From 6f9b47c07d307a34403fa611098eb6be8e48e106 Mon Sep 17 00:00:00 2001 From: David Rowe Date: Tue, 4 Aug 2020 21:31:13 +1200 Subject: [PATCH] Distinguish domain groups with a leading "@" --- domain-server/src/DomainGatekeeper.cpp | 7 ++++--- domain-server/src/DomainGatekeeper.h | 2 ++ domain-server/src/DomainServerSettingsManager.cpp | 4 ++++ domain-server/src/DomainServerSettingsManager.h | 8 ++++---- 4 files changed, 14 insertions(+), 7 deletions(-) diff --git a/domain-server/src/DomainGatekeeper.cpp b/domain-server/src/DomainGatekeeper.cpp index 90a6ee9f5f..5b0c526d9f 100644 --- a/domain-server/src/DomainGatekeeper.cpp +++ b/domain-server/src/DomainGatekeeper.cpp @@ -181,7 +181,7 @@ NodePermissions DomainGatekeeper::setPermissionsForUser(bool isLocalUser, QStrin auto userGroups = _domainGroupMemberships[verifiedDomainUserName]; foreach (QString userGroup, userGroups) { // Domain groups may be specified as comma- and/or space-separated lists of group names. - // For example, "silver gold, platinum". + // For example, "@silver @Gold, @platinum". auto domainGroups = _server->_settingsManager.getDomainGroupNames() .filter(QRegularExpression("^(.*[\\s,])?" + userGroup + "([\\s,].*)?$", QRegularExpression::CaseInsensitiveOption)); @@ -302,7 +302,7 @@ NodePermissions DomainGatekeeper::setPermissionsForUser(bool isLocalUser, QStrin auto userGroups = _domainGroupMemberships[verifiedDomainUserName]; foreach(QString userGroup, userGroups) { // Domain groups may be specified as comma- and/or space-separated lists of group names. - // For example, "silver gold, platinum". + // For example, "@silver @Gold, @platinum". auto domainGroups = _server->_settingsManager.getDomainBlacklistGroupNames() .filter(QRegularExpression("^(.*[\\s,])?" + userGroup + "([\\s,].*)?$", QRegularExpression::CaseInsensitiveOption)); @@ -1277,7 +1277,8 @@ void DomainGatekeeper::requestDomainUserFinished() { QStringList domainUserGroups; auto userRoles = rootObject.value("roles").toArray(); foreach (auto role, userRoles) { - domainUserGroups.append(role.toString()); + // Distinguish domain groups from metaverse groups by a leading special character. + domainUserGroups.append(DOMAIN_GROUP_CHAR + role.toString().toLower()); } _domainGroupMemberships[username] = domainUserGroups; diff --git a/domain-server/src/DomainGatekeeper.h b/domain-server/src/DomainGatekeeper.h index cf41786e4a..cb42baa7e3 100644 --- a/domain-server/src/DomainGatekeeper.h +++ b/domain-server/src/DomainGatekeeper.h @@ -30,6 +30,8 @@ #include "NodeConnectionData.h" #include "PendingAssignedNodeData.h" +const QString DOMAIN_GROUP_CHAR = "@"; + class DomainServer; class DomainGatekeeper : public QObject { diff --git a/domain-server/src/DomainServerSettingsManager.cpp b/domain-server/src/DomainServerSettingsManager.cpp index 82ac0b265a..c03f26f0a1 100644 --- a/domain-server/src/DomainServerSettingsManager.cpp +++ b/domain-server/src/DomainServerSettingsManager.cpp @@ -1966,6 +1966,10 @@ void DomainServerSettingsManager::apiRefreshGroupInformation() { QStringList groupNames = getAllKnownGroupNames(); foreach (QString groupName, groupNames) { QString lowerGroupName = groupName.toLower(); + if (lowerGroupName.contains(DOMAIN_GROUP_CHAR)) { + // Ignore domain groups. + return; + } if (_groupIDs.contains(lowerGroupName)) { // we already know about this one. recall setGroupID in case the group has been // added to another section (the same group is found in both groups and blacklists). diff --git a/domain-server/src/DomainServerSettingsManager.h b/domain-server/src/DomainServerSettingsManager.h index 8c18c22b32..73aef07835 100644 --- a/domain-server/src/DomainServerSettingsManager.h +++ b/domain-server/src/DomainServerSettingsManager.h @@ -19,11 +19,11 @@ #include #include - -#include -#include "NodePermissions.h" - #include +#include + +#include "DomainGatekeeper.h" +#include "NodePermissions.h" const QString SETTINGS_PATHS_KEY = "paths";