       return res.status(404).json({ error: 'Room not found' });
     }
 
-    // Check access: owner or shared user
+    // Check access: owner, admin, or shared user
     const isOwner = room.user_id === req.user.id;
-    if (!isOwner) {
+    const isAdmin = req.user.role === 'admin';
+    if (!isOwner && !isAdmin) {
       const share = await db.get('SELECT id FROM room_shares WHERE room_id = ? AND user_id = ?', [room.id, req.user.id]);
       if (!share) {
         return res.status(403).json({ error: 'No permission' });
diff --git a/src/pages/RoomDetail.jsx b/src/pages/RoomDetail.jsx
index 52d8829..39322f7 100644
--- a/src/pages/RoomDetail.jsx
+++ b/src/pages/RoomDetail.jsx
@@ -62,7 +62,10 @@ export default function RoomDetail() {
 
   const isOwner = room && user && room.user_id === user.id;
   const isShared = room && !!room.shared;
+  const isAdmin = user?.role === 'admin';
   const canManage = isOwner || isShared;
+  const canStart = canManage || isAdmin || !!room?.anyone_can_start;
+  const canEnd = canManage || isAdmin;
 
   const fetchRoom = async () => {
     try {
@@ -452,7 +455,7 @@ export default function RoomDetail() {
                 <span className="hidden sm:inline">{t('federation.inviteRemote')}</span>
               </button>
             )}
-            {canManage && !status.running && !waitingToJoin && (
+            {canStart && !status.running && !waitingToJoin && (
               <button onClick={handleStart} disabled={actionLoading === 'start'} className="btn-primary">
                 {actionLoading === 'start' ? <Loader2 size={16} className="animate-spin" /> : <Play size={16} />}
                 {t('room.start')}
@@ -467,7 +470,7 @@ export default function RoomDetail() {
               {(actionLoading === 'join' || waitingToJoin) ? <Loader2 size={16} className="animate-spin" /> : <ExternalLink size={16} />}
               {waitingToJoin ? t('room.waitingToJoin') : t('room.join')}
             </button>
-            {canManage && status.running && (
+            {canEnd && status.running && (
               <button onClick={handleEnd} disabled={actionLoading === 'end'} className="btn-danger">
                 {actionLoading === 'end' ? <Loader2 size={16} className="animate-spin" /> : <Square size={16} />}
                 {t('room.end')}