Upstream/LuckPerms
1
0
Fork 0
mirror of https://github.com/LuckPerms/LuckPerms.git synced 2024-09-30 14:27:29 +02:00
Code Issues Projects Releases Wiki Activity

Give false default permissions priority over wildcards

Browse Source 
I think this is a good compromise. It won't apply to registered permissions that are defaulted to 'op' (Bukkit) or 'undefined' (Sponge), only to those that are specifically set to false.

The change is configurable, enabled by default for new installs of LP.

Will hopefully go some way to resolving:
- #2787
- https://v2.nucleuspowered.org/docs/nowildcard.html
- NucleusPowered/Nucleus#1093 (and related)

cc: @dualspiral @slipcor
This commit is contained in:
Luck 2020-12-23 14:36:31 +00:00
parent 8dfeef9575
commit 8167fbf73f
No known key found for this signature in database
GPG Key ID: EFA9B3EC5FD90F8B
19 changed files with 160 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
bukkit/src/main/java/me/lucko/luckperms/bukkit/calculator/BukkitCalculatorFactory.java
View File

@ -45,14 +45,8 @@ import net.luckperms.api.query.QueryOptions;
public class BukkitCalculatorFactory implements CalculatorFactory {
private final LPBukkitPlugin plugin;
private final DefaultsProcessor opDefaultsProcessor;
private final DefaultsProcessor nonOpDefaultsProcessor;
public BukkitCalculatorFactory(LPBukkitPlugin plugin) {
this.plugin = plugin;
this.opDefaultsProcessor = new DefaultsProcessor(this.plugin, true);
this.nonOpDefaultsProcessor = new DefaultsProcessor(this.plugin, false);
}
@Override
@ -79,7 +73,8 @@ public class BukkitCalculatorFactory implements CalculatorFactory {
boolean op = queryOptions.option(BukkitContextManager.OP_OPTION).orElse(false);
if (metadata.getHolderType() == HolderType.USER && this.plugin.getConfiguration().get(ConfigKeys.APPLY_BUKKIT_DEFAULT_PERMISSIONS)) {
processors.add(op ? this.opDefaultsProcessor : this.nonOpDefaultsProcessor);
boolean overrideWildcards = this.plugin.getConfiguration().get(ConfigKeys.APPLY_DEFAULT_NEGATIONS_BEFORE_WILDCARDS);
processors.add(new DefaultsProcessor(this.plugin, overrideWildcards, op));
}
if (op) {

30
bukkit/src/main/java/me/lucko/luckperms/bukkit/calculator/DefaultsProcessor.java
View File

@ -27,11 +27,14 @@ package me.lucko.luckperms.bukkit.calculator;
import me.lucko.luckperms.bukkit.LPBukkitPlugin;
import me.lucko.luckperms.common.calculator.processor.PermissionProcessor;
import me.lucko.luckperms.common.calculator.processor.SpongeWildcardProcessor;
import me.lucko.luckperms.common.calculator.processor.WildcardProcessor;
import me.lucko.luckperms.common.calculator.result.TristateResult;
import net.luckperms.api.util.Tristate;
import org.bukkit.permissions.Permission;
import org.bukkit.permissions.PermissionDefault;
/**
* Permission Processor for Bukkits "default" permission system.
@ -41,15 +44,38 @@ public class DefaultsProcessor implements PermissionProcessor {
private static final TristateResult.Factory PERMISSION_MAP_RESULT_FACTORY = new TristateResult.Factory(DefaultsProcessor.class, "permission map");
private final LPBukkitPlugin plugin;
private final boolean overrideWildcards;
private final boolean isOp;
public DefaultsProcessor(LPBukkitPlugin plugin, boolean isOp) {
public DefaultsProcessor(LPBukkitPlugin plugin, boolean overrideWildcards, boolean isOp) {
this.plugin = plugin;
this.overrideWildcards = overrideWildcards;
this.isOp = isOp;
}
private boolean canOverrideWildcard(TristateResult prev) {
return this.overrideWildcards &&
(prev.processorClass() == WildcardProcessor.class || prev.processorClass() == SpongeWildcardProcessor.class) &&
prev.result() == Tristate.TRUE;
}
@Override
public TristateResult hasPermission(String permission) {
public TristateResult hasPermission(TristateResult prev, String permission) {
if (prev != TristateResult.UNDEFINED) {
// Check to see if the result should be overridden
if (canOverrideWildcard(prev)) {
Permission defPerm = this.plugin.getPermissionMap().get(permission);
if (defPerm != null) {
PermissionDefault def = defPerm.getDefault();
if (def == PermissionDefault.FALSE || (this.isOp && def == PermissionDefault.NOT_OP)) {
return PERMISSION_MAP_RESULT_FACTORY.result(Tristate.FALSE, "permission map (overriding wildcard): " + prev.cause());
}
}
}
return prev;
}
Tristate t = this.plugin.getDefaultPermissionMap().lookupDefaultPermission(permission, this.isOp);
if (t != Tristate.UNDEFINED) {
return DEFAULT_PERMISSION_MAP_RESULT_FACTORY.result(t);

5
bukkit/src/main/java/me/lucko/luckperms/bukkit/calculator/OpProcessor.java
View File

@ -44,7 +44,10 @@ public final class OpProcessor implements PermissionProcessor {
}
@Override
public TristateResult hasPermission(String permission) {
public TristateResult hasPermission(TristateResult prev, String permission) {
if (prev != TristateResult.UNDEFINED) {
return prev;
}
return TRUE_RESULT;
}
}

11
bukkit/src/main/resources/config.yml
View File

@ -470,6 +470,17 @@ apply-wildcards: true
# and so on.
apply-sponge-implicit-wildcards: false
# If the plugin should apply negated Bukkit default permissions before it considers wildcard
# assignments.
#
# - Plugin authors can define permissions which explicitly should not be given automatically to OPs.
# This is usually used for so called "anti-permissions" - permissions which, when granted, apply
# something negative.
# - If this option is set to true, LuckPerms will consider any negated declarations made by
# plugins before it considers wildcards. (similar to the way the OP system works)
# - If this option is set to false, LuckPerms will consider any wildcard assignments first.
apply-default-negated-permissions-before-wildcards: true
# If the plugin should parse regex permissions.
#
# - If set to true, LuckPerms will detect regex permissions, marked with "r=" at the start of the

11
common/src/main/java/me/lucko/luckperms/common/calculator/PermissionCalculator.java
View File

@ -35,8 +35,6 @@ import me.lucko.luckperms.common.model.HolderType;
import me.lucko.luckperms.common.plugin.LuckPermsPlugin;
import me.lucko.luckperms.common.verbose.event.PermissionCheckEvent;
import net.luckperms.api.util.Tristate;
import org.checkerframework.checker.nullness.qual.NonNull;
import java.util.List;
@ -106,14 +104,11 @@ public class PermissionCalculator implements Function<String, TristateResult> {
// that this call is behind the cache.
this.plugin.getPermissionRegistry().offer(permission);
TristateResult result = TristateResult.UNDEFINED;
for (PermissionProcessor processor : this.processors) {
TristateResult result = processor.hasPermission(permission);
if (result.result() != Tristate.UNDEFINED) {
return result;
}
result = processor.hasPermission(result, permission);
}
return TristateResult.UNDEFINED;
return result;
}
/**

12
common/src/main/java/me/lucko/luckperms/common/calculator/processor/AbstractPermissionProcessor.java
View File

@ -25,6 +25,8 @@
package me.lucko.luckperms.common.calculator.processor;
import me.lucko.luckperms.common.calculator.result.TristateResult;
import java.util.Collections;
import java.util.Map;
@ -35,4 +37,14 @@ public abstract class AbstractPermissionProcessor implements PermissionProcessor
public void setSource(Map<String, Boolean> sourceMap) {
this.sourceMap = sourceMap;
}
@Override
public TristateResult hasPermission(TristateResult prev, String permission) {
if (prev != TristateResult.UNDEFINED) {
return prev;
}
return hasPermission(permission);
}
public abstract TristateResult hasPermission(String permission);
}

3
common/src/main/java/me/lucko/luckperms/common/calculator/processor/PermissionProcessor.java
View File

@ -41,10 +41,11 @@ public interface PermissionProcessor {
/**
* Returns the permission value determined by this calculator.
*
* @param prev the result of the previous calculator in the chain
* @param permission the permission
* @return a tristate
*/
TristateResult hasPermission(String permission);
TristateResult hasPermission(TristateResult prev, String permission);
/**
* Sets the source permissions which should be used by this processor

5
common/src/main/java/me/lucko/luckperms/common/config/ConfigKeys.java
View File

@ -237,6 +237,11 @@ public final class ConfigKeys {
return c.getBoolean("apply-sponge-implicit-wildcards", def);
}));
/**
* If default negated permissions should be applied before wildcards.
*/
public static final ConfigKey<Boolean> APPLY_DEFAULT_NEGATIONS_BEFORE_WILDCARDS = notReloadable(booleanKey("apply-default-negated-permissions-before-wildcards", false));
/**
* If regex permissions are being applied
*/

28
nukkit/src/main/java/me/lucko/luckperms/nukkit/calculator/DefaultsProcessor.java
View File

@ -26,6 +26,8 @@
package me.lucko.luckperms.nukkit.calculator;
import me.lucko.luckperms.common.calculator.processor.PermissionProcessor;
import me.lucko.luckperms.common.calculator.processor.SpongeWildcardProcessor;
import me.lucko.luckperms.common.calculator.processor.WildcardProcessor;
import me.lucko.luckperms.common.calculator.result.TristateResult;
import me.lucko.luckperms.nukkit.LPNukkitPlugin;
import me.lucko.luckperms.nukkit.inject.PermissionDefault;
@ -40,15 +42,37 @@ public class DefaultsProcessor implements PermissionProcessor {
private static final TristateResult.Factory PERMISSION_MAP_RESULT_FACTORY = new TristateResult.Factory(DefaultsProcessor.class, "permission map");
private final LPNukkitPlugin plugin;
private final boolean overrideWildcards;
private final boolean isOp;
public DefaultsProcessor(LPNukkitPlugin plugin, boolean isOp) {
public DefaultsProcessor(LPNukkitPlugin plugin, boolean overrideWildcards, boolean isOp) {
this.plugin = plugin;
this.overrideWildcards = overrideWildcards;
this.isOp = isOp;
}
private boolean canOverrideWildcard(TristateResult prev) {
return this.overrideWildcards &&
(prev.processorClass() == WildcardProcessor.class || prev.processorClass() == SpongeWildcardProcessor.class) &&
prev.result() == Tristate.TRUE;
}
@Override
public TristateResult hasPermission(String permission) {
public TristateResult hasPermission(TristateResult prev, String permission) {
if (prev != TristateResult.UNDEFINED) {
// Check to see if the result should be overridden
if (canOverrideWildcard(prev)) {
PermissionDefault def = PermissionDefault.fromPermission(this.plugin.getPermissionMap().get(permission));
if (def != null) {
if (def == PermissionDefault.FALSE || (this.isOp && def == PermissionDefault.NOT_OP)) {
return PERMISSION_MAP_RESULT_FACTORY.result(Tristate.FALSE, "permission map (overriding wildcard): " + prev.cause());
}
}
}
return prev;
}
Tristate t = this.plugin.getDefaultPermissionMap().lookupDefaultPermission(permission, this.isOp);
if (t != Tristate.UNDEFINED) {
return DEFAULT_PERMISSION_MAP_RESULT_FACTORY.result(t);

9
nukkit/src/main/java/me/lucko/luckperms/nukkit/calculator/NukkitCalculatorFactory.java
View File

@ -45,14 +45,8 @@ import net.luckperms.api.query.QueryOptions;
public class NukkitCalculatorFactory implements CalculatorFactory {
private final LPNukkitPlugin plugin;
private final DefaultsProcessor opDefaultsProcessor;
private final DefaultsProcessor nonOpDefaultsProcessor;
public NukkitCalculatorFactory(LPNukkitPlugin plugin) {
this.plugin = plugin;
this.opDefaultsProcessor = new DefaultsProcessor(this.plugin, true);
this.nonOpDefaultsProcessor = new DefaultsProcessor(this.plugin, false);
}
@Override
@ -79,7 +73,8 @@ public class NukkitCalculatorFactory implements CalculatorFactory {
boolean op = queryOptions.option(NukkitContextManager.OP_OPTION).orElse(false);
if (metadata.getHolderType() == HolderType.USER && this.plugin.getConfiguration().get(ConfigKeys.APPLY_NUKKIT_DEFAULT_PERMISSIONS)) {
processors.add(op ? this.opDefaultsProcessor : this.nonOpDefaultsProcessor);
boolean overrideWildcards = this.plugin.getConfiguration().get(ConfigKeys.APPLY_DEFAULT_NEGATIONS_BEFORE_WILDCARDS);
processors.add(new DefaultsProcessor(this.plugin, overrideWildcards, op));
}
if (op) {

5
nukkit/src/main/java/me/lucko/luckperms/nukkit/calculator/OpProcessor.java
View File

@ -44,7 +44,10 @@ public final class OpProcessor implements PermissionProcessor {
}
@Override
public TristateResult hasPermission(String permission) {
public TristateResult hasPermission(TristateResult prev, String permission) {
if (prev != TristateResult.UNDEFINED) {
return prev;
}
return TRUE_RESULT;
}
}

11
nukkit/src/main/resources/config.yml
View File

@ -465,6 +465,17 @@ apply-wildcards: true
# and so on.
apply-sponge-implicit-wildcards: false
# If the plugin should apply negated Nukkit default permissions before it considers wildcard
# assignments.
#
# - Plugin authors can define permissions which explicitly should not be given automatically to OPs.
# This is usually used for so called "anti-permissions" - permissions which, when granted, apply
# something negative.
# - If this option is set to true, LuckPerms will consider any negated declarations made by
# plugins before it considers wildcards. (similar to the way the OP system works)
# - If this option is set to false, LuckPerms will consider any wildcard assignments first.
apply-default-negated-permissions-before-wildcards: true
# If the plugin should parse regex permissions.
#
# - If set to true, LuckPerms will detect regex permissions, marked with "r=" at the start of the

31
sponge/src/main/java/me/lucko/luckperms/sponge/calculator/DefaultsProcessor.java
View File

@ -26,6 +26,8 @@
package me.lucko.luckperms.sponge.calculator;
import me.lucko.luckperms.common.calculator.processor.PermissionProcessor;
import me.lucko.luckperms.common.calculator.processor.SpongeWildcardProcessor;
import me.lucko.luckperms.common.calculator.processor.WildcardProcessor;
import me.lucko.luckperms.common.calculator.result.TristateResult;
import me.lucko.luckperms.sponge.service.model.LPPermissionService;
import me.lucko.luckperms.sponge.service.model.LPSubject;
@ -39,16 +41,41 @@ public abstract class DefaultsProcessor implements PermissionProcessor {
protected final LPPermissionService service;
private final QueryOptions queryOptions;
private final boolean overrideWildcards;
public DefaultsProcessor(LPPermissionService service, QueryOptions queryOptions) {
public DefaultsProcessor(LPPermissionService service, QueryOptions queryOptions, boolean overrideWildcards) {
this.service = service;
this.queryOptions = queryOptions;
this.overrideWildcards = overrideWildcards;
}
protected abstract LPSubject getTypeDefaults();
private boolean canOverrideWildcard(TristateResult prev) {
return this.overrideWildcards &&
(prev.processorClass() == WildcardProcessor.class || prev.processorClass() == SpongeWildcardProcessor.class) &&
prev.result() == Tristate.TRUE;
}
@Override
public TristateResult hasPermission(String permission) {
public TristateResult hasPermission(TristateResult prev, String permission) {
if (prev != TristateResult.UNDEFINED) {
// Check to see if the result should be overridden
if (canOverrideWildcard(prev)) {
Tristate t = getTypeDefaults().getPermissionValue(this.queryOptions, permission);
if (t == Tristate.FALSE) {
return TYPE_DEFAULTS_RESULT_FACTORY.result(Tristate.FALSE, "type defaults (overriding wildcard): " + prev.cause());
}
t = this.service.getRootDefaults().getPermissionValue(this.queryOptions, permission);
if (t == Tristate.FALSE) {
return ROOT_DEFAULTS_RESULT_FACTORY.result(Tristate.FALSE, "root defaults (overriding wildcard): " + prev.cause());
}
}
return prev;
}
Tristate t = getTypeDefaults().getPermissionValue(this.queryOptions, permission);
if (t != Tristate.UNDEFINED) {
return TYPE_DEFAULTS_RESULT_FACTORY.result(t);

4
sponge/src/main/java/me/lucko/luckperms/sponge/calculator/FixedDefaultsProcessor.java
View File

@ -33,8 +33,8 @@ import net.luckperms.api.query.QueryOptions;
public class FixedDefaultsProcessor extends DefaultsProcessor {
private final LPSubject defaultsSubject;
public FixedDefaultsProcessor(LPPermissionService service, QueryOptions queryOptions, LPSubject defaultsSubject) {
super(service, queryOptions);
public FixedDefaultsProcessor(LPPermissionService service, QueryOptions queryOptions, LPSubject defaultsSubject, boolean overrideWildcards) {
super(service, queryOptions, overrideWildcards);
this.defaultsSubject = defaultsSubject;
}

4
sponge/src/main/java/me/lucko/luckperms/sponge/calculator/GroupDefaultsProcessor.java
View File

@ -32,8 +32,8 @@ import me.lucko.luckperms.sponge.service.model.LPSubject;
import net.luckperms.api.query.QueryOptions;
public class GroupDefaultsProcessor extends DefaultsProcessor implements PermissionProcessor {
public GroupDefaultsProcessor(LPPermissionService service, QueryOptions queryOptions) {
super(service, queryOptions);
public GroupDefaultsProcessor(LPPermissionService service, QueryOptions queryOptions, boolean overrideWildcards) {
super(service, queryOptions, overrideWildcards);
}
@Override

5
sponge/src/main/java/me/lucko/luckperms/sponge/calculator/SpongeCalculatorFactory.java
View File

@ -67,10 +67,11 @@ public class SpongeCalculatorFactory implements CalculatorFactory {
}
if (this.plugin.getConfiguration().get(ConfigKeys.APPLY_SPONGE_DEFAULT_SUBJECTS)) {
boolean overrideWildcards = this.plugin.getConfiguration().get(ConfigKeys.APPLY_DEFAULT_NEGATIONS_BEFORE_WILDCARDS);
if (metadata.getHolderType() == HolderType.USER) {
processors.add(new UserDefaultsProcessor(this.plugin.getService(), queryOptions));
processors.add(new UserDefaultsProcessor(this.plugin.getService(), queryOptions, overrideWildcards));
} else if (metadata.getHolderType() == HolderType.GROUP) {
processors.add(new GroupDefaultsProcessor(this.plugin.getService(), queryOptions));
processors.add(new GroupDefaultsProcessor(this.plugin.getService(), queryOptions, overrideWildcards));
}
}

4
sponge/src/main/java/me/lucko/luckperms/sponge/calculator/UserDefaultsProcessor.java
View File

@ -32,8 +32,8 @@ import me.lucko.luckperms.sponge.service.model.LPSubject;
import net.luckperms.api.query.QueryOptions;
public class UserDefaultsProcessor extends DefaultsProcessor implements PermissionProcessor {
public UserDefaultsProcessor(LPPermissionService service, QueryOptions queryOptions) {
super(service, queryOptions);
public UserDefaultsProcessor(LPPermissionService service, QueryOptions queryOptions, boolean overrideWildcards) {
super(service, queryOptions, overrideWildcards);
}
@Override

2
sponge/src/main/java/me/lucko/luckperms/sponge/service/model/calculated/CalculatedSubjectCachedDataManager.java
View File

@ -103,7 +103,7 @@ public class CalculatedSubjectCachedDataManager extends AbstractCachedDataManage
processors.add(new WildcardProcessor());
if (!this.subject.getParentCollection().isDefaultsCollection()) {
processors.add(new FixedDefaultsProcessor(this.subject.getService(), queryOptions, this.subject.getDefaults()));
processors.add(new FixedDefaultsProcessor(this.subject.getService(), queryOptions, this.subject.getDefaults(), true));
}
return new PermissionCalculator(getPlugin(), metadata, processors.build());

11
sponge/src/main/resources/luckperms.conf
View File

@ -481,6 +481,17 @@ apply-wildcards = true
# and so on.
apply-sponge-implicit-wildcards=true
# If the plugin should apply negated default permissions before it considers wildcard
# assignments.
#
# - Plugin authors can define permissions which explicitly should be false by default.
# This is usually used for so called "anti-permissions" - permissions which, when granted, apply
# something negative.
# - If this option is set to true, LuckPerms will consider any negated declarations made by
# plugins before it considers wildcards.
# - If this option is set to false, LuckPerms will consider any wildcard assignments first.
apply-default-negated-permissions-before-wildcards=true
# If the plugin should parse regex permissions.
#
# - If set to true, LuckPerms will detect regex permissions, marked with "r=" at the start of the