mirror of
https://github.com/overte-org/overte.git
synced 2025-08-10 06:23:06 +02:00
add unpack for IP, DRYup unpackPermissions
This commit is contained in:
Stephen Birarda
parent
edce249d2c
commit
a674c843c2
2 changed files with 77 additions and 92 deletions
|
|
@ -430,114 +430,84 @@ void DomainServerSettingsManager::packPermissions() {
|
||||||
_configMap.loadMasterAndUserConfig(_argumentList);
|
_configMap.loadMasterAndUserConfig(_argumentList);
|
||||||
}
|
}
|
||||||
|
|
||||||
void DomainServerSettingsManager::unpackPermissions() {
|
bool DomainServerSettingsManager::unpackPermissionsForKeypath(const QString& keyPath,
|
||||||
// transfer details from _configMap to _agentPermissions;
|
NodePermissionsMap* mapPointer,
|
||||||
|
std::function<void(NodePermissionsPointer)> customUnpacker) {
|
||||||
|
|
||||||
_standardAgentPermissions.clear();
|
mapPointer->clear();
|
||||||
_agentPermissions.clear();
|
|
||||||
_groupPermissions.clear();
|
|
||||||
_groupForbiddens.clear();
|
|
||||||
|
|
||||||
bool foundLocalhost = false;
|
QVariant* permissions = valueForKeyPath(_configMap.getMergedConfig(), keyPath, true);
|
||||||
bool foundAnonymous = false;
|
if (!permissions->canConvert(QMetaType::QVariantList)) {
|
||||||
bool foundLoggedIn = false;
|
qDebug() << "Failed to extract permissions for key path" << keyPath << "from settings.";
|
||||||
bool foundFriends = false;
|
|
||||||
bool needPack = false;
|
|
||||||
|
|
||||||
QVariant* standardPermissions = valueForKeyPath(_configMap.getUserConfig(), AGENT_STANDARD_PERMISSIONS_KEYPATH);
|
|
||||||
if (!standardPermissions || !standardPermissions->canConvert(QMetaType::QVariantList)) {
|
|
||||||
qDebug() << "failed to extract standard permissions from settings.";
|
|
||||||
standardPermissions = valueForKeyPath(_configMap.getUserConfig(), AGENT_STANDARD_PERMISSIONS_KEYPATH, true);
|
|
||||||
(*standardPermissions) = QVariantList();
|
|
||||||
}
|
|
||||||
QVariant* permissions = valueForKeyPath(_configMap.getUserConfig(), AGENT_PERMISSIONS_KEYPATH);
|
|
||||||
if (!permissions || !permissions->canConvert(QMetaType::QVariantList)) {
|
|
||||||
qDebug() << "failed to extract permissions from settings.";
|
|
||||||
permissions = valueForKeyPath(_configMap.getUserConfig(), AGENT_PERMISSIONS_KEYPATH, true);
|
|
||||||
(*permissions) = QVariantList();
|
(*permissions) = QVariantList();
|
||||||
}
|
}
|
||||||
QVariant* groupPermissions = valueForKeyPath(_configMap.getUserConfig(), GROUP_PERMISSIONS_KEYPATH);
|
|
||||||
if (!groupPermissions || !groupPermissions->canConvert(QMetaType::QVariantList)) {
|
|
||||||
qDebug() << "failed to extract group permissions from settings.";
|
|
||||||
groupPermissions = valueForKeyPath(_configMap.getUserConfig(), GROUP_PERMISSIONS_KEYPATH, true);
|
|
||||||
(*groupPermissions) = QVariantList();
|
|
||||||
}
|
|
||||||
QVariant* groupForbiddens = valueForKeyPath(_configMap.getUserConfig(), GROUP_FORBIDDENS_KEYPATH);
|
|
||||||
if (!groupForbiddens || !groupForbiddens->canConvert(QMetaType::QVariantList)) {
|
|
||||||
qDebug() << "failed to extract group forbiddens from settings.";
|
|
||||||
groupForbiddens = valueForKeyPath(_configMap.getUserConfig(), GROUP_FORBIDDENS_KEYPATH, true);
|
|
||||||
(*groupForbiddens) = QVariantList();
|
|
||||||
}
|
|
||||||
|
|
||||||
QList<QVariant> standardPermissionsList = standardPermissions->toList();
|
bool needPack = false;
|
||||||
foreach (QVariant permsHash, standardPermissionsList) {
|
|
||||||
NodePermissionsPointer perms { new NodePermissions(permsHash.toMap()) };
|
|
||||||
QString id = perms->getID();
|
|
||||||
NodePermissionsKey idKey = NodePermissionsKey(id, 0);
|
|
||||||
foundLocalhost |= (idKey == NodePermissions::standardNameLocalhost);
|
|
||||||
foundAnonymous |= (idKey == NodePermissions::standardNameAnonymous);
|
|
||||||
foundLoggedIn |= (idKey == NodePermissions::standardNameLoggedIn);
|
|
||||||
foundFriends |= (idKey == NodePermissions::standardNameFriends);
|
|
||||||
if (_standardAgentPermissions.contains(idKey)) {
|
|
||||||
qDebug() << "duplicate name in standard permissions table: " << id;
|
|
||||||
*(_standardAgentPermissions[idKey]) |= *perms;
|
|
||||||
needPack = true;
|
|
||||||
} else {
|
|
||||||
_standardAgentPermissions[idKey] = perms;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
QList<QVariant> permissionsList = permissions->toList();
|
QList<QVariant> permissionsList = permissions->toList();
|
||||||
foreach (QVariant permsHash, permissionsList) {
|
foreach (QVariant permsHash, permissionsList) {
|
||||||
NodePermissionsPointer perms { new NodePermissions(permsHash.toMap()) };
|
NodePermissionsPointer perms { new NodePermissions(permsHash.toMap()) };
|
||||||
QString id = perms->getID();
|
QString id = perms->getID();
|
||||||
NodePermissionsKey idKey = NodePermissionsKey(id, 0);
|
|
||||||
if (_agentPermissions.contains(idKey)) {
|
NodePermissionsKey idKey = perms->getKey();
|
||||||
qDebug() << "duplicate name in permissions table: " << id;
|
|
||||||
*(_agentPermissions[idKey]) |= *perms;
|
if (mapPointer->contains(idKey)) {
|
||||||
|
qDebug() << "Duplicate name in permissions table for" << keyPath << " - " << id;
|
||||||
|
(*mapPointer)[idKey] |= perms;
|
||||||
needPack = true;
|
needPack = true;
|
||||||
} else {
|
} else {
|
||||||
_agentPermissions[idKey] = perms;
|
(*mapPointer)[idKey] = perms;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (customUnpacker) {
|
||||||
|
customUnpacker(perms);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
QList<QVariant> groupPermissionsList = groupPermissions->toList();
|
return needPack;
|
||||||
foreach (QVariant permsHash, groupPermissionsList) {
|
|
||||||
NodePermissionsPointer perms { new NodePermissions(permsHash.toMap()) };
|
|
||||||
QString id = perms->getID();
|
|
||||||
NodePermissionsKey idKey = perms->getKey();
|
|
||||||
if (_groupPermissions.contains(idKey)) {
|
|
||||||
qDebug() << "duplicate name in group permissions table: " << id;
|
|
||||||
*(_groupPermissions[idKey]) |= *perms;
|
|
||||||
needPack = true;
|
|
||||||
} else {
|
|
||||||
*(_groupPermissions[idKey]) = *perms;
|
|
||||||
}
|
|
||||||
if (perms->isGroup()) {
|
|
||||||
// the group-id was cached. hook-up the uuid in the uuid->group hash
|
|
||||||
_groupPermissionsByUUID[GroupByUUIDKey(perms->getGroupID(), perms->getRankID())] = _groupPermissions[idKey];
|
|
||||||
needPack |= setGroupID(perms->getID(), perms->getGroupID());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
QList<QVariant> groupForbiddensList = groupForbiddens->toList();
|
}
|
||||||
foreach (QVariant permsHash, groupForbiddensList) {
|
|
||||||
NodePermissionsPointer perms { new NodePermissions(permsHash.toMap()) };
|
void DomainServerSettingsManager::unpackPermissions() {
|
||||||
QString id = perms->getID();
|
// transfer details from _configMap to _agentPermissions;
|
||||||
NodePermissionsKey idKey = perms->getKey();
|
|
||||||
if (_groupForbiddens.contains(idKey)) {
|
bool foundLocalhost = false;
|
||||||
qDebug() << "duplicate name in group forbiddens table: " << id;
|
bool foundAnonymous = false;
|
||||||
*(_groupForbiddens[idKey]) |= *perms;
|
bool foundLoggedIn = false;
|
||||||
needPack = true;
|
bool foundFriends = false;
|
||||||
} else {
|
|
||||||
_groupForbiddens[idKey] = perms;
|
bool needPack = false;
|
||||||
}
|
|
||||||
if (perms->isGroup()) {
|
needPack |= unpackPermissionsForKeypath(AGENT_STANDARD_PERMISSIONS_KEYPATH, &_standardAgentPermissions,
|
||||||
// the group-id was cached. hook-up the uuid in the uuid->group hash
|
[&foundLocalhost, &foundAnonymous, &foundLoggedIn, &foundFriends](NodePermissionsPointer perms){
|
||||||
_groupForbiddensByUUID[GroupByUUIDKey(perms->getGroupID(), perms->getRankID())] = _groupForbiddens[idKey];
|
NodePermissionsKey idKey = perms->getKey();
|
||||||
needPack |= setGroupID(perms->getID(), perms->getGroupID());
|
foundLocalhost |= (idKey == NodePermissions::standardNameLocalhost);
|
||||||
}
|
foundAnonymous |= (idKey == NodePermissions::standardNameAnonymous);
|
||||||
}
|
foundLoggedIn |= (idKey == NodePermissions::standardNameLoggedIn);
|
||||||
|
foundFriends |= (idKey == NodePermissions::standardNameFriends);
|
||||||
|
});
|
||||||
|
|
||||||
|
needPack |= unpackPermissionsForKeypath(AGENT_PERMISSIONS_KEYPATH, &_agentPermissions);
|
||||||
|
needPack |= unpackPermissionsForKeypath(IP_PERMISSIONS_KEYPATH, &_ipPermissions);
|
||||||
|
needPack |= unpackPermissionsForKeypath(IP_FORBIDDENS_KEYPATH, &_ipForbiddens);
|
||||||
|
|
||||||
|
needPack |= unpackPermissionsForKeypath(GROUP_PERMISSIONS_KEYPATH, &_groupPermissions,
|
||||||
|
[&](NodePermissionsPointer perms){
|
||||||
|
if (perms->isGroup()) {
|
||||||
|
// the group-id was cached. hook-up the uuid in the uuid->group hash
|
||||||
|
_groupPermissionsByUUID[GroupByUUIDKey(perms->getGroupID(), perms->getRankID())] = _groupPermissions[perms->getKey()];
|
||||||
|
needPack |= setGroupID(perms->getID(), perms->getGroupID());
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
needPack |= unpackPermissionsForKeypath(GROUP_FORBIDDENS_KEYPATH, &_groupForbiddens,
|
||||||
|
[&](NodePermissionsPointer perms) {
|
||||||
|
if (perms->isGroup()) {
|
||||||
|
// the group-id was cached. hook-up the uuid in the uuid->group hash
|
||||||
|
_groupForbiddensByUUID[GroupByUUIDKey(perms->getGroupID(), perms->getRankID())] = _groupForbiddens[perms->getKey()];
|
||||||
|
needPack |= setGroupID(perms->getID(), perms->getGroupID());
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
// if any of the standard names are missing, add them
|
// if any of the standard names are missing, add them
|
||||||
if (!foundLocalhost) {
|
if (!foundLocalhost) {
|
||||||
|
|
|
||||||
|
|
@ -27,6 +27,8 @@ const QString SETTINGS_PATH = "/settings";
|
||||||
const QString SETTINGS_PATH_JSON = SETTINGS_PATH + ".json";
|
const QString SETTINGS_PATH_JSON = SETTINGS_PATH + ".json";
|
||||||
const QString AGENT_STANDARD_PERMISSIONS_KEYPATH = "security.standard_permissions";
|
const QString AGENT_STANDARD_PERMISSIONS_KEYPATH = "security.standard_permissions";
|
||||||
const QString AGENT_PERMISSIONS_KEYPATH = "security.permissions";
|
const QString AGENT_PERMISSIONS_KEYPATH = "security.permissions";
|
||||||
|
const QString IP_PERMISSIONS_KEYPATH = "security.ip_permissions";
|
||||||
|
const QString IP_FORBIDDENS_KEYPATH = "security.ip_forbiddens";
|
||||||
const QString GROUP_PERMISSIONS_KEYPATH = "security.group_permissions";
|
const QString GROUP_PERMISSIONS_KEYPATH = "security.group_permissions";
|
||||||
const QString GROUP_FORBIDDENS_KEYPATH = "security.group_forbiddens";
|
const QString GROUP_FORBIDDENS_KEYPATH = "security.group_forbiddens";
|
||||||
|
|
||||||
|
|
@ -58,6 +60,14 @@ public:
|
||||||
NodePermissions getPermissionsForName(const NodePermissionsKey& key) const { return getPermissionsForName(key.first); }
|
NodePermissions getPermissionsForName(const NodePermissionsKey& key) const { return getPermissionsForName(key.first); }
|
||||||
QStringList getAllNames() const;
|
QStringList getAllNames() const;
|
||||||
|
|
||||||
|
// these give access to permissions for specific IPs from the domain-server settings page
|
||||||
|
bool havePermissionsForIP(const QHostAddress& address) const { return _ipPermissions.contains(address.toString(), 0); }
|
||||||
|
NodePermissions getPermissionsForIP(const QHostAddress& address) const;
|
||||||
|
|
||||||
|
// these remove permissions from users connecting from specific IPs
|
||||||
|
bool haveForbiddensForIP(const QHostAddress& address) const { return _ipForbiddens.contains(address.toString(), 0); }
|
||||||
|
NodePermissions getForbiddensForIP(const QHostAddress& address) const;
|
||||||
|
|
||||||
// these give access to permissions for specific groups from the domain-server settings page
|
// these give access to permissions for specific groups from the domain-server settings page
|
||||||
bool havePermissionsForGroup(const QString& groupName, QUuid rankID) const {
|
bool havePermissionsForGroup(const QString& groupName, QUuid rankID) const {
|
||||||
return _groupPermissions.contains(groupName, rankID);
|
return _groupPermissions.contains(groupName, rankID);
|
||||||
|
|
@ -129,11 +139,16 @@ private:
|
||||||
void packPermissionsForMap(QString mapName, NodePermissionsMap& permissionsRows, QString keyPath);
|
void packPermissionsForMap(QString mapName, NodePermissionsMap& permissionsRows, QString keyPath);
|
||||||
void packPermissions();
|
void packPermissions();
|
||||||
void unpackPermissions();
|
void unpackPermissions();
|
||||||
|
bool unpackPermissionsForKeypath(const QString& keyPath, NodePermissionsMap* destinationMapPointer,
|
||||||
|
std::function<void(NodePermissionsPointer)> customUnpacker = {});
|
||||||
bool ensurePermissionsForGroupRanks();
|
bool ensurePermissionsForGroupRanks();
|
||||||
|
|
||||||
NodePermissionsMap _standardAgentPermissions; // anonymous, logged-in, localhost, friend-of-domain-owner
|
NodePermissionsMap _standardAgentPermissions; // anonymous, logged-in, localhost, friend-of-domain-owner
|
||||||
NodePermissionsMap _agentPermissions; // specific account-names
|
NodePermissionsMap _agentPermissions; // specific account-names
|
||||||
|
|
||||||
|
NodePermissionsMap _ipPermissions; // permissions granted by node IP address
|
||||||
|
NodePermissionsMap _ipForbiddens; // permissions denied by node IP address
|
||||||
|
|
||||||
NodePermissionsMap _groupPermissions; // permissions granted by membership to specific groups
|
NodePermissionsMap _groupPermissions; // permissions granted by membership to specific groups
|
||||||
NodePermissionsMap _groupForbiddens; // permissions denied due to membership in a specific group
|
NodePermissionsMap _groupForbiddens; // permissions denied due to membership in a specific group
|
||||||
// these are like _groupPermissions and _groupForbiddens but with uuids rather than group-names in the keys
|
// these are like _groupPermissions and _groupForbiddens but with uuids rather than group-names in the keys
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue