Initial permission handling refactor

diff --git a/hotline/access.go b/hotline/access.go
index 27be15796cd7defe2ea724f91a4c132214c23cc3..e2076ad1af4f738b36675ce39cae552f8c91b9e5 100644 (file)
--- a/hotline/access.go
+++ b/hotline/access.go
@@ -29,11 +29,11 @@ const (
        accessModifyUser = 17
        // accessChangeOwnPass    = 18 // Documented but unused?
        //accessSendPrivMsg      = 19 // This doesn't do what it seems like it should do. TODO: Investigate
-       accessNewsReadArt      = 20
-       accessNewsPostArt      = 21
-       accessDisconUser       = 22 // Toggles red user name in user list
-       accessCannotBeDiscon   = 23
-       accessGetClientInfo    = 24
+       accessNewsReadArt    = 20
+       accessNewsPostArt    = 21
+       accessDisconUser     = 22 // Toggles red user name in user list
+       accessCannotBeDiscon = 23
+       accessGetClientInfo  = 24
        //accessUploadAnywhere   = 25
        //accessAnyName          = 26
        //accessNoAgreement      = 27
@@ -41,19 +41,27 @@ const (
        //accessSetFolderComment = 29
        //accessViewDropBoxes    = 30
        //accessMakeAlias        = 31
-       accessBroadcast        = 32
-       accessNewsDeleteArt    = 33
-       accessNewsCreateCat    = 34
+       accessBroadcast     = 32
+       accessNewsDeleteArt = 33
+       accessNewsCreateCat = 34
        //accessNewsDeleteCat    = 35
-       accessNewsCreateFldr   = 36
+       accessNewsCreateFldr = 36
        //accessNewsDeleteFldr   = 37
 )
 
+type accessBitmap [8]byte
+
+func (bits *accessBitmap) Set(i int) {
+       bits[i/8] |= 1 << uint(7-i%8)
+}
+
+// authorize checks if 64 bit access slice contain has accessBit set
+// TODO: refactor to use accessBitmap type
 func authorize(access *[]byte, accessBit int) bool {
        if accessBit == accessAlwaysAllow {
                return true
        }
-       accessBitmap := big.NewInt(int64(binary.BigEndian.Uint64(*access)))
+       bits := big.NewInt(int64(binary.BigEndian.Uint64(*access)))
 
-       return accessBitmap.Bit(63-accessBit) == 1
+       return bits.Bit(63-accessBit) == 1
 }

diff --git a/hotline/transaction_handlers.go b/hotline/transaction_handlers.go
index ea6d087540ec9a03e9fc3071810772f6888dfcf8..ea4649933e26534180831b60df0a8a1ad89e0dd9 100644 (file)
--- a/hotline/transaction_handlers.go
+++ b/hotline/transaction_handlers.go
@@ -273,7 +273,7 @@ var TransactionHandlers = map[uint16]TransactionType{
                Handler: HandleSetUser,
        },
        tranUploadFile: {
-               Access:  accessUploadFile,
+               Access:  accessAlwaysAllow,
                DenyMsg: "You are not allowed to upload files.",
                Name:    "tranUploadFile",
                Handler: HandleUploadFile,
@@ -1323,21 +1323,25 @@ func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err
 }
 
 func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) {
+       // TODO: add permission handing for upload folders and drop boxes
+       if !authorize(cc.Account.Access, accessUploadFile) {
+               res = append(res, cc.NewErrReply(t, "You are not allowed to upload files."))
+               return res, err
+       }
+
        fileName := t.GetField(fieldFileName).Data
        filePath := t.GetField(fieldFilePath).Data
 
        transactionRef := cc.Server.NewTransactionRef()
        data := binary.BigEndian.Uint32(transactionRef)
 
-       fileTransfer := &FileTransfer{
+       cc.Server.FileTransfers[data] = &FileTransfer{
                FileName:        fileName,
                FilePath:        filePath,
                ReferenceNumber: transactionRef,
                Type:            FileUpload,
        }
 
-       cc.Server.FileTransfers[data] = fileTransfer
-
        res = append(res, cc.NewReply(t, NewField(fieldRefNum, transactionRef)))
        return res, err
 }