Get rid of capturing lambda's in the security system

pupnewfster · pupnewfster · commit 8da0a1f6baca · 2024-04-09T13:25:27.000-05:00
diff --git a/src/api/java/mekanism/api/security/ISecurityUtils.java b/src/api/java/mekanism/api/security/ISecurityUtils.java
@@ -2,6 +2,7 @@
 
 import java.util.ServiceLoader;
 import java.util.UUID;
+import java.util.function.Function;
 import java.util.function.Supplier;
 import mekanism.api.annotations.NothingNullByDefault;
 import net.minecraft.world.entity.player.Player;
@@ -44,6 +45,27 @@ public interface ISecurityUtils {
      */
     boolean canAccess(Player player, Supplier<@Nullable ISecurityObject> securityProvider, Supplier<@Nullable IOwnerObject> ownerProvider);
 
+    /**
+     * Checks if a player can access the given capability provider; validating that protection is enabled in the config. Additionally, this method also checks to see if
+     * operators bypassing security is enabled in the config and if it is, provides access to the player if they are an operator.
+     *
+     * @param player           Player to check access for.
+     * @param provider         The provider to get the capabilities for.
+     * @param securityProvider Supplier to get the security capability to check. Can return {@code null} if there is no security.
+     * @param ownerProvider    Supplier to get the owner capability to check. Can return {@code null} if there is no owner.
+     *
+     * @return {@code true} if the player can access the given provider.
+     *
+     * @implNote This method assumes that if the security is {@link SecurityMode#TRUSTED} and there is a clientside player, then the player can access the
+     * {@link ISecurityObject security object}. This is done because the list of trusted players is not currently synced to all clients.
+     * @see #canAccess(UUID, Supplier, Supplier, boolean)
+     * @see #canAccessObject(Player, ISecurityObject)
+     * @see #canAccessObject(UUID, ISecurityObject, boolean)
+     * @since 10.5.18
+     */
+    <PROVIDER> boolean canAccess(Player player, PROVIDER provider, Function<PROVIDER, @Nullable ISecurityObject> securityProvider,
+          Function<PROVIDER, @Nullable IOwnerObject> ownerProvider);
+
     /**
      * Checks if a player can access the given security object; validating that protection is enabled in the config. Additionally, this method also checks to see if
      * operators bypassing security is enabled in the config and if it is, provides access to the player if they are an operator.
@@ -81,6 +103,28 @@ public interface ISecurityUtils {
      */
     boolean canAccess(@Nullable UUID player, Supplier<@Nullable ISecurityObject> securityProvider, Supplier<@Nullable IOwnerObject> ownerProvider, boolean isClient);
 
+    /**
+     * Checks if a player can access the given capability provider; validating that protection is enabled in the config.
+     *
+     * @param player           Player to check access for.
+     * @param provider         The provider to get the capabilities for.
+     * @param securityProvider Supplier to get the security capability to check. Can return {@code null} if there is no security.
+     * @param ownerProvider    Supplier to get the owner capability to check. Can return {@code null} if there is no owner.
+     * @param isClient         {@code true} if this method is being run clientside.
+     *
+     * @return {@code true} if the player can access the given provider. If the player is {@code null} this will return {@code true} if the provider's security is
+     * {@link SecurityMode#PUBLIC}.
+     *
+     * @implNote This method assumes that if the security is {@link SecurityMode#TRUSTED} and there is a player and {@code isClient} is {@code true}, then the player can
+     * access the {@link ISecurityObject security object}. This is done because the list of trusted players is not currently synced to all clients.
+     * @see #canAccess(Player, Supplier, Supplier)
+     * @see #canAccessObject(Player, ISecurityObject)
+     * @see #canAccessObject(UUID, ISecurityObject, boolean)
+     * @since 10.5.18
+     */
+    <PROVIDER> boolean canAccess(@Nullable UUID player, PROVIDER provider, Function<PROVIDER, @Nullable ISecurityObject> securityProvider,
+          Function<PROVIDER, @Nullable IOwnerObject> ownerProvider, boolean isClient);
+
     /**
      * Checks if a player can access the given security object; validating that protection is enabled in the config.
      *
@@ -134,6 +178,29 @@ public interface ISecurityUtils {
      */
     SecurityMode getSecurityMode(Supplier<@Nullable ISecurityObject> securityProvider, Supplier<@Nullable IOwnerObject> ownerProvider, boolean isClient);
 
+    /**
+     * Gets the "effective" security mode for a given provider. If no provider is given, or it does not expose a {@link ISecurityObject security object}, then the
+     * security will be assumed to be {@link SecurityMode#PUBLIC} <em>unless</em> an {@link IOwnerObject} is exposed, in which case the security will be assumed
+     * {@link SecurityMode#PRIVATE} if protection is enabled.
+     * <br><br>
+     * When a {@link ISecurityObject security object} is exposed; this method is <em>different</em> from just querying {@link ISecurityObject#getSecurityMode()} as this
+     * method takes into account whether protection is disabled in the config and whether the owner of the {@link ISecurityObject} has their security frequency configured
+     * to override the access level of less restrictive {@link ISecurityObject security objects}.
+     *
+     * @param provider         The provider to get the capabilities for.
+     * @param securityProvider Supplier to get the security capability to check. Can return {@code null} if there is no security.
+     * @param ownerProvider    Supplier to get the owner capability to check. Can return {@code null} if there is no owner.
+     * @param isClient         {@code true} if this method is being run clientside.
+     *
+     * @return Effective security mode.
+     *
+     * @implNote If the provider is {@code null} or doesn't expose a {@link ISecurityObject security object}, then the returned mode is {@link SecurityMode#PUBLIC}
+     * @see #getEffectiveSecurityMode(ISecurityObject, boolean)
+     * @since 10.5.18
+     */
+    <PROVIDER> SecurityMode getSecurityMode(PROVIDER provider, Function<PROVIDER, @Nullable ISecurityObject> securityProvider,
+          Function<PROVIDER, @Nullable IOwnerObject> ownerProvider, boolean isClient);
+
     /**
      * Gets the "effective" security mode for a given object. This is <em>different</em> from just querying {@link ISecurityObject#getSecurityMode()} as this method takes
      * into account whether protection is disabled in the config and whether the owner of the {@link ISecurityObject} has their security frequency configured to override
diff --git a/src/api/java/mekanism/api/security/ITypedSecurityUtils.java b/src/api/java/mekanism/api/security/ITypedSecurityUtils.java
@@ -1,6 +1,7 @@
 package mekanism.api.security;
 
 import java.util.UUID;
+import java.util.function.Function;
 import java.util.function.Supplier;
 import mekanism.api.annotations.NothingNullByDefault;
 import net.minecraft.world.entity.player.Player;
@@ -47,6 +48,8 @@ public interface ITypedSecurityUtils<PROVIDER> {
      * @implNote This method assumes that if the security is {@link SecurityMode#TRUSTED} and there is a clientside player, then the player can access the
      * {@link ISecurityObject security object}. This is done because the list of trusted players is not currently synced to all clients.
      * @see #canAccess(UUID, Object, boolean)
+     * @see ISecurityUtils#canAccess(Player, Object, Function, Function)
+     * @see ISecurityUtils#canAccess(UUID, Object, Function, Function, boolean)
      * @see ISecurityUtils#canAccess(Player, Supplier, Supplier)
      * @see ISecurityUtils#canAccess(UUID, Supplier, Supplier, boolean)
      * @see ISecurityUtils#canAccessObject(Player, ISecurityObject)
@@ -58,7 +61,7 @@ default boolean canAccess(Player player, @Nullable PROVIDER provider) {
         if (provider == null) {
             return true;
         }
-        return ISecurityUtils.INSTANCE.canAccess(player, () -> securityCapability(provider), () -> ownerCapability(provider));
+        return ISecurityUtils.INSTANCE.canAccess(player, provider, this::securityCapability, this::ownerCapability);
     }
 
     /**
@@ -74,6 +77,8 @@ default boolean canAccess(Player player, @Nullable PROVIDER provider) {
      * @implNote This method assumes that if the security is {@link SecurityMode#TRUSTED} and there is a player and {@code isClient} is {@code true}, then the player can
      * access the {@link ISecurityObject security object}. This is done because the list of trusted players is not currently synced to all clients.
      * @see #canAccess(Player, Object)
+     * @see ISecurityUtils#canAccess(Player, Object, Function, Function)
+     * @see ISecurityUtils#canAccess(UUID, Object, Function, Function, boolean)
      * @see ISecurityUtils#canAccess(Player, Supplier, Supplier)
      * @see ISecurityUtils#canAccess(UUID, Supplier, Supplier, boolean)
      * @see ISecurityUtils#canAccessObject(Player, ISecurityObject)
@@ -85,7 +90,7 @@ default boolean canAccess(@Nullable UUID player, @Nullable PROVIDER provider, bo
         if (provider == null) {
             return true;
         }
-        return ISecurityUtils.INSTANCE.canAccess(player, () -> securityCapability(provider), () -> ownerCapability(provider), isClient);
+        return ISecurityUtils.INSTANCE.canAccess(player, provider, this::securityCapability, this::ownerCapability, isClient);
     }
 
     /**
@@ -123,13 +128,14 @@ default UUID getOwnerUUID(@Nullable PROVIDER provider) {
      *
      * @implNote If the provider is {@code null} or doesn't expose a {@link ISecurityObject security object}, then the returned mode is {@link SecurityMode#PUBLIC}
      * @see ISecurityUtils#getSecurityMode(Supplier, Supplier, boolean)
+     * @see ISecurityUtils#getSecurityMode(Object, Function, Function, boolean)
      * @see ISecurityUtils#getEffectiveSecurityMode(ISecurityObject, boolean)
      */
     default SecurityMode getSecurityMode(@Nullable PROVIDER provider, boolean isClient) {
         if (provider == null) {
             return SecurityMode.PUBLIC;
         }
-        return ISecurityUtils.INSTANCE.getSecurityMode(() -> securityCapability(provider), () -> ownerCapability(provider), isClient);
+        return ISecurityUtils.INSTANCE.getSecurityMode(provider, this::securityCapability, this::ownerCapability, isClient);
     }
 
     /**
diff --git a/src/main/java/mekanism/client/gui/element/tab/GuiSecurityTab.java b/src/main/java/mekanism/client/gui/element/tab/GuiSecurityTab.java
@@ -159,7 +159,7 @@ public ISecurityObject securityObject() {
 
         SecurityMode securityMode() {
             OBJECT object = objectSupplier.get();
-            return ISecurityUtils.INSTANCE.getSecurityMode(() -> securityProvider.apply(object), () -> ownerProvider.apply(object), true);
+            return ISecurityUtils.INSTANCE.getSecurityMode(object, securityProvider, ownerProvider, true);
         }
     }
 }
diff --git a/src/main/java/mekanism/common/lib/security/BlockSecurityUtils.java b/src/main/java/mekanism/common/lib/security/BlockSecurityUtils.java
@@ -1,5 +1,6 @@
 package mekanism.common.lib.security;
 
+import it.unimi.dsi.fastutil.objects.ObjectOpenHashSet;
 import java.util.Set;
 import java.util.UUID;
 import mekanism.api.annotations.NothingNullByDefault;
@@ -15,7 +16,6 @@
 import net.minecraft.world.level.block.entity.BlockEntity;
 import net.minecraft.world.level.block.state.BlockState;
 import net.neoforged.neoforge.capabilities.BlockCapability;
-import net.neoforged.neoforge.common.util.Lazy;
 import org.jetbrains.annotations.Nullable;
 
 /**
@@ -44,28 +44,43 @@ public BlockCapability<ISecurityObject, Void> securityCapability() {
     @Override
     public boolean canAccess(Player player, Level level, BlockPos pos, @Nullable BlockState state, @Nullable BlockEntity blockEntity) {
         CachingCapabilityLookup lookup = new CachingCapabilityLookup(level, pos, state, blockEntity);
-        return ISecurityUtils.INSTANCE.canAccess(player, lookup::securityCapability, lookup::ownerCapability);
+        return ISecurityUtils.INSTANCE.canAccess(player, lookup, CachingCapabilityLookup::securityCapability, CachingCapabilityLookup::ownerCapability);
     }
 
     @Override
     public boolean canAccess(@Nullable UUID player, Level level, BlockPos pos, @Nullable BlockState state, @Nullable BlockEntity blockEntity) {
         CachingCapabilityLookup lookup = new CachingCapabilityLookup(level, pos, state, blockEntity);
-        return ISecurityUtils.INSTANCE.canAccess(player, lookup::securityCapability, lookup::ownerCapability, level.isClientSide());
+        return ISecurityUtils.INSTANCE.canAccess(player, lookup, CachingCapabilityLookup::securityCapability, CachingCapabilityLookup::ownerCapability, level.isClientSide());
     }
 
     @Override
     public SecurityMode getSecurityMode(Level level, BlockPos pos, @Nullable BlockState state, @Nullable BlockEntity blockEntity) {
         CachingCapabilityLookup lookup = new CachingCapabilityLookup(level, pos, state, blockEntity);
-        return ISecurityUtils.INSTANCE.getSecurityMode(lookup::securityCapability, lookup::ownerCapability, level.isClientSide());
+        return ISecurityUtils.INSTANCE.getSecurityMode(lookup, CachingCapabilityLookup::securityCapability, CachingCapabilityLookup::ownerCapability, level.isClientSide());
     }
 
     public void securityChanged(Set<Player> playersUsing, Level level, BlockPos pos, @Nullable BlockEntity target, SecurityMode old, SecurityMode mode) {
-        SecurityUtils.get().securityChanged(playersUsing, player -> canAccess(player, level, pos, target), old, mode);
+        //If the mode changed and the new security mode is more restrictive than the old one
+        // and there are players using the security object
+        if (!playersUsing.isEmpty() && ISecurityUtils.INSTANCE.moreRestrictive(old, mode)) {
+            //then double check that all the players are actually supposed to be able to access the GUI
+            //Note: We directly store and then query our caching capability lookup so that we don't have to re-look up
+            // the capabilities of the block for each player
+            CachingCapabilityLookup lookup = new CachingCapabilityLookup(level, pos, null, target);
+            for (Player player : new ObjectOpenHashSet<>(playersUsing)) {
+                if (!ISecurityUtils.INSTANCE.canAccess(player, lookup, CachingCapabilityLookup::securityCapability, CachingCapabilityLookup::ownerCapability)) {
+                    //and if they can't then boot them out
+                    player.closeContainer();
+                }
+            }
+        }
     }
 
     /**
      * Used to allow caching the block state and block entity lookup between security capability and owner capability lookup. That way if the block queried does not
      * expose a security capability at the given position we don't have to do more world lookups when querying if the block exposes an owner capability.
+     *
+     * @implNote As this caches the security and owner objects, this is not suitable for persisting between calls.
      */
     private static class CachingCapabilityLookup {
 
@@ -74,12 +89,26 @@ private record BlockTarget(BlockState state, @Nullable BlockEntity blockEntity)
 
         private final Level level;
         private final BlockPos pos;
-        private final Lazy<BlockTarget> lazyTarget;
+        @Nullable
+        private final BlockState knownState;
+        @Nullable
+        private final BlockEntity knownBlockEntity;
+        @Nullable
+        private BlockTarget target;
+        @Nullable
+        private ISecurityObject securityObject;
+        @Nullable
+        private IOwnerObject ownerObject;
 
         CachingCapabilityLookup(Level level, BlockPos pos, @Nullable BlockState knownState, @Nullable BlockEntity knownBlockEntity) {
             this.level = level;
             this.pos = pos;
-            this.lazyTarget = Lazy.of(() -> {
+            this.knownState = knownState;
+            this.knownBlockEntity = knownBlockEntity;
+        }
+
+        private BlockTarget getTarget() {
+            if (target == null) {
                 // Get block state and block entity if they were not provided
                 BlockState state = knownState;
                 BlockEntity blockEntity = knownBlockEntity;
@@ -96,20 +125,27 @@ private record BlockTarget(BlockState state, @Nullable BlockEntity blockEntity)
                 } else if (state == null) {
                     state = blockEntity.getBlockState();
                 }
-                return new BlockTarget(state, blockEntity);
-            });
+                target = new BlockTarget(state, blockEntity);
+            }
+            return target;
         }
 
         @Nullable
         ISecurityObject securityCapability() {
-            BlockTarget blockTarget = lazyTarget.get();
-            return IBlockSecurityUtils.INSTANCE.securityCapability(level, pos, blockTarget.state(), blockTarget.blockEntity());
+            if (securityObject == null) {
+                BlockTarget blockTarget = getTarget();
+                securityObject = IBlockSecurityUtils.INSTANCE.securityCapability(level, pos, blockTarget.state(), blockTarget.blockEntity());
+            }
+            return securityObject;
         }
 
         @Nullable
         IOwnerObject ownerCapability() {
-            BlockTarget blockTarget = lazyTarget.get();
-            return IBlockSecurityUtils.INSTANCE.ownerCapability(level, pos, blockTarget.state(), blockTarget.blockEntity());
+            if (ownerObject == null) {
+                BlockTarget blockTarget = getTarget();
+                ownerObject = IBlockSecurityUtils.INSTANCE.ownerCapability(level, pos, blockTarget.state(), blockTarget.blockEntity());
+            }
+            return ownerObject;
         }
     }
 }
diff --git a/src/main/java/mekanism/common/lib/security/EntitySecurityUtils.java b/src/main/java/mekanism/common/lib/security/EntitySecurityUtils.java
@@ -1,15 +1,18 @@
 package mekanism.common.lib.security;
 
+import it.unimi.dsi.fastutil.objects.ObjectOpenHashSet;
 import java.util.Set;
 import mekanism.api.annotations.NothingNullByDefault;
 import mekanism.api.security.IEntitySecurityUtils;
 import mekanism.api.security.IOwnerObject;
 import mekanism.api.security.ISecurityObject;
+import mekanism.api.security.ISecurityUtils;
 import mekanism.api.security.SecurityMode;
 import mekanism.common.capabilities.Capabilities;
 import net.minecraft.world.entity.Entity;
 import net.minecraft.world.entity.player.Player;
 import net.neoforged.neoforge.capabilities.EntityCapability;
+import org.jetbrains.annotations.Nullable;
 
 /**
  * @apiNote Do not instantiate this class directly as it will be done via the service loader. Instead, access instances of this via {@link IEntitySecurityUtils#INSTANCE}
@@ -35,6 +38,46 @@ public EntityCapability<ISecurityObject, Void> securityCapability() {
     }
 
     public void securityChanged(Set<Player> playersUsing, Entity target, SecurityMode old, SecurityMode mode) {
-        SecurityUtils.get().securityChanged(playersUsing, player -> canAccess(player, target), old, mode);
+        //If the mode changed and the new security mode is more restrictive than the old one
+        // and there are players using the security object
+        if (!playersUsing.isEmpty() && ISecurityUtils.INSTANCE.moreRestrictive(old, mode)) {
+            //then double check that all the players are actually supposed to be able to access the GUI
+            CachingCapabilityLookup lookup = new CachingCapabilityLookup(target);
+            for (Player player : new ObjectOpenHashSet<>(playersUsing)) {
+                if (!ISecurityUtils.INSTANCE.canAccess(player, lookup, CachingCapabilityLookup::securityCapability, CachingCapabilityLookup::ownerCapability)) {
+                    //and if they can't then boot them out
+                    player.closeContainer();
+                }
+            }
+        }
+    }
+
+    private static class CachingCapabilityLookup {
+
+        private final Entity target;
+        @Nullable
+        private ISecurityObject securityObject;
+        @Nullable
+        private IOwnerObject ownerObject;
+
+        public CachingCapabilityLookup(Entity target) {
+            this.target = target;
+        }
+
+        @Nullable
+        ISecurityObject securityCapability() {
+            if (securityObject == null) {
+                securityObject = IEntitySecurityUtils.INSTANCE.securityCapability(target);
+            }
+            return securityObject;
+        }
+
+        @Nullable
+        IOwnerObject ownerCapability() {
+            if (ownerObject == null) {
+                ownerObject = IEntitySecurityUtils.INSTANCE.ownerCapability(target);
+            }
+            return ownerObject;
+        }
     }
 }
diff --git a/src/main/java/mekanism/common/lib/security/SecurityUtils.java b/src/main/java/mekanism/common/lib/security/SecurityUtils.java

Original file line number	Diff line number	Diff line change
`@@ -159,7 +159,7 @@ public ISecurityObject securityObject() {`
`159`	`159`
`160`	`160`	`SecurityMode securityMode() {`
`161`	`161`	`OBJECT object = objectSupplier.get();`
`162`		`- return ISecurityUtils.INSTANCE.getSecurityMode(() -> securityProvider.apply(object), () -> ownerProvider.apply(object), true);`
	`162`	`+ return ISecurityUtils.INSTANCE.getSecurityMode(object, securityProvider, ownerProvider, true);`
`163`	`163`	`}`
`164`	`164`	`}`
`165`	`165`	`}`