add code to convert older domain-settings to current style

domain-server/src/DomainGatekeeper.cpp

@@ -169,10 +169,6 @@ SharedNodePointer DomainGatekeeper::processAssignmentConnectRequest(const NodeCo
     userPerms.canAdjustLocks = true;
     userPerms.canRezPermanentEntities = true;
     newNode->setPermissions(userPerms);
-
-    qDebug() << "----------------------------";
-    qDebug() << "AC perms are" << userPerms;
-
     return newNode;
 }
 
@@ -211,8 +207,13 @@ SharedNodePointer DomainGatekeeper::processAgentConnectRequest(const NodeConnect
         userPerms |= _server->_settingsManager.getPermissionsForName("anonymous");
     } else if (verifyUserSignature(username, usernameSignature, nodeConnection.senderSockAddr)) {
         // they are sent us a username and the signature verifies it
-        userPerms |= _server->_settingsManager.getPermissionsForName(username);
-        userPerms |= _server->_settingsManager.getPermissionsForName("logged-in");
+        if (_server->_settingsManager.havePermissionsForName(username)) {
+            // we have specific permissions for this user.
+            userPerms |= _server->_settingsManager.getPermissionsForName(username);
+        } else {
+            // they are logged into metaverse, but we don't have specific permissions for them.
+            userPerms |= _server->_settingsManager.getPermissionsForName("logged-in");
+        }
     } else {
         // they sent us a username, but it didn't check out
         requestUserPublicKey(username);

domain-server/src/DomainServerSettingsManager.cpp

@@ -201,50 +201,105 @@ void DomainServerSettingsManager::setupConfigMap(const QStringList& argumentList
 
         if (oldVersion < 1.3) {
             // This was prior to the permissions-grid in the domain-server settings page
-            // bool isRestrictingAccess = valueOrDefaultValueForKeyPath(RESTRICTED_ACCESS_SETTINGS_KEYPATH).toBool();
+            bool isRestrictedAccess = valueOrDefaultValueForKeyPath(RESTRICTED_ACCESS_SETTINGS_KEYPATH).toBool();
+            QStringList allowedUsers = valueOrDefaultValueForKeyPath(ALLOWED_USERS_SETTINGS_KEYPATH).toStringList();
+            QStringList allowedEditors = valueOrDefaultValueForKeyPath(ALLOWED_EDITORS_SETTINGS_KEYPATH).toStringList();
+            bool onlyEditorsAreRezzers = valueOrDefaultValueForKeyPath(EDITORS_ARE_REZZERS_KEYPATH).toBool();
 
-            // const QVariant* allowedEditorsVariant = valueForKeyPath(getSettingsMap(), ALLOWED_EDITORS_SETTINGS_KEYPATH);
+            _agentPermissions["localhost"].reset(new AgentPermissions("localhost"));
+            _agentPermissions["localhost"]->setAll(true);
+            _agentPermissions["anonymous"].reset(new AgentPermissions("anonymous"));
+            _agentPermissions["logged-in"].reset(new AgentPermissions("logged-in"));
 
-            // const QVariant* editorsAreRezzersVariant = valueForKeyPath(getSettingsMap(), EDITORS_ARE_REZZERS_KEYPATH);
-            // bool onlyEditorsAreRezzers = false;
-            // if (editorsAreRezzersVariant) {
-            //     onlyEditorsAreRezzers = editorsAreRezzersVariant->toBool();
-            // }
+            if (isRestrictedAccess) {
+                // only users in allow-users list can connect
+                _agentPermissions["anonymous"]->canConnectToDomain = false;
+                _agentPermissions["logged-in"]->canConnectToDomain = false;
+            } // else anonymous and logged-in retain default of canConnectToDomain = true
 
-            // XXX
+            foreach (QString allowedUser, allowedUsers) {
+                // even if isRestrictedAccess is false, we have to add explicit rows for these users.
+                // defaults to canConnectToDomain = true
+                _agentPermissions[allowedUser].reset(new AgentPermissions(allowedUser));
+            }
+
+            foreach (QString allowedEditor, allowedEditors) {
+                if (!_agentPermissions.contains(allowedEditor)) {
+                    _agentPermissions[allowedEditor].reset(new AgentPermissions(allowedEditor));
+                    if (isRestrictedAccess) {
+                        // they can change locks, but can't connect.
+                        _agentPermissions[allowedEditor]->canConnectToDomain = false;
+                    }
+                }
+                _agentPermissions[allowedEditor]->canAdjustLocks = true;
+            }
+
+            foreach (QString userName, _agentPermissions.keys()) {
+                if (onlyEditorsAreRezzers) {
+                    _agentPermissions[userName]->canRezPermanentEntities = _agentPermissions[userName]->canAdjustLocks;
+                } else {
+                    _agentPermissions[userName]->canRezPermanentEntities = true;
+                }
+            }
+            packPermissions(argumentList);
+            _agentPermissions.clear();
         }
     }
 
-    unpackPermissions();
+    unpackPermissions(argumentList);
 
     // write the current description version to our settings
     appSettings.setValue(JSON_SETTINGS_VERSION_KEY, _descriptionVersion);
 }
 
-void DomainServerSettingsManager::unpackPermissions() {
+void DomainServerSettingsManager::packPermissions(const QStringList& argumentList) {
+    // transfer details from _agentPermissions to _configMap
+    QVariant* security = valueForKeyPath(_configMap.getUserConfig(), "security");
+    QVariant* permissions = valueForKeyPath(_configMap.getUserConfig(), AGENT_PERMISSIONS_KEYPATH);
+    if (!permissions || !permissions->canConvert(QMetaType::QVariantList)) {
+        QVariantMap securityMap = security->toMap();
+        QVariantList userList;
+        securityMap["permissions"] = userList;
+        _configMap.getUserConfig()["security"] = securityMap;
+        permissions = valueForKeyPath(_configMap.getUserConfig(), AGENT_PERMISSIONS_KEYPATH);
+    }
+
+    QVariantList* permissionsList = reinterpret_cast<QVariantList*>(permissions);
+    foreach (QString userName, _agentPermissions.keys()) {
+        *permissionsList += _agentPermissions[userName]->toVariant();
+    }
+    persistToFile();
+    _configMap.loadMasterAndUserConfig(argumentList);
+}
+
+void DomainServerSettingsManager::unpackPermissions(const QStringList& argumentList) {
+    // transfer details from _configMap to _agentPermissions;
+
     bool foundLocalhost = false;
     bool foundAnonymous = false;
     bool foundLoggedIn = false;
 
-    // XXX check for duplicate IDs
-
-    QVariant* permissions = valueForKeyPath(_configMap.getMergedConfig(), AGENT_PERMISSIONS_KEYPATH);
-    if (!permissions->canConvert(QMetaType::QVariantList)) {
+    QVariant* permissions = valueForKeyPath(_configMap.getUserConfig(), AGENT_PERMISSIONS_KEYPATH);
+    if (!permissions || !permissions->canConvert(QMetaType::QVariantList)) {
         qDebug() << "failed to extract permissions from settings.";
         return;
     }
 
-    // QList<QVariant> permissionsList = permissions->toList();
+    QList<QVariant> permissionsList = permissions->toList();
+    // QVariantList* permissionsList = reinterpret_cast<QVariantList*>(permissions);
 
-    QVariantList* permissionsList = reinterpret_cast<QVariantList*>(permissions);
-
-    foreach (QVariant permsHash, *permissionsList) {
+    foreach (QVariant permsHash, permissionsList) {
         AgentPermissionsPointer perms { new AgentPermissions(permsHash.toMap()) };
         QString id = perms->getID();
         foundLocalhost |= (id == "localhost");
         foundAnonymous |= (id == "anonymous");
         foundLoggedIn |= (id == "logged-in");
-        _agentPermissions[id] = perms;
+        if (_agentPermissions.contains(id)) {
+            qDebug() << "duplicate name in permissions table: " << id;
+            _agentPermissions[id] |= perms;
+        } else {
+            _agentPermissions[id] = perms;
+        }
     }
 
     // if any of the standard names are missing, add them
@@ -252,17 +307,20 @@ void DomainServerSettingsManager::unpackPermissions() {
         AgentPermissionsPointer perms { new AgentPermissions("localhost") };
         perms->setAll(true);
         _agentPermissions["localhost"] = perms;
-        *permissionsList += perms->toVariant();
+        // *permissionsList += perms->toVariant();
     }
     if (!foundAnonymous) {
         AgentPermissionsPointer perms { new AgentPermissions("anonymous") };
         _agentPermissions["anonymous"] = perms;
-        *permissionsList += perms->toVariant();
+        // *permissionsList += perms->toVariant();
     }
     if (!foundLoggedIn) {
         AgentPermissionsPointer perms { new AgentPermissions("logged-in") };
         _agentPermissions["logged-in"] = perms;
-        *permissionsList += perms->toVariant();
+        // *permissionsList += perms->toVariant();
+    }
+    if (!foundLocalhost || !foundAnonymous || !foundLoggedIn) {
+        packPermissions(argumentList);
     }
 
     #ifdef WANT_DEBUG
@@ -271,12 +329,7 @@ void DomainServerSettingsManager::unpackPermissions() {
     while (i.hasNext()) {
         i.next();
         AgentPermissionsPointer perms = i.value();
-        qDebug() << i.key()
-                 << perms->canConnectToDomain
-                 << perms->canAdjustLocks
-                 << perms->canRezPermanentEntities
-                 << perms->canRezTemporaryEntities
-                 << perms->canWriteToAssetServer;
+        qDebug() << i.key() << perms;
     }
     #endif
 }

domain-server/src/DomainServerSettingsManager.h

@@ -40,6 +40,7 @@ public:
     QVariantMap& getUserSettingsMap() { return _configMap.getUserConfig(); }
     QVariantMap& getSettingsMap() { return _configMap.getMergedConfig(); }
 
+    bool havePermissionsForName(const QString& name) const { return _agentPermissions.contains(name); }
     AgentPermissions getPermissionsForName(const QString& name) const;
     QStringList getAllNames() { return _agentPermissions.keys(); }
 
@@ -61,7 +62,8 @@ private:
 
     friend class DomainServer;
 
-    void unpackPermissions();
+    void packPermissions(const QStringList& argumentList);
+    void unpackPermissions(const QStringList& argumentList);
     QHash<QString, AgentPermissionsPointer> _agentPermissions;
 };
 

libraries/networking/src/AgentPermissions.cpp

@@ -22,6 +22,19 @@ AgentPermissions& AgentPermissions::operator|=(const AgentPermissions& rhs) {
     this->canConnectPastMaxCapacity |= rhs.canConnectPastMaxCapacity;
     return *this;
 }
+AgentPermissions& AgentPermissions::operator|=(const AgentPermissionsPointer& rhs) {
+    if (rhs) {
+        *this |= *rhs.get();
+    }
+    return *this;
+}
+AgentPermissionsPointer& operator|=(AgentPermissionsPointer& lhs, const AgentPermissionsPointer& rhs) {
+    if (lhs && rhs) {
+        *lhs.get() |= rhs;
+    }
+    return lhs;
+}
+
 
 QDataStream& operator<<(QDataStream& out, const AgentPermissions& perms) {
     out << perms.canConnectToDomain;
@@ -66,3 +79,10 @@ QDebug operator<<(QDebug debug, const AgentPermissions& perms) {
     debug.nospace() << "]";
     return debug.nospace();
 }
+QDebug operator<<(QDebug debug, const AgentPermissionsPointer& perms) {
+    if (perms) {
+        return operator<<(debug, *perms.get());
+    }
+    debug.nospace() << "[permissions: null]";
+    return debug.nospace();
+}

libraries/networking/src/AgentPermissions.h

@@ -67,6 +67,7 @@ public:
     }
 
     AgentPermissions& operator|=(const AgentPermissions& rhs);
+    AgentPermissions& operator|=(const AgentPermissionsPointer& rhs);
     friend QDataStream& operator<<(QDataStream& out, const AgentPermissions& perms);
     friend QDataStream& operator>>(QDataStream& in, AgentPermissions& perms);
 
@@ -76,6 +77,8 @@ protected:
 
 const AgentPermissions DEFAULT_AGENT_PERMISSIONS;
 
-QDebug operator<<(QDebug debug, const AgentPermissions& node);
+QDebug operator<<(QDebug debug, const AgentPermissions& perms);
+QDebug operator<<(QDebug debug, const AgentPermissionsPointer& perms);
+AgentPermissionsPointer& operator|=(AgentPermissionsPointer& lhs, const AgentPermissionsPointer& rhs);
 
 #endif // hifi_AgentPermissions_h