From ba032ce0b4a04da02189a1c85f2a7a92a1d65012 Mon Sep 17 00:00:00 2001 From: Seth Alves Date: Mon, 20 Jun 2016 14:06:09 -0700 Subject: [PATCH] apply a group's permissions to users who belong to the group --- .../src/DomainServerSettingsManager.cpp | 42 ++++++++++++++++++- .../src/DomainServerSettingsManager.h | 16 ++++++- 2 files changed, 56 insertions(+), 2 deletions(-) diff --git a/domain-server/src/DomainServerSettingsManager.cpp b/domain-server/src/DomainServerSettingsManager.cpp index ff38af6ad9..5e55a20601 100644 --- a/domain-server/src/DomainServerSettingsManager.cpp +++ b/domain-server/src/DomainServerSettingsManager.cpp @@ -379,6 +379,10 @@ void DomainServerSettingsManager::unpackPermissions() { } else { _groupPermissions[id] = perms; } + if (perms->isGroup()) { + // the group-id was cached. hook-up the id in the id->group hash + _groupByID[perms->getGroupID()] = _groupPermissions[id]; + } } // if any of the standard names are missing, add them @@ -444,6 +448,26 @@ NodePermissions DomainServerSettingsManager::getPermissionsForName(const QString return nullPermissions; } +NodePermissions DomainServerSettingsManager::getPermissionsForGroup(const QString& groupname) const { + if (_groupPermissions.contains(groupname)) { + return *(_groupPermissions[groupname].get()); + } + NodePermissions nullPermissions; + nullPermissions.setAll(false); + return nullPermissions; +} + +NodePermissions DomainServerSettingsManager::getPermissionsForGroup(const QUuid& groupID) const { + if (!_groupByID.contains(groupID)) { + NodePermissions nullPermissions; + nullPermissions.setAll(false); + return nullPermissions; + } + QString groupName = _groupByID[groupID]->getID(); + return getPermissionsForGroup(groupName); +} + + QVariant DomainServerSettingsManager::valueOrDefaultValueForKeyPath(const QString& keyPath) { const QVariant* foundValue = valueForKeyPath(_configMap.getMergedConfig(), keyPath); @@ -865,7 +889,7 @@ void DomainServerSettingsManager::persistToFile() { } void DomainServerSettingsManager::requestMissingGroupIDs() { - QHashIterator i(_groupPermissions); + QHashIterator i(_groupPermissions.get()); while (i.hasNext()) { i.next(); NodePermissionsPointer perms = i.value(); @@ -879,6 +903,13 @@ void DomainServerSettingsManager::requestMissingGroupIDs() { } } +NodePermissionsPointer DomainServerSettingsManager::lookupGroupByID(const QUuid& id) { + if (_groupByID.contains(id)) { + return _groupByID[id]; + } + return nullptr; +} + void DomainServerSettingsManager::getGroupID(const QString& groupname) { JSONCallbackParameters callbackParams; callbackParams.jsonCallbackReceiver = this; @@ -905,6 +936,7 @@ void DomainServerSettingsManager::getGroupIDJSONCallback(QNetworkReply& requestR if (_groupPermissions.contains(groupName)) { qDebug() << "ID for group:" << groupName << "is" << groupID; _groupPermissions[groupName]->setGroupID(groupID); + _groupByID[groupID] = _groupPermissions[groupName]; packPermissions(); } else { qDebug() << "DomainServerSettingsManager::getGroupIDJSONCallback got response for unknown group:" << groupName; @@ -917,3 +949,11 @@ void DomainServerSettingsManager::getGroupIDJSONCallback(QNetworkReply& requestR void DomainServerSettingsManager::getGroupIDErrorCallback(QNetworkReply& requestReply) { qDebug() << "getGroupID api call failed:" << requestReply.error(); } + +void DomainServerSettingsManager::recordGroupMembership(const QString& name, const QUuid groupID, bool isMember) { + _groupMembership[name][groupID] = isMember; +} + +bool DomainServerSettingsManager::isGroupMember(const QString& name, const QUuid& groupID) { + return _groupMembership[name][groupID]; +} diff --git a/domain-server/src/DomainServerSettingsManager.h b/domain-server/src/DomainServerSettingsManager.h index a438e1160a..979d047fb7 100644 --- a/domain-server/src/DomainServerSettingsManager.h +++ b/domain-server/src/DomainServerSettingsManager.h @@ -43,11 +43,21 @@ public: QVariantMap& getSettingsMap() { return _configMap.getMergedConfig(); } bool haveStandardPermissionsForName(const QString& name) const { return _standardAgentPermissions.contains(name); } - bool havePermissionsForName(const QString& name) const { return _agentPermissions.contains(name); } NodePermissions getStandardPermissionsForName(const QString& name) const; + + bool havePermissionsForName(const QString& name) const { return _agentPermissions.contains(name); } NodePermissions getPermissionsForName(const QString& name) const; QStringList getAllNames() { return _agentPermissions.keys(); } + bool havePermissionsForGroup(const QString& groupname) const { return _groupPermissions.contains(groupname); } + NodePermissions getPermissionsForGroup(const QString& groupname) const; + NodePermissions getPermissionsForGroup(const QUuid& groupID) const; + QList getKnownGroupIDs() { return _groupByID.keys(); } + + // these are used to locally cache the result of calling "api/v1/groups/%1/is_member/%2" on metaverse's api + void recordGroupMembership(const QString& name, const QUuid groupID, bool isMember); + bool isGroupMember(const QString& name, const QUuid& groupID); + signals: void updateNodePermissions(); @@ -78,12 +88,16 @@ private: void requestMissingGroupIDs(); void getGroupID(const QString& groupname); + NodePermissionsPointer lookupGroupByID(const QUuid& id); void packPermissionsForMap(QString mapName, NodePermissionsMap& agentPermissions, QString keyPath); void packPermissions(); void unpackPermissions(); NodePermissionsMap _standardAgentPermissions; // anonymous, logged-in, localhost NodePermissionsMap _agentPermissions; // specific account-names + NodePermissionsMap _groupPermissions; // permissions granted by membershipt to specific groups + QHash _groupByID; + QHash> _groupMembership; }; #endif // hifi_DomainServerSettingsManager_h