mirror of
https://github.com/plan-player-analytics/Plan.git
synced 2024-11-01 00:10:12 +01:00
Fine tune permissions
This commit is contained in:
parent
1dcf284b1e
commit
c4ddd53b8f
@ -19,6 +19,9 @@ package com.djrapitops.plan.delivery.domain.auth;
|
||||
import com.djrapitops.plan.settings.locale.lang.Lang;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Optional;
|
||||
import java.util.function.Predicate;
|
||||
import java.util.function.Supplier;
|
||||
|
||||
/**
|
||||
@ -47,7 +50,8 @@ public enum WebPermission implements Supplier<String>, Lang {
|
||||
PAGE_NETWORK_SESSIONS_LIST("See list of sessions"),
|
||||
PAGE_NETWORK_JOIN_ADDRESSES("See Join Addresses -tab"),
|
||||
PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS("See Join Address graphs"),
|
||||
PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS_PIE("See Latest Join Addresses graph"),
|
||||
@Deprecated
|
||||
PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS_PIE("See Latest Join Addresses graph", true),
|
||||
PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS_TIME("See Join Addresses over time graph"),
|
||||
PAGE_NETWORK_RETENTION("See Player Retention -tab"),
|
||||
PAGE_NETWORK_GEOLOCATIONS("See Geolocations tab"),
|
||||
@ -82,7 +86,8 @@ public enum WebPermission implements Supplier<String>, Lang {
|
||||
PAGE_SERVER_SESSIONS_LIST("See list of sessions"),
|
||||
PAGE_SERVER_JOIN_ADDRESSES("See Join Addresses -tab"),
|
||||
PAGE_SERVER_JOIN_ADDRESSES_GRAPHS("See Join Address graphs"),
|
||||
PAGE_SERVER_JOIN_ADDRESSES_GRAPHS_PIE("See Latest Join Addresses graph"),
|
||||
@Deprecated
|
||||
PAGE_SERVER_JOIN_ADDRESSES_GRAPHS_PIE("See Latest Join Addresses graph", true),
|
||||
PAGE_SERVER_JOIN_ADDRESSES_GRAPHS_TIME("See Join Addresses over time graph"),
|
||||
PAGE_SERVER_RETENTION("See Player Retention -tab"),
|
||||
PAGE_SERVER_GEOLOCATIONS("See Geolocations tab"),
|
||||
@ -156,4 +161,23 @@ public enum WebPermission implements Supplier<String>, Lang {
|
||||
public String getDefault() {
|
||||
return description;
|
||||
}
|
||||
|
||||
public static WebPermission[] nonDeprecatedValues() {
|
||||
return Arrays.stream(values())
|
||||
.filter(Predicate.not(WebPermission::isDeprecated))
|
||||
.toArray(WebPermission[]::new);
|
||||
}
|
||||
|
||||
public static Optional<WebPermission> findByPermission(String permission) {
|
||||
String name = StringUtils.upperCase(permission).replace('.', '_');
|
||||
try {
|
||||
return Optional.of(valueOf(name));
|
||||
} catch (IllegalArgumentException noSuchEnum) {
|
||||
return Optional.empty();
|
||||
}
|
||||
}
|
||||
|
||||
public static boolean isDeprecated(String permission) {
|
||||
return findByPermission(permission).map(WebPermission::isDeprecated).orElse(false);
|
||||
}
|
||||
}
|
||||
|
@ -23,6 +23,7 @@ import com.djrapitops.plan.delivery.rendering.json.JSONFactory;
|
||||
import com.djrapitops.plan.delivery.web.resolver.MimeType;
|
||||
import com.djrapitops.plan.delivery.web.resolver.Response;
|
||||
import com.djrapitops.plan.delivery.web.resolver.request.Request;
|
||||
import com.djrapitops.plan.delivery.web.resolver.request.URIQuery;
|
||||
import com.djrapitops.plan.delivery.web.resolver.request.WebUser;
|
||||
import com.djrapitops.plan.delivery.webserver.cache.AsyncJSONResolverService;
|
||||
import com.djrapitops.plan.delivery.webserver.cache.DataID;
|
||||
@ -70,10 +71,20 @@ public class PlayerJoinAddressJSONResolver extends JSONResolver {
|
||||
@Override
|
||||
public boolean canAccess(@Untrusted Request request) {
|
||||
WebUser user = request.getUser().orElse(new WebUser(""));
|
||||
if (request.getQuery().get("server").isPresent()) {
|
||||
@Untrusted URIQuery query = request.getQuery();
|
||||
Optional<String> listOnly = query.get("listOnly");
|
||||
if (query.get("server").isPresent()) {
|
||||
if (listOnly.isEmpty()) {
|
||||
return user.hasPermission(WebPermission.PAGE_SERVER_RETENTION);
|
||||
} else {
|
||||
return user.hasPermission(WebPermission.PAGE_SERVER_JOIN_ADDRESSES_GRAPHS_TIME);
|
||||
}
|
||||
}
|
||||
if (listOnly.isEmpty()) {
|
||||
return user.hasPermission(WebPermission.PAGE_NETWORK_RETENTION);
|
||||
} else {
|
||||
return user.hasPermission(WebPermission.PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS_TIME);
|
||||
}
|
||||
}
|
||||
|
||||
@GET
|
||||
|
@ -37,6 +37,8 @@ import javax.inject.Inject;
|
||||
import javax.inject.Singleton;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.function.Predicate;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
* Endpoint for getting list of available Plan web permissions.
|
||||
@ -75,7 +77,10 @@ public class WebPermissionJSONResolver implements Resolver {
|
||||
}
|
||||
|
||||
private Response getResponse() {
|
||||
List<String> permissions = dbSystem.getDatabase().query(WebUserQueries.fetchAvailablePermissions());
|
||||
List<String> permissions = dbSystem.getDatabase().query(WebUserQueries.fetchAvailablePermissions())
|
||||
.stream()
|
||||
.filter(Predicate.not(WebPermission::isDeprecated))
|
||||
.collect(Collectors.toList());
|
||||
|
||||
WebPermissionList permissionList = new WebPermissionList(permissions);
|
||||
return Response.builder()
|
||||
|
@ -108,7 +108,7 @@ public class LocaleSystem implements SubSystem {
|
||||
HtmlLang.values(),
|
||||
JSLang.values(),
|
||||
PluginLang.values(),
|
||||
WebPermission.values(),
|
||||
WebPermission.nonDeprecatedValues(),
|
||||
};
|
||||
}
|
||||
|
||||
|
@ -39,7 +39,7 @@ public class UpdateWebPermissionsPatch extends Patch {
|
||||
|
||||
@Override
|
||||
public boolean hasBeenApplied() {
|
||||
List<String> defaultPermissions = Arrays.stream(WebPermission.values())
|
||||
List<String> defaultPermissions = Arrays.stream(WebPermission.nonDeprecatedValues())
|
||||
.map(WebPermission::getPermission)
|
||||
.collect(Collectors.toList());
|
||||
List<String> storedPermissions = query(WebUserQueries.fetchAvailablePermissions());
|
||||
|
@ -0,0 +1,56 @@
|
||||
/*
|
||||
* This file is part of Player Analytics (Plan).
|
||||
*
|
||||
* Plan is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Lesser General Public License v3 as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* Plan is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public License
|
||||
* along with Plan. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
package com.djrapitops.plan.delivery.domain.auth;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.*;
|
||||
|
||||
/**
|
||||
* Tests for {@link WebPermission}.
|
||||
*
|
||||
* @author AuroraLS3
|
||||
*/
|
||||
class WebPermissionTest {
|
||||
|
||||
@Test
|
||||
void webPermissionIsFound() {
|
||||
String permission = "access.player.self";
|
||||
WebPermission found = WebPermission.findByPermission(permission).orElseThrow(AssertionError::new);
|
||||
WebPermission expected = WebPermission.ACCESS_PLAYER_SELF;
|
||||
assertEquals(expected, found);
|
||||
}
|
||||
|
||||
@Test
|
||||
void webPermissionIsDetectedAsDeprecated() {
|
||||
String permission = "page.server.join.addresses.graphs.pie";
|
||||
assertTrue(WebPermission.isDeprecated(permission));
|
||||
}
|
||||
|
||||
@Test
|
||||
void webPermissionIsDetectedAsNonDeprecated() {
|
||||
String permission = "access.player.self";
|
||||
assertFalse(WebPermission.isDeprecated(permission));
|
||||
}
|
||||
|
||||
@Test
|
||||
void customWebPermissionIsDetectedAsNonDeprecated() {
|
||||
String permission = "custom.permission";
|
||||
assertFalse(WebPermission.isDeprecated(permission));
|
||||
}
|
||||
|
||||
}
|
@ -107,7 +107,10 @@ class AccessControlTest {
|
||||
Arguments.of("/v1/pingTable?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_GEOLOCATIONS_PING_PER_COUNTRY, 200, 403),
|
||||
Arguments.of("/v1/sessions?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_SESSIONS_LIST, 200, 403),
|
||||
Arguments.of("/v1/retention?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_RETENTION, 200, 403),
|
||||
Arguments.of("/v1/joinAddresses", WebPermission.PAGE_NETWORK_RETENTION, 200, 403),
|
||||
Arguments.of("/v1/joinAddresses?listOnly=true", WebPermission.PAGE_NETWORK_JOIN_ADDRESSES_GRAPHS_TIME, 200, 403),
|
||||
Arguments.of("/v1/joinAddresses?server=" + TestConstants.SERVER_UUID_STRING + "", WebPermission.PAGE_SERVER_RETENTION, 200, 403),
|
||||
Arguments.of("/v1/joinAddresses?server=" + TestConstants.SERVER_UUID_STRING + "&listOnly=true", WebPermission.PAGE_SERVER_JOIN_ADDRESSES_GRAPHS_TIME, 200, 403),
|
||||
Arguments.of("/network", WebPermission.ACCESS_NETWORK, 302, 403),
|
||||
Arguments.of("/v1/network/overview", WebPermission.PAGE_NETWORK_OVERVIEW_NUMBERS, 200, 403),
|
||||
Arguments.of("/v1/network/servers", WebPermission.PAGE_NETWORK_SERVER_LIST, 200, 403),
|
||||
|
Loading…
Reference in New Issue
Block a user