Correct Permissions rights

FAForever · Mar 9, 2017 · a308965 · a308965
1 parent 08ac762
commit a308965
Show file tree

Hide file tree

Showing 9 changed files with 43 additions and 33 deletions.
diff --git a/src/main/java/com/faforever/api/config/elide/ElideConfig.java b/src/main/java/com/faforever/api/config/elide/ElideConfig.java
@@ -5,8 +5,8 @@
 import com.faforever.api.data.checks.IsClanLeader;
 import com.faforever.api.data.checks.IsClanMembershipDeletable;
 import com.faforever.api.data.checks.IsOwner;
-import com.faforever.api.data.checks.permission.HasBanInfoCreate;
-import com.faforever.api.data.checks.permission.HasBanInfoRead;
+import com.faforever.api.data.checks.permission.HasBanRead;
+import com.faforever.api.data.checks.permission.HasBanUpdate;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.yahoo.elide.Elide;
 import com.yahoo.elide.audit.Slf4jLogger;
@@ -40,8 +40,8 @@ public Elide elide(EntityManagerFactory entityManagerFactory, ObjectMapper objec
     checks.put(IsOwner.EXPRESSION, IsOwner.Inline.class);
     checks.put(IsClanLeader.EXPRESSION, IsClanLeader.Inline.class);
     checks.put(IsClanMembershipDeletable.EXPRESSION, IsClanMembershipDeletable.Inline.class);
-    checks.put(HasBanInfoRead.EXPRESSION, HasBanInfoRead.Inline.class);
-    checks.put(HasBanInfoCreate.EXPRESSION, HasBanInfoCreate.Inline.class);
+    checks.put(HasBanRead.EXPRESSION, HasBanRead.Inline.class);
+    checks.put(HasBanUpdate.EXPRESSION, HasBanUpdate.Inline.class);
 
     EntityDictionary entityDictionary = new EntityDictionary(checks);
     RSQLFilterDialect rsqlFilterDialect = new RSQLFilterDialect(entityDictionary);

diff --git a/...ata/checks/permission/HasBanInfoRead.java → ...pi/data/checks/permission/HasBanRead.java b/...ata/checks/permission/HasBanInfoRead.java → ...pi/data/checks/permission/HasBanRead.java
@@ -1,11 +1,11 @@
 package com.faforever.api.data.checks.permission;
 
-public class HasBanInfoRead {
+public class HasBanRead {
   public static final String EXPRESSION = "Ban.Read";
 
   public static class Inline extends BasePermission {
     public Inline() {
-      super(HasBanInfoRead.EXPRESSION);
+      super(HasBanRead.EXPRESSION);
     }
   }
 }
diff --git a/...a/checks/permission/HasBanInfoCreate.java → .../data/checks/permission/HasBanUpdate.java b/...a/checks/permission/HasBanInfoCreate.java → .../data/checks/permission/HasBanUpdate.java
@@ -1,11 +1,11 @@
 package com.faforever.api.data.checks.permission;
 
-public class HasBanInfoCreate {
-  public static final String EXPRESSION = "Ban.Create";
+public class HasBanUpdate {
+  public static final String EXPRESSION = "Ban.Update";
 
   public static class Inline extends BasePermission {
     public Inline() {
-      super(HasBanInfoCreate.EXPRESSION);
+      super(HasBanUpdate.EXPRESSION);
     }
   }
 }
diff --git a/src/main/java/com/faforever/api/data/domain/BanInfo.java b/src/main/java/com/faforever/api/data/domain/BanInfo.java
@@ -1,7 +1,7 @@
 package com.faforever.api.data.domain;
 
-import com.faforever.api.data.checks.permission.HasBanInfoCreate;
-import com.faforever.api.data.checks.permission.HasBanInfoRead;
+import com.faforever.api.data.checks.permission.HasBanRead;
+import com.faforever.api.data.checks.permission.HasBanUpdate;
 import com.yahoo.elide.annotation.CreatePermission;
 import com.yahoo.elide.annotation.DeletePermission;
 import com.yahoo.elide.annotation.Include;
@@ -31,9 +31,9 @@
 @Include(rootLevel = true, type = "banInfo")
 // Bans can be never deleted, only disabled over BanDisableData
 @DeletePermission(any = {Role.NONE.class})
-@ReadPermission(expression = HasBanInfoRead.EXPRESSION)
-@CreatePermission(expression = HasBanInfoCreate.EXPRESSION)
-@UpdatePermission(expression = HasBanInfoCreate.EXPRESSION)
+@ReadPermission(expression = HasBanRead.EXPRESSION)
+@CreatePermission(expression = HasBanUpdate.EXPRESSION)
+@UpdatePermission(expression = HasBanUpdate.EXPRESSION)
 @Setter
 public class BanInfo {
 

diff --git a/src/main/java/com/faforever/api/data/domain/BanRevokeData.java b/src/main/java/com/faforever/api/data/domain/BanRevokeData.java
@@ -1,6 +1,12 @@
 package com.faforever.api.data.domain;
 
+import com.faforever.api.data.checks.permission.HasBanRead;
+import com.faforever.api.data.checks.permission.HasBanUpdate;
+import com.yahoo.elide.annotation.CreatePermission;
+import com.yahoo.elide.annotation.DeletePermission;
 import com.yahoo.elide.annotation.Include;
+import com.yahoo.elide.annotation.ReadPermission;
+import com.yahoo.elide.annotation.UpdatePermission;
 import lombok.Setter;
 
 import javax.persistence.Column;
@@ -19,6 +25,10 @@
 @Table(name = "ban_revoke_data")
 @Include(rootLevel = true, type = "banRevokeData")
 @Setter
+@DeletePermission(any = {com.yahoo.elide.security.checks.prefab.Role.NONE.class})
+@ReadPermission(expression = HasBanRead.EXPRESSION)
+@CreatePermission(expression = HasBanUpdate.EXPRESSION)
+@UpdatePermission(expression = HasBanUpdate.EXPRESSION)
 public class BanRevokeData {
   private int id;
   private OffsetDateTime createTime;

diff --git a/src/main/java/com/faforever/api/data/domain/Login.java b/src/main/java/com/faforever/api/data/domain/Login.java
@@ -11,7 +11,6 @@
 import javax.persistence.Inheritance;
 import javax.persistence.InheritanceType;
 import javax.persistence.MappedSuperclass;
-import javax.persistence.OneToOne;
 
 @MappedSuperclass
 @Inheritance(strategy = InheritanceType.JOINED)
@@ -59,9 +58,4 @@ public String getSteamId() {
   public String getUserAgent() {
     return userAgent;
   }
-
-  @OneToOne(mappedBy = "player")
-  public BanInfo getBanInfo() {
-    return banInfo;
-  }
 }
diff --git a/src/main/java/com/faforever/api/data/domain/Player.java b/src/main/java/com/faforever/api/data/domain/Player.java
@@ -17,13 +17,14 @@
 @Table(name = "login")
 @Include(rootLevel = true, type = "player")
 @SharePermission(any = Role.ALL.class) // Needed e.g. to change leader of a clan
-@UpdatePermission(any = Role.ALL.class)
 @Setter
 public class Player extends Login {
 
   private Ladder1v1Rating ladder1v1Rating;
   private GlobalRating globalRating;
   private List<ClanMembership> clanMemberships;
+  private List<BanInfo> bans;
+  private List<BanInfo> createdBans;
 
   @OneToOne(mappedBy = "player")
   public Ladder1v1Rating getLadder1v1Rating() {
@@ -48,4 +49,16 @@ public Clan getClan() {
     }
     return null;
   }
+
+  @OneToMany(mappedBy = "player")
+  @UpdatePermission(any = {Role.ALL.class}) // Permission is managed by BanInfo class
+  public List<BanInfo> getBans() {
+    return this.bans;
+  }
+
+  @OneToMany(mappedBy = "author")
+  @UpdatePermission(any = {Role.ALL.class}) // Permission is managed by BanInfo class
+  public List<BanInfo> getCreatedBans() {
+    return this.createdBans;
+  }
 }
diff --git a/src/main/java/com/faforever/api/security/FafUserDetails.java b/src/main/java/com/faforever/api/security/FafUserDetails.java
@@ -1,13 +1,11 @@
 package com.faforever.api.security;
 
-import com.faforever.api.data.domain.BanInfo;
 import com.faforever.api.data.domain.User;
 import com.faforever.api.permission.PermissionService;
 import lombok.Getter;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
-import java.time.OffsetDateTime;
 import java.util.Collection;
 
 import static java.util.Collections.singletonList;
@@ -24,7 +22,7 @@ public FafUserDetails(User user) {
     this(user.getId(),
         user.getLogin(),
         user.getPassword(),
-        isNonLocked(user.getBanInfo()),
+        true, // TODO use new ban system
         singletonList(new SimpleGrantedAuthority("ROLE_USER")),
         null);
     this.user = user;
@@ -38,11 +36,6 @@ public FafUserDetails(int id, String username, String password,
     this.permissionService = permissionService;
   }
 
-  private static boolean isNonLocked(BanInfo banInfo) {
-    return banInfo == null
-        || banInfo.getExpiresAt().isBefore(OffsetDateTime.now());
-  }
-
   public boolean hasPermission(String permission) {
     if (user != null) {
       return user.hasPermission(permission);

diff --git a/src/test/java/com/faforever/api/data/JsonApiBanIntegrationTest.java b/src/test/java/com/faforever/api/data/JsonApiBanIntegrationTest.java
@@ -4,8 +4,8 @@
 import com.faforever.api.client.ClientType;
 import com.faforever.api.client.OAuthClient;
 import com.faforever.api.client.OAuthClientRepository;
-import com.faforever.api.data.checks.permission.HasBanInfoCreate;
-import com.faforever.api.data.checks.permission.HasBanInfoRead;
+import com.faforever.api.data.checks.permission.HasBanRead;
+import com.faforever.api.data.checks.permission.HasBanUpdate;
 import com.faforever.api.data.domain.BanInfo;
 import com.faforever.api.data.domain.BanType;
 import com.faforever.api.data.domain.Permission;
@@ -176,7 +176,7 @@ public void getBansWithoutPermission() {
   @SneakyThrows
   public void getBansWithPermission() {
     String accessToken = createUserAndGetAccessToken("Dragonfire", "foo");
-    Permission permission = permissionService.createPermission(HasBanInfoRead.EXPRESSION);
+    Permission permission = permissionService.createPermission(HasBanRead.EXPRESSION);
     Role role = permissionService.createRole("TestRole", permission);
     permissionService.assignUserToRole(userRepository.findOneByLoginIgnoreCase(me.getLogin()), role);
 
@@ -215,7 +215,7 @@ public void createBanWithoutPermission() {
   @SneakyThrows
   public void createBanWithPermission() {
     String accessToken = createUserAndGetAccessToken("Dragonfire", "foo");
-    Permission permission = permissionService.createPermission(HasBanInfoCreate.EXPRESSION);
+    Permission permission = permissionService.createPermission(HasBanUpdate.EXPRESSION);
     Role role = permissionService.createRole("TestRole", permission);
     permissionService.assignUserToRole(userRepository.findOneByLoginIgnoreCase(me.getLogin()), role);