Lots of work towards a full permissions system

Potentially unstable and requires more testing. This commit implements a new section of the configuration for specifying permission nodes. APICommand's permission checks have been revamped, all API commands have been converted to the new node-based system, and a frontend permission checker has been implemented.
EthanWaite · Sep 29, 2014 · 39cbcfa · 39cbcfa
1 parent 2350d48
commit 39cbcfa
Show file tree

Hide file tree

Showing 19 changed files with 100 additions and 43 deletions.
diff --git a/resources/config.yml b/resources/config.yml
@@ -48,6 +48,23 @@ log:
   kick: true
   serverchange: true
 
+# Permissions for each group
+permissions:
+  group1: # moderator
+    - dashboard
+    - stats
+    - logs
+    - players
+    - settings.password
+  group2: # admin
+    - console.view
+    - settings.users.list
+    - settings.users.edit
+  group3: # superadmin
+    - console.execute
+    - settings.users.create
+    - settings.users.delete
+
 # Sensitive commands that will never be logged
 hiddencommands:
   - login

diff --git a/resources/web/index.html b/resources/web/index.html
@@ -38,9 +38,9 @@ <h2 class="uuid"></h2>
 				<div class="container">
 					<h1>BungeeWeb</h1>
 					<div class="right">
-						<a href="/dashboard" class="active"><img src="images/dashboard.png" /><span data-lang="dashboard.title"></span></a>
-						<a href="/logs"><img src="images/logs.png" /><span data-lang="logs.title"></span></a>
-						<a href="/players"><img src="images/players.png" /><span data-lang="players.title"></span></a>
+						<a href="/dashboard" data-permission="dashboard" class="active"><img src="images/dashboard.png" /><span data-lang="dashboard.title"></span></a>
+						<a href="/logs" data-permission="logs"><img src="images/logs.png" /><span data-lang="logs.title"></span></a>
+						<a href="/players" data-permission="players"><img src="images/players.png" /><span data-lang="players.title"></span></a>
 						<a href="#dropdown"><img src="images/logout.png" /><span data-lang="dropdown.title"></span></a>
 					</div>
 				</div>
@@ -49,8 +49,8 @@ <h1>BungeeWeb</h1>
 
 		<div class="dropdown container">
 			<div>
-				<a href="/settings" data-lang="settings.title"></a>
-				<a href="/account" data-lang="account.title"></a>
+				<a href="/settings" data-lang="settings.title" data-permission="settings.users.list"></a>
+				<a href="/account" data-lang="account.title" data-permission="settings.password"></a>
 				<a href="/logout" data-lang="general.logout"></a>
 			</div>
 		</div>
@@ -71,7 +71,7 @@ <h1 data-lang="dashboard.latestlogs"> <span></span></h1>
 						</div>
 					</div>
 				</div>
-				<div class="graph" id="graph-dashboard"></div>
+				<div class="graph" id="graph-dashboard" data-permission="stats"></div>
 			</div>
 
 			<div id="logs" class="container">

diff --git a/resources/web/js/client.dashboard.js b/resources/web/js/client.dashboard.js
@@ -113,16 +113,18 @@ pages.dashboard = (function() {
 
 	// Retrieve the statistics for the graph
 	function getStatsData(since, cb) {
-		query('/api/getstats?since=' + since, function(data) {
-			var out = [];
-			for (c in stats) {
-				out.push({
-					name: stats[c],
-					data: data.data[c]
-				});
-			}
-			cb(out, data.increment);
-		});
+		if (hasPermission('stats')) {
+			query('/api/getstats?since=' + since, function(data) {
+				var out = [];
+				for (c in stats) {
+					out.push({
+						name: stats[c],
+						data: data.data[c]
+					});
+				}
+				cb(out, data.increment);
+			});
+		}
 	}
 
 	return {

diff --git a/resources/web/js/client.js b/resources/web/js/client.js
@@ -38,6 +38,7 @@ function updateSession(cb) {
 	query('/api/getsession', function(data) {
 		session = data;
 		if (data.group > 0) {
+			updatePermissions();
 			cb();
 		}else{
 			show($('.login'));
@@ -74,6 +75,13 @@ function updateLang(cb) {
 	}, 'Your language file has incorrect JSON. Please check your JSON formatting and try again.');
 }
 
+// Permission updater
+function updatePermissions() {
+	$('[data-permission]').each(function() {
+		if (!hasPermission($(this).attr('data-permission'))) $(this).hide();
+	});
+}
+
 // Navigation handler
 $('.navbar .right a, .dropdown a').click(function(e) {
 	var href = $(this).attr('href');
@@ -140,9 +148,7 @@ $('.dialog .close').click(function() {
 
 // Initial client loader
 function loadClient() {
-	loadTypes(function() {
-		if (session.group < 2) $('.dropdown a[href="#settings"]').hide();
-
+	loadTypes(function() {		
 		for (page in pages) {
 			if ('load' in pages[page]) {
 				pages[page].load();
@@ -216,6 +222,11 @@ function getFilters(el) {
 	return (filter == '' ? filter : filter.substring(0, filter.length - 1));
 }
 
+// Permission check
+function hasPermission(permission) {
+	return $.inArray(permission, session.permissions) != -1;
+}
+
 // Player dialog
 function showPlayer(uuid) {
 	$('body').css({ 'overflow': 'hidden' });

diff --git a/src/io/github/dead_i/bungeeweb/APICommand.java b/src/io/github/dead_i/bungeeweb/APICommand.java
@@ -9,29 +9,38 @@
 
 public abstract class APICommand {
     private String name;
-    private int permission = 1;
+    private String permission = "";
+    private boolean login = false;
 
     public APICommand(String name) {
         this.name = name;
     }
 
-    public APICommand(String name, int permission) {
+    public APICommand(String name, String permission) {
         this.name = name;
         this.permission = permission;
     }
 
+    public APICommand(String name, boolean login) {
+        this.name = name;
+        this.login = login;
+    }
+
     public String getName() {
         return name;
     }
 
     public boolean hasPermission(HttpServletRequest req) {
-        return hasPermission(req, permission);
+        return !login || hasPermission(req, permission);
     }
 
-    public boolean hasPermission(HttpServletRequest req, int i) {
+    public boolean hasPermission(HttpServletRequest req, String i) {
         Integer group = (Integer) req.getSession().getAttribute("group");
-        if (group == null) group = 0;
-        return (group >= i);
+        if (group == null) {
+            group = 0;
+        }
+
+        return group > 0 && (i.isEmpty() || BungeeWeb.getGroupPermissions(group).contains(permission));
     }
 
     public abstract void execute(Plugin plugin, HttpServletRequest req, HttpServletResponse res, String[] args) throws IOException, SQLException;

diff --git a/src/io/github/dead_i/bungeeweb/BungeeWeb.java b/src/io/github/dead_i/bungeeweb/BungeeWeb.java
@@ -24,11 +24,15 @@
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Properties;
+import java.util.Scanner;
 import java.util.concurrent.TimeUnit;
 
 public class BungeeWeb extends Plugin {
     private static Configuration config;
+    private static Configuration defaultConfig;
     private static DatabaseManager manager;
 
     public void onEnable() {
@@ -48,19 +52,24 @@ public void run() {
 
         // Get configuration
         if (!getDataFolder().exists()) getDataFolder().mkdir();
+        ConfigurationProvider provider = ConfigurationProvider.getProvider(YamlConfiguration.class);
+        InputStream defaultStream = getResourceAsStream("config.yml");
         File configFile = new File(getDataFolder(), "config.yml");
         try {
             if (!configFile.exists()) {
                 configFile.createNewFile();
-                ByteStreams.copy(getResourceAsStream("config.yml"), new FileOutputStream(configFile));
+                ByteStreams.copy(defaultStream, new FileOutputStream(configFile));
                 getLogger().warning("A new configuration file has been created. Please edit config.yml and restart BungeeCord.");
                 return;
             }
-            config = ConfigurationProvider.getProvider(YamlConfiguration.class).load(configFile);
+            config = provider.load(configFile);
         } catch (IOException e) {
             e.printStackTrace();
         }
 
+        // Get default configuration
+        defaultConfig = provider.load(new Scanner(defaultStream, "UTF-8").useDelimiter("\\A").next());
+
         // Setup locales
         setupDirectory("lang");
         setupLocale("en");
@@ -226,6 +235,17 @@ public static ResultSet getLogin(String user, String pass) {
         return null;
     }
 
+    public static List getGroupPermissions(int group) {
+        List<Object> permissions = new ArrayList<Object>();
+
+        for (int i = group; i > 0; i--) {
+            String key = "permissions.group" + i;
+            permissions.addAll(config.getList(key, defaultConfig.getList(key)));
+        }
+
+        return permissions;
+    }
+
     public static int getGroupPower(HttpServletRequest req) {
         int group = (Integer) req.getSession().getAttribute("group");
         if (group >= 3) group++;

diff --git a/src/io/github/dead_i/bungeeweb/api/ChangePassword.java b/src/io/github/dead_i/bungeeweb/api/ChangePassword.java
@@ -1,6 +1,5 @@
 package io.github.dead_i.bungeeweb.api;
 
-import com.google.gson.Gson;
 import io.github.dead_i.bungeeweb.APICommand;
 import io.github.dead_i.bungeeweb.BungeeWeb;
 import net.md_5.bungee.api.plugin.Plugin;
@@ -12,10 +11,8 @@
 import java.sql.SQLException;
 
 public class ChangePassword extends APICommand {
-    private Gson gson = new Gson();
-
     public ChangePassword() {
-        super("changepassword", 1);
+        super("changepassword", "settings.password");
     }
 
     @Override

diff --git a/src/io/github/dead_i/bungeeweb/api/CreateUser.java b/src/io/github/dead_i/bungeeweb/api/CreateUser.java
@@ -12,7 +12,7 @@
 
 public class CreateUser extends APICommand {
     public CreateUser() {
-        super("createuser", 2);
+        super("createuser", "settings.users.create");
     }
 
     @Override

diff --git a/src/io/github/dead_i/bungeeweb/api/DeleteUser.java b/src/io/github/dead_i/bungeeweb/api/DeleteUser.java
@@ -12,7 +12,7 @@
 
 public class DeleteUser extends APICommand {
     public DeleteUser() {
-        super("deleteuser", 2);
+        super("deleteuser", "settings.users.delete");
     }
 
     @Override

diff --git a/src/io/github/dead_i/bungeeweb/api/EditUser.java b/src/io/github/dead_i/bungeeweb/api/EditUser.java
@@ -13,7 +13,7 @@
 
 public class EditUser extends APICommand {
     public EditUser() {
-        super("edituser", 2);
+        super("edituser", "settings.users.edit");
     }
 
     @Override

diff --git a/src/io/github/dead_i/bungeeweb/api/GetLang.java b/src/io/github/dead_i/bungeeweb/api/GetLang.java
@@ -12,7 +12,7 @@
 
 public class GetLang extends APICommand {
     public GetLang() {
-        super("getlang", 0);
+        super("getlang");
     }
 
     @Override

diff --git a/src/io/github/dead_i/bungeeweb/api/GetLogs.java b/src/io/github/dead_i/bungeeweb/api/GetLogs.java
@@ -18,7 +18,7 @@ public class GetLogs extends APICommand {
     private Gson gson = new Gson();
 
     public GetLogs() {
-        super("getlogs", 1);
+        super("getlogs", "logs");
     }
 
     @Override

diff --git a/src/io/github/dead_i/bungeeweb/api/GetServers.java b/src/io/github/dead_i/bungeeweb/api/GetServers.java
@@ -18,7 +18,7 @@ public class GetServers extends APICommand {
     private Gson gson = new Gson();
 
     public GetServers() {
-        super("getservers", 1);
+        super("getservers", "players");
     }
 
     @Override

diff --git a/src/io/github/dead_i/bungeeweb/api/GetSession.java b/src/io/github/dead_i/bungeeweb/api/GetSession.java
@@ -15,7 +15,7 @@ public class GetSession extends APICommand {
     private Gson gson = new Gson();
 
     public GetSession() {
-        super("getsession", 0);
+        super("getsession");
     }
 
     @Override
@@ -30,6 +30,7 @@ public void execute(Plugin plugin, HttpServletRequest req, HttpServletResponse r
             out.put("user", req.getSession().getAttribute("user"));
             out.put("group", group);
             out.put("updatetime", BungeeWeb.getConfig().getInt("server.updatetime", 10));
+            out.put("permissions", BungeeWeb.getGroupPermissions(group));
         }
         out.put("transitions", !BungeeWeb.getConfig().getBoolean("server.disabletransitions"));
 

diff --git a/src/io/github/dead_i/bungeeweb/api/GetStats.java b/src/io/github/dead_i/bungeeweb/api/GetStats.java
@@ -18,7 +18,7 @@ public class GetStats extends APICommand {
     private Gson gson = new Gson();
 
     public GetStats() {
-        super("getstats", 1);
+        super("getstats", "stats");
     }
 
 

diff --git a/src/io/github/dead_i/bungeeweb/api/GetTypes.java b/src/io/github/dead_i/bungeeweb/api/GetTypes.java
@@ -15,7 +15,7 @@ public class GetTypes extends APICommand {
     private Gson gson = new Gson();
 
     public GetTypes() {
-        super("gettypes", 1);
+        super("gettypes", true);
     }
 
     @Override

diff --git a/src/io/github/dead_i/bungeeweb/api/GetUUID.java b/src/io/github/dead_i/bungeeweb/api/GetUUID.java
@@ -13,7 +13,7 @@
 
 public class GetUUID extends APICommand {
     public GetUUID() {
-        super("getuuid", 1);
+        super("getuuid", null);
     }
 
     @Override

diff --git a/src/io/github/dead_i/bungeeweb/api/GetUsers.java b/src/io/github/dead_i/bungeeweb/api/GetUsers.java
@@ -16,7 +16,7 @@ public class GetUsers extends APICommand {
     private Gson gson = new Gson();
 
     public GetUsers() {
-        super("getusers", 2);
+        super("getusers", "settings.users.list");
     }
 
     @Override

diff --git a/src/io/github/dead_i/bungeeweb/api/ListServers.java b/src/io/github/dead_i/bungeeweb/api/ListServers.java
@@ -14,7 +14,7 @@ public class ListServers extends APICommand {
     private Gson gson = new Gson();
 
     public ListServers() {
-        super("listservers", 1);
+        super("listservers", "dashboard");
     }
 
     @Override