Fine tune permissions

This commit is contained in:
Aurora Lahtela 2024-04-06 10:13:31 +03:00
parent 1dcf284b1e
commit c4ddd53b8f
7 changed files with 107 additions and 8 deletions

View File

@ -19,6 +19,9 @@ package com.djrapitops.plan.delivery.domain.auth;
import com.djrapitops.plan.settings.locale.lang.Lang; import com.djrapitops.plan.settings.locale.lang.Lang;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import java.util.Arrays;
import java.util.Optional;
import java.util.function.Predicate;
import java.util.function.Supplier; import java.util.function.Supplier;
/** /**
@ -47,7 +50,8 @@ public enum WebPermission implements Supplier<String>, Lang {
PAGE_NETWORK_SESSIONS_LIST("See list of sessions"), PAGE_NETWORK_SESSIONS_LIST("See list of sessions"),
PAGE_NETWORK_JOIN_ADDRESSES("See Join Addresses -tab"), PAGE_NETWORK_JOIN_ADDRESSES("See Join Addresses -tab"),
PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS("See Join Address graphs"), PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS("See Join Address graphs"),
PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS_PIE("See Latest Join Addresses graph"), @Deprecated
PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS_PIE("See Latest Join Addresses graph", true),
PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS_TIME("See Join Addresses over time graph"), PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS_TIME("See Join Addresses over time graph"),
PAGE_NETWORK_RETENTION("See Player Retention -tab"), PAGE_NETWORK_RETENTION("See Player Retention -tab"),
PAGE_NETWORK_GEOLOCATIONS("See Geolocations tab"), PAGE_NETWORK_GEOLOCATIONS("See Geolocations tab"),
@ -82,7 +86,8 @@ public enum WebPermission implements Supplier<String>, Lang {
PAGE_SERVER_SESSIONS_LIST("See list of sessions"), PAGE_SERVER_SESSIONS_LIST("See list of sessions"),
PAGE_SERVER_JOIN_ADDRESSES("See Join Addresses -tab"), PAGE_SERVER_JOIN_ADDRESSES("See Join Addresses -tab"),
PAGE_SERVER_JOIN_ADDRESSES_GRAPHS("See Join Address graphs"), PAGE_SERVER_JOIN_ADDRESSES_GRAPHS("See Join Address graphs"),
PAGE_SERVER_JOIN_ADDRESSES_GRAPHS_PIE("See Latest Join Addresses graph"), @Deprecated
PAGE_SERVER_JOIN_ADDRESSES_GRAPHS_PIE("See Latest Join Addresses graph", true),
PAGE_SERVER_JOIN_ADDRESSES_GRAPHS_TIME("See Join Addresses over time graph"), PAGE_SERVER_JOIN_ADDRESSES_GRAPHS_TIME("See Join Addresses over time graph"),
PAGE_SERVER_RETENTION("See Player Retention -tab"), PAGE_SERVER_RETENTION("See Player Retention -tab"),
PAGE_SERVER_GEOLOCATIONS("See Geolocations tab"), PAGE_SERVER_GEOLOCATIONS("See Geolocations tab"),
@ -156,4 +161,23 @@ public enum WebPermission implements Supplier<String>, Lang {
public String getDefault() { public String getDefault() {
return description; return description;
} }
public static WebPermission[] nonDeprecatedValues() {
return Arrays.stream(values())
.filter(Predicate.not(WebPermission::isDeprecated))
.toArray(WebPermission[]::new);
}
public static Optional<WebPermission> findByPermission(String permission) {
String name = StringUtils.upperCase(permission).replace('.', '_');
try {
return Optional.of(valueOf(name));
} catch (IllegalArgumentException noSuchEnum) {
return Optional.empty();
}
}
public static boolean isDeprecated(String permission) {
return findByPermission(permission).map(WebPermission::isDeprecated).orElse(false);
}
} }

View File

@ -23,6 +23,7 @@ import com.djrapitops.plan.delivery.rendering.json.JSONFactory;
import com.djrapitops.plan.delivery.web.resolver.MimeType; import com.djrapitops.plan.delivery.web.resolver.MimeType;
import com.djrapitops.plan.delivery.web.resolver.Response; import com.djrapitops.plan.delivery.web.resolver.Response;
import com.djrapitops.plan.delivery.web.resolver.request.Request; import com.djrapitops.plan.delivery.web.resolver.request.Request;
import com.djrapitops.plan.delivery.web.resolver.request.URIQuery;
import com.djrapitops.plan.delivery.web.resolver.request.WebUser; import com.djrapitops.plan.delivery.web.resolver.request.WebUser;
import com.djrapitops.plan.delivery.webserver.cache.AsyncJSONResolverService; import com.djrapitops.plan.delivery.webserver.cache.AsyncJSONResolverService;
import com.djrapitops.plan.delivery.webserver.cache.DataID; import com.djrapitops.plan.delivery.webserver.cache.DataID;
@ -70,10 +71,20 @@ public class PlayerJoinAddressJSONResolver extends JSONResolver {
@Override @Override
public boolean canAccess(@Untrusted Request request) { public boolean canAccess(@Untrusted Request request) {
WebUser user = request.getUser().orElse(new WebUser("")); WebUser user = request.getUser().orElse(new WebUser(""));
if (request.getQuery().get("server").isPresent()) { @Untrusted URIQuery query = request.getQuery();
return user.hasPermission(WebPermission.PAGE_SERVER_RETENTION); Optional<String> listOnly = query.get("listOnly");
if (query.get("server").isPresent()) {
if (listOnly.isEmpty()) {
return user.hasPermission(WebPermission.PAGE_SERVER_RETENTION);
} else {
return user.hasPermission(WebPermission.PAGE_SERVER_JOIN_ADDRESSES_GRAPHS_TIME);
}
}
if (listOnly.isEmpty()) {
return user.hasPermission(WebPermission.PAGE_NETWORK_RETENTION);
} else {
return user.hasPermission(WebPermission.PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS_TIME);
} }
return user.hasPermission(WebPermission.PAGE_NETWORK_RETENTION);
} }
@GET @GET

View File

@ -37,6 +37,8 @@ import javax.inject.Inject;
import javax.inject.Singleton; import javax.inject.Singleton;
import java.util.List; import java.util.List;
import java.util.Optional; import java.util.Optional;
import java.util.function.Predicate;
import java.util.stream.Collectors;
/** /**
* Endpoint for getting list of available Plan web permissions. * Endpoint for getting list of available Plan web permissions.
@ -75,7 +77,10 @@ public class WebPermissionJSONResolver implements Resolver {
} }
private Response getResponse() { private Response getResponse() {
List<String> permissions = dbSystem.getDatabase().query(WebUserQueries.fetchAvailablePermissions()); List<String> permissions = dbSystem.getDatabase().query(WebUserQueries.fetchAvailablePermissions())
.stream()
.filter(Predicate.not(WebPermission::isDeprecated))
.collect(Collectors.toList());
WebPermissionList permissionList = new WebPermissionList(permissions); WebPermissionList permissionList = new WebPermissionList(permissions);
return Response.builder() return Response.builder()

View File

@ -108,7 +108,7 @@ public class LocaleSystem implements SubSystem {
HtmlLang.values(), HtmlLang.values(),
JSLang.values(), JSLang.values(),
PluginLang.values(), PluginLang.values(),
WebPermission.values(), WebPermission.nonDeprecatedValues(),
}; };
} }

View File

@ -39,7 +39,7 @@ public class UpdateWebPermissionsPatch extends Patch {
@Override @Override
public boolean hasBeenApplied() { public boolean hasBeenApplied() {
List<String> defaultPermissions = Arrays.stream(WebPermission.values()) List<String> defaultPermissions = Arrays.stream(WebPermission.nonDeprecatedValues())
.map(WebPermission::getPermission) .map(WebPermission::getPermission)
.collect(Collectors.toList()); .collect(Collectors.toList());
List<String> storedPermissions = query(WebUserQueries.fetchAvailablePermissions()); List<String> storedPermissions = query(WebUserQueries.fetchAvailablePermissions());

View File

@ -0,0 +1,56 @@
/*
* This file is part of Player Analytics (Plan).
*
* Plan is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License v3 as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Plan is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Plan. If not, see <https://www.gnu.org/licenses/>.
*/
package com.djrapitops.plan.delivery.domain.auth;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.*;
/**
* Tests for {@link WebPermission}.
*
* @author AuroraLS3
*/
class WebPermissionTest {
@Test
void webPermissionIsFound() {
String permission = "access.player.self";
WebPermission found = WebPermission.findByPermission(permission).orElseThrow(AssertionError::new);
WebPermission expected = WebPermission.ACCESS_PLAYER_SELF;
assertEquals(expected, found);
}
@Test
void webPermissionIsDetectedAsDeprecated() {
String permission = "page.server.join.addresses.graphs.pie";
assertTrue(WebPermission.isDeprecated(permission));
}
@Test
void webPermissionIsDetectedAsNonDeprecated() {
String permission = "access.player.self";
assertFalse(WebPermission.isDeprecated(permission));
}
@Test
void customWebPermissionIsDetectedAsNonDeprecated() {
String permission = "custom.permission";
assertFalse(WebPermission.isDeprecated(permission));
}
}

View File

@ -107,7 +107,10 @@ class AccessControlTest {
Arguments.of("/v1/pingTable?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_GEOLOCATIONS_PING_PER_COUNTRY, 200, 403), Arguments.of("/v1/pingTable?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_GEOLOCATIONS_PING_PER_COUNTRY, 200, 403),
Arguments.of("/v1/sessions?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_SESSIONS_LIST, 200, 403), Arguments.of("/v1/sessions?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_SESSIONS_LIST, 200, 403),
Arguments.of("/v1/retention?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_RETENTION, 200, 403), Arguments.of("/v1/retention?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_RETENTION, 200, 403),
Arguments.of("/v1/joinAddresses", WebPermission.PAGE_NETWORK_RETENTION, 200, 403),
Arguments.of("/v1/joinAddresses?listOnly=true", WebPermission.PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS_TIME, 200, 403),
Arguments.of("/v1/joinAddresses?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_RETENTION, 200, 403), Arguments.of("/v1/joinAddresses?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_RETENTION, 200, 403),
Arguments.of("/v1/joinAddresses?server=" + TestConstants.SERVER_UUID_STRING + "&listOnly=true", WebPermission.PAGE_SERVER_JOIN_ADDRESSES_GRAPHS_TIME, 200, 403),
Arguments.of("/network", WebPermission.ACCESS_NETWORK, 302, 403), Arguments.of("/network", WebPermission.ACCESS_NETWORK, 302, 403),
Arguments.of("/v1/network/overview", WebPermission.PAGE_NETWORK_OVERVIEW_NUMBERS, 200, 403), Arguments.of("/v1/network/overview", WebPermission.PAGE_NETWORK_OVERVIEW_NUMBERS, 200, 403),
Arguments.of("/v1/network/servers", WebPermission.PAGE_NETWORK_SERVER_LIST, 200, 403), Arguments.of("/v1/network/servers", WebPermission.PAGE_NETWORK_SERVER_LIST, 200, 403),