apply a group's permissions to users who belong to the group

domain-server/src/DomainServerSettingsManager.cpp

@@ -379,6 +379,10 @@ void DomainServerSettingsManager::unpackPermissions() {
         } else {
             _groupPermissions[id] = perms;
         }
+        if (perms->isGroup()) {
+            // the group-id was cached.  hook-up the id in the id->group hash
+            _groupByID[perms->getGroupID()] = _groupPermissions[id];
+        }
     }
 
     // if any of the standard names are missing, add them
@@ -444,6 +448,26 @@ NodePermissions DomainServerSettingsManager::getPermissionsForName(const QString
     return nullPermissions;
 }
 
+NodePermissions DomainServerSettingsManager::getPermissionsForGroup(const QString& groupname) const {
+    if (_groupPermissions.contains(groupname)) {
+        return *(_groupPermissions[groupname].get());
+    }
+    NodePermissions nullPermissions;
+    nullPermissions.setAll(false);
+    return nullPermissions;
+}
+
+NodePermissions DomainServerSettingsManager::getPermissionsForGroup(const QUuid& groupID) const {
+    if (!_groupByID.contains(groupID)) {
+        NodePermissions nullPermissions;
+        nullPermissions.setAll(false);
+        return nullPermissions;
+    }
+    QString groupName = _groupByID[groupID]->getID();
+    return getPermissionsForGroup(groupName);
+}
+
+
 QVariant DomainServerSettingsManager::valueOrDefaultValueForKeyPath(const QString& keyPath) {
     const QVariant* foundValue = valueForKeyPath(_configMap.getMergedConfig(), keyPath);
 
@@ -865,7 +889,7 @@ void DomainServerSettingsManager::persistToFile() {
 }
 
 void DomainServerSettingsManager::requestMissingGroupIDs() {
-    QHashIterator<QString, NodePermissionsPointer> i(_groupPermissions);
+    QHashIterator<QString, NodePermissionsPointer> i(_groupPermissions.get());
     while (i.hasNext()) {
         i.next();
         NodePermissionsPointer perms = i.value();
@@ -879,6 +903,13 @@ void DomainServerSettingsManager::requestMissingGroupIDs() {
     }
 }
 
+NodePermissionsPointer DomainServerSettingsManager::lookupGroupByID(const QUuid& id) {
+    if (_groupByID.contains(id)) {
+        return _groupByID[id];
+    }
+    return nullptr;
+}
+
 void DomainServerSettingsManager::getGroupID(const QString& groupname) {
     JSONCallbackParameters callbackParams;
     callbackParams.jsonCallbackReceiver = this;
@@ -905,6 +936,7 @@ void DomainServerSettingsManager::getGroupIDJSONCallback(QNetworkReply& requestR
         if (_groupPermissions.contains(groupName)) {
             qDebug() << "ID for group:" << groupName << "is" << groupID;
             _groupPermissions[groupName]->setGroupID(groupID);
+            _groupByID[groupID] = _groupPermissions[groupName];
             packPermissions();
         } else {
             qDebug() << "DomainServerSettingsManager::getGroupIDJSONCallback got response for unknown group:" << groupName;
@@ -917,3 +949,11 @@ void DomainServerSettingsManager::getGroupIDJSONCallback(QNetworkReply& requestR
 void DomainServerSettingsManager::getGroupIDErrorCallback(QNetworkReply& requestReply) {
     qDebug() << "getGroupID api call failed:" << requestReply.error();
 }
+
+void DomainServerSettingsManager::recordGroupMembership(const QString& name, const QUuid groupID, bool isMember) {
+    _groupMembership[name][groupID] = isMember;
+}
+
+bool DomainServerSettingsManager::isGroupMember(const QString& name, const QUuid& groupID) {
+    return _groupMembership[name][groupID];
+}

domain-server/src/DomainServerSettingsManager.h

@@ -43,11 +43,21 @@ public:
     QVariantMap& getSettingsMap() { return _configMap.getMergedConfig(); }
 
     bool haveStandardPermissionsForName(const QString& name) const { return _standardAgentPermissions.contains(name); }
-    bool havePermissionsForName(const QString& name) const { return _agentPermissions.contains(name); }
     NodePermissions getStandardPermissionsForName(const QString& name) const;
+
+    bool havePermissionsForName(const QString& name) const { return _agentPermissions.contains(name); }
     NodePermissions getPermissionsForName(const QString& name) const;
     QStringList getAllNames() { return _agentPermissions.keys(); }
 
+    bool havePermissionsForGroup(const QString& groupname) const { return _groupPermissions.contains(groupname); }
+    NodePermissions getPermissionsForGroup(const QString& groupname) const;
+    NodePermissions getPermissionsForGroup(const QUuid& groupID) const;
+    QList<QUuid> getKnownGroupIDs() { return _groupByID.keys(); }
+
+    // these are used to locally cache the result of calling "api/v1/groups/%1/is_member/%2" on metaverse's api
+    void recordGroupMembership(const QString& name, const QUuid groupID, bool isMember);
+    bool isGroupMember(const QString& name, const QUuid& groupID);
+
 signals:
     void updateNodePermissions();
 
@@ -78,12 +88,16 @@ private:
 
     void requestMissingGroupIDs();
     void getGroupID(const QString& groupname);
+    NodePermissionsPointer lookupGroupByID(const QUuid& id);
 
     void packPermissionsForMap(QString mapName, NodePermissionsMap& agentPermissions, QString keyPath);
     void packPermissions();
     void unpackPermissions();
     NodePermissionsMap _standardAgentPermissions; // anonymous, logged-in, localhost
     NodePermissionsMap _agentPermissions; // specific account-names
+    NodePermissionsMap _groupPermissions; // permissions granted by membershipt to specific groups
+    QHash<QUuid, NodePermissionsPointer> _groupByID;
+    QHash<QString, QHash<QUuid, bool>> _groupMembership;
 };
 
 #endif // hifi_DomainServerSettingsManager_h