mirror of
https://github.com/plan-player-analytics/Plan.git
synced 2024-11-01 00:10:12 +01:00
Fine tune permissions
This commit is contained in:
parent
1dcf284b1e
commit
c4ddd53b8f
@ -19,6 +19,9 @@ package com.djrapitops.plan.delivery.domain.auth;
|
|||||||
import com.djrapitops.plan.settings.locale.lang.Lang;
|
import com.djrapitops.plan.settings.locale.lang.Lang;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
|
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.Optional;
|
||||||
|
import java.util.function.Predicate;
|
||||||
import java.util.function.Supplier;
|
import java.util.function.Supplier;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -47,7 +50,8 @@ public enum WebPermission implements Supplier<String>, Lang {
|
|||||||
PAGE_NETWORK_SESSIONS_LIST("See list of sessions"),
|
PAGE_NETWORK_SESSIONS_LIST("See list of sessions"),
|
||||||
PAGE_NETWORK_JOIN_ADDRESSES("See Join Addresses -tab"),
|
PAGE_NETWORK_JOIN_ADDRESSES("See Join Addresses -tab"),
|
||||||
PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS("See Join Address graphs"),
|
PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS("See Join Address graphs"),
|
||||||
PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS_PIE("See Latest Join Addresses graph"),
|
@Deprecated
|
||||||
|
PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS_PIE("See Latest Join Addresses graph", true),
|
||||||
PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS_TIME("See Join Addresses over time graph"),
|
PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS_TIME("See Join Addresses over time graph"),
|
||||||
PAGE_NETWORK_RETENTION("See Player Retention -tab"),
|
PAGE_NETWORK_RETENTION("See Player Retention -tab"),
|
||||||
PAGE_NETWORK_GEOLOCATIONS("See Geolocations tab"),
|
PAGE_NETWORK_GEOLOCATIONS("See Geolocations tab"),
|
||||||
@ -82,7 +86,8 @@ public enum WebPermission implements Supplier<String>, Lang {
|
|||||||
PAGE_SERVER_SESSIONS_LIST("See list of sessions"),
|
PAGE_SERVER_SESSIONS_LIST("See list of sessions"),
|
||||||
PAGE_SERVER_JOIN_ADDRESSES("See Join Addresses -tab"),
|
PAGE_SERVER_JOIN_ADDRESSES("See Join Addresses -tab"),
|
||||||
PAGE_SERVER_JOIN_ADDRESSES_GRAPHS("See Join Address graphs"),
|
PAGE_SERVER_JOIN_ADDRESSES_GRAPHS("See Join Address graphs"),
|
||||||
PAGE_SERVER_JOIN_ADDRESSES_GRAPHS_PIE("See Latest Join Addresses graph"),
|
@Deprecated
|
||||||
|
PAGE_SERVER_JOIN_ADDRESSES_GRAPHS_PIE("See Latest Join Addresses graph", true),
|
||||||
PAGE_SERVER_JOIN_ADDRESSES_GRAPHS_TIME("See Join Addresses over time graph"),
|
PAGE_SERVER_JOIN_ADDRESSES_GRAPHS_TIME("See Join Addresses over time graph"),
|
||||||
PAGE_SERVER_RETENTION("See Player Retention -tab"),
|
PAGE_SERVER_RETENTION("See Player Retention -tab"),
|
||||||
PAGE_SERVER_GEOLOCATIONS("See Geolocations tab"),
|
PAGE_SERVER_GEOLOCATIONS("See Geolocations tab"),
|
||||||
@ -156,4 +161,23 @@ public enum WebPermission implements Supplier<String>, Lang {
|
|||||||
public String getDefault() {
|
public String getDefault() {
|
||||||
return description;
|
return description;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static WebPermission[] nonDeprecatedValues() {
|
||||||
|
return Arrays.stream(values())
|
||||||
|
.filter(Predicate.not(WebPermission::isDeprecated))
|
||||||
|
.toArray(WebPermission[]::new);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static Optional<WebPermission> findByPermission(String permission) {
|
||||||
|
String name = StringUtils.upperCase(permission).replace('.', '_');
|
||||||
|
try {
|
||||||
|
return Optional.of(valueOf(name));
|
||||||
|
} catch (IllegalArgumentException noSuchEnum) {
|
||||||
|
return Optional.empty();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static boolean isDeprecated(String permission) {
|
||||||
|
return findByPermission(permission).map(WebPermission::isDeprecated).orElse(false);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -23,6 +23,7 @@ import com.djrapitops.plan.delivery.rendering.json.JSONFactory;
|
|||||||
import com.djrapitops.plan.delivery.web.resolver.MimeType;
|
import com.djrapitops.plan.delivery.web.resolver.MimeType;
|
||||||
import com.djrapitops.plan.delivery.web.resolver.Response;
|
import com.djrapitops.plan.delivery.web.resolver.Response;
|
||||||
import com.djrapitops.plan.delivery.web.resolver.request.Request;
|
import com.djrapitops.plan.delivery.web.resolver.request.Request;
|
||||||
|
import com.djrapitops.plan.delivery.web.resolver.request.URIQuery;
|
||||||
import com.djrapitops.plan.delivery.web.resolver.request.WebUser;
|
import com.djrapitops.plan.delivery.web.resolver.request.WebUser;
|
||||||
import com.djrapitops.plan.delivery.webserver.cache.AsyncJSONResolverService;
|
import com.djrapitops.plan.delivery.webserver.cache.AsyncJSONResolverService;
|
||||||
import com.djrapitops.plan.delivery.webserver.cache.DataID;
|
import com.djrapitops.plan.delivery.webserver.cache.DataID;
|
||||||
@ -70,10 +71,20 @@ public class PlayerJoinAddressJSONResolver extends JSONResolver {
|
|||||||
@Override
|
@Override
|
||||||
public boolean canAccess(@Untrusted Request request) {
|
public boolean canAccess(@Untrusted Request request) {
|
||||||
WebUser user = request.getUser().orElse(new WebUser(""));
|
WebUser user = request.getUser().orElse(new WebUser(""));
|
||||||
if (request.getQuery().get("server").isPresent()) {
|
@Untrusted URIQuery query = request.getQuery();
|
||||||
return user.hasPermission(WebPermission.PAGE_SERVER_RETENTION);
|
Optional<String> listOnly = query.get("listOnly");
|
||||||
|
if (query.get("server").isPresent()) {
|
||||||
|
if (listOnly.isEmpty()) {
|
||||||
|
return user.hasPermission(WebPermission.PAGE_SERVER_RETENTION);
|
||||||
|
} else {
|
||||||
|
return user.hasPermission(WebPermission.PAGE_SERVER_JOIN_ADDRESSES_GRAPHS_TIME);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (listOnly.isEmpty()) {
|
||||||
|
return user.hasPermission(WebPermission.PAGE_NETWORK_RETENTION);
|
||||||
|
} else {
|
||||||
|
return user.hasPermission(WebPermission.PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS_TIME);
|
||||||
}
|
}
|
||||||
return user.hasPermission(WebPermission.PAGE_NETWORK_RETENTION);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@GET
|
@GET
|
||||||
|
@ -37,6 +37,8 @@ import javax.inject.Inject;
|
|||||||
import javax.inject.Singleton;
|
import javax.inject.Singleton;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Optional;
|
import java.util.Optional;
|
||||||
|
import java.util.function.Predicate;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Endpoint for getting list of available Plan web permissions.
|
* Endpoint for getting list of available Plan web permissions.
|
||||||
@ -75,7 +77,10 @@ public class WebPermissionJSONResolver implements Resolver {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private Response getResponse() {
|
private Response getResponse() {
|
||||||
List<String> permissions = dbSystem.getDatabase().query(WebUserQueries.fetchAvailablePermissions());
|
List<String> permissions = dbSystem.getDatabase().query(WebUserQueries.fetchAvailablePermissions())
|
||||||
|
.stream()
|
||||||
|
.filter(Predicate.not(WebPermission::isDeprecated))
|
||||||
|
.collect(Collectors.toList());
|
||||||
|
|
||||||
WebPermissionList permissionList = new WebPermissionList(permissions);
|
WebPermissionList permissionList = new WebPermissionList(permissions);
|
||||||
return Response.builder()
|
return Response.builder()
|
||||||
|
@ -108,7 +108,7 @@ public class LocaleSystem implements SubSystem {
|
|||||||
HtmlLang.values(),
|
HtmlLang.values(),
|
||||||
JSLang.values(),
|
JSLang.values(),
|
||||||
PluginLang.values(),
|
PluginLang.values(),
|
||||||
WebPermission.values(),
|
WebPermission.nonDeprecatedValues(),
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -39,7 +39,7 @@ public class UpdateWebPermissionsPatch extends Patch {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean hasBeenApplied() {
|
public boolean hasBeenApplied() {
|
||||||
List<String> defaultPermissions = Arrays.stream(WebPermission.values())
|
List<String> defaultPermissions = Arrays.stream(WebPermission.nonDeprecatedValues())
|
||||||
.map(WebPermission::getPermission)
|
.map(WebPermission::getPermission)
|
||||||
.collect(Collectors.toList());
|
.collect(Collectors.toList());
|
||||||
List<String> storedPermissions = query(WebUserQueries.fetchAvailablePermissions());
|
List<String> storedPermissions = query(WebUserQueries.fetchAvailablePermissions());
|
||||||
|
@ -0,0 +1,56 @@
|
|||||||
|
/*
|
||||||
|
* This file is part of Player Analytics (Plan).
|
||||||
|
*
|
||||||
|
* Plan is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Lesser General Public License v3 as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* Plan is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public License
|
||||||
|
* along with Plan. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
package com.djrapitops.plan.delivery.domain.auth;
|
||||||
|
|
||||||
|
import org.junit.jupiter.api.Test;
|
||||||
|
|
||||||
|
import static org.junit.jupiter.api.Assertions.*;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Tests for {@link WebPermission}.
|
||||||
|
*
|
||||||
|
* @author AuroraLS3
|
||||||
|
*/
|
||||||
|
class WebPermissionTest {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void webPermissionIsFound() {
|
||||||
|
String permission = "access.player.self";
|
||||||
|
WebPermission found = WebPermission.findByPermission(permission).orElseThrow(AssertionError::new);
|
||||||
|
WebPermission expected = WebPermission.ACCESS_PLAYER_SELF;
|
||||||
|
assertEquals(expected, found);
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void webPermissionIsDetectedAsDeprecated() {
|
||||||
|
String permission = "page.server.join.addresses.graphs.pie";
|
||||||
|
assertTrue(WebPermission.isDeprecated(permission));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void webPermissionIsDetectedAsNonDeprecated() {
|
||||||
|
String permission = "access.player.self";
|
||||||
|
assertFalse(WebPermission.isDeprecated(permission));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
void customWebPermissionIsDetectedAsNonDeprecated() {
|
||||||
|
String permission = "custom.permission";
|
||||||
|
assertFalse(WebPermission.isDeprecated(permission));
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -107,7 +107,10 @@ class AccessControlTest {
|
|||||||
Arguments.of("/v1/pingTable?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_GEOLOCATIONS_PING_PER_COUNTRY, 200, 403),
|
Arguments.of("/v1/pingTable?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_GEOLOCATIONS_PING_PER_COUNTRY, 200, 403),
|
||||||
Arguments.of("/v1/sessions?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_SESSIONS_LIST, 200, 403),
|
Arguments.of("/v1/sessions?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_SESSIONS_LIST, 200, 403),
|
||||||
Arguments.of("/v1/retention?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_RETENTION, 200, 403),
|
Arguments.of("/v1/retention?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_RETENTION, 200, 403),
|
||||||
|
Arguments.of("/v1/joinAddresses", WebPermission.PAGE_NETWORK_RETENTION, 200, 403),
|
||||||
|
Arguments.of("/v1/joinAddresses?listOnly=true", WebPermission.PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS_TIME, 200, 403),
|
||||||
Arguments.of("/v1/joinAddresses?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_RETENTION, 200, 403),
|
Arguments.of("/v1/joinAddresses?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_RETENTION, 200, 403),
|
||||||
|
Arguments.of("/v1/joinAddresses?server=" + TestConstants.SERVER_UUID_STRING + "&listOnly=true", WebPermission.PAGE_SERVER_JOIN_ADDRESSES_GRAPHS_TIME, 200, 403),
|
||||||
Arguments.of("/network", WebPermission.ACCESS_NETWORK, 302, 403),
|
Arguments.of("/network", WebPermission.ACCESS_NETWORK, 302, 403),
|
||||||
Arguments.of("/v1/network/overview", WebPermission.PAGE_NETWORK_OVERVIEW_NUMBERS, 200, 403),
|
Arguments.of("/v1/network/overview", WebPermission.PAGE_NETWORK_OVERVIEW_NUMBERS, 200, 403),
|
||||||
Arguments.of("/v1/network/servers", WebPermission.PAGE_NETWORK_SERVER_LIST, 200, 403),
|
Arguments.of("/v1/network/servers", WebPermission.PAGE_NETWORK_SERVER_LIST, 200, 403),
|
||||||
|
Loading…
Reference in New Issue
Block a user