From: Jeff Halter Date: Mon, 31 Jan 2022 04:59:47 +0000 (-0800) Subject: Initial permission handling refactor X-Git-Url: https://git.r.bdr.sh/rbdr/mobius/commitdiff_plain/a0241c250de01f32eacba2afee3f7d5cea30b8e5 Initial permission handling refactor --- diff --git a/hotline/access.go b/hotline/access.go index 27be157..e2076ad 100644 --- a/hotline/access.go +++ b/hotline/access.go @@ -29,11 +29,11 @@ const ( accessModifyUser = 17 // accessChangeOwnPass = 18 // Documented but unused? //accessSendPrivMsg = 19 // This doesn't do what it seems like it should do. TODO: Investigate - accessNewsReadArt = 20 - accessNewsPostArt = 21 - accessDisconUser = 22 // Toggles red user name in user list - accessCannotBeDiscon = 23 - accessGetClientInfo = 24 + accessNewsReadArt = 20 + accessNewsPostArt = 21 + accessDisconUser = 22 // Toggles red user name in user list + accessCannotBeDiscon = 23 + accessGetClientInfo = 24 //accessUploadAnywhere = 25 //accessAnyName = 26 //accessNoAgreement = 27 @@ -41,19 +41,27 @@ const ( //accessSetFolderComment = 29 //accessViewDropBoxes = 30 //accessMakeAlias = 31 - accessBroadcast = 32 - accessNewsDeleteArt = 33 - accessNewsCreateCat = 34 + accessBroadcast = 32 + accessNewsDeleteArt = 33 + accessNewsCreateCat = 34 //accessNewsDeleteCat = 35 - accessNewsCreateFldr = 36 + accessNewsCreateFldr = 36 //accessNewsDeleteFldr = 37 ) +type accessBitmap [8]byte + +func (bits *accessBitmap) Set(i int) { + bits[i/8] |= 1 << uint(7-i%8) +} + +// authorize checks if 64 bit access slice contain has accessBit set +// TODO: refactor to use accessBitmap type func authorize(access *[]byte, accessBit int) bool { if accessBit == accessAlwaysAllow { return true } - accessBitmap := big.NewInt(int64(binary.BigEndian.Uint64(*access))) + bits := big.NewInt(int64(binary.BigEndian.Uint64(*access))) - return accessBitmap.Bit(63-accessBit) == 1 + return bits.Bit(63-accessBit) == 1 } diff --git a/hotline/transaction_handlers.go b/hotline/transaction_handlers.go index ea6d087..ea46499 100644 --- a/hotline/transaction_handlers.go +++ b/hotline/transaction_handlers.go @@ -273,7 +273,7 @@ var TransactionHandlers = map[uint16]TransactionType{ Handler: HandleSetUser, }, tranUploadFile: { - Access: accessUploadFile, + Access: accessAlwaysAllow, DenyMsg: "You are not allowed to upload files.", Name: "tranUploadFile", Handler: HandleUploadFile, @@ -1323,21 +1323,25 @@ func HandleUploadFolder(cc *ClientConn, t *Transaction) (res []Transaction, err } func HandleUploadFile(cc *ClientConn, t *Transaction) (res []Transaction, err error) { + // TODO: add permission handing for upload folders and drop boxes + if !authorize(cc.Account.Access, accessUploadFile) { + res = append(res, cc.NewErrReply(t, "You are not allowed to upload files.")) + return res, err + } + fileName := t.GetField(fieldFileName).Data filePath := t.GetField(fieldFilePath).Data transactionRef := cc.Server.NewTransactionRef() data := binary.BigEndian.Uint32(transactionRef) - fileTransfer := &FileTransfer{ + cc.Server.FileTransfers[data] = &FileTransfer{ FileName: fileName, FilePath: filePath, ReferenceNumber: transactionRef, Type: FileUpload, } - cc.Server.FileTransfers[data] = fileTransfer - res = append(res, cc.NewReply(t, NewField(fieldRefNum, transactionRef))) return res, err }