diff options
author | ElgarL <ElgarL@Palmergames.com> | 2014-03-27 01:50:00 +0000 |
---|---|---|
committer | KHobbits <rob@khobbits.co.uk> | 2014-05-04 12:50:12 +0100 |
commit | 64acdbf99e0c31ea8619f57f9dccd8942041efe3 (patch) | |
tree | 7cd13aad958f72c582431672e86ee136193fc5ee | |
parent | e982d8c8f8802b278934db1275ec00cbff5cffa0 (diff) | |
download | Essentials-64acdbf99e0c31ea8619f57f9dccd8942041efe3.tar Essentials-64acdbf99e0c31ea8619f57f9dccd8942041efe3.tar.gz Essentials-64acdbf99e0c31ea8619f57f9dccd8942041efe3.tar.lz Essentials-64acdbf99e0c31ea8619f57f9dccd8942041efe3.tar.xz Essentials-64acdbf99e0c31ea8619f57f9dccd8942041efe3.zip |
Allow Exceptions in any inherited group to override negation of permissions.
3 files changed, 50 insertions, 11 deletions
diff --git a/EssentialsGroupManager/.project b/EssentialsGroupManager/.project index c0e5a6f5e..7a39e867d 100644 --- a/EssentialsGroupManager/.project +++ b/EssentialsGroupManager/.project @@ -16,7 +16,7 @@ <arguments>
<dictionary>
<key>LaunchConfigHandle</key>
- <value><project>/.externalToolBuilders/GroupManager.launch</value>
+ <value><project>/.externalToolBuilders/GroupManager_Builder.launch</value>
</dictionary>
</arguments>
</buildCommand>
diff --git a/EssentialsGroupManager/src/Changelog.txt b/EssentialsGroupManager/src/Changelog.txt index d30265810..7a7aa45b4 100644 --- a/EssentialsGroupManager/src/Changelog.txt +++ b/EssentialsGroupManager/src/Changelog.txt @@ -222,4 +222,5 @@ v 2.0: - Store worldSelection indexed on the senders name rather than the object (fixes commandblocks using manselect).
- Check subgroup permissions with an equal priority so no one subgroup is higher ranked than another.
- add recursive permission adding/deleting - - Prevent adding sub groups for ranks the granting player doesn't have access to.
\ No newline at end of file + - Prevent adding sub groups for ranks the granting player doesn't have access to.
+ - Allow Exceptions in any inherited group to override negation of permissions.
\ No newline at end of file diff --git a/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java b/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java index 39ad300e0..8f8f4c599 100644 --- a/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java +++ b/EssentialsGroupManager/src/org/anjocaido/groupmanager/permissions/AnjoPermissionsHandler.java @@ -5,6 +5,7 @@ package org.anjocaido.groupmanager.permissions; import java.util.ArrayList; +import java.util.Iterator; import java.util.LinkedHashSet; import java.util.LinkedList; import java.util.List; @@ -13,8 +14,8 @@ import java.util.Set; import org.anjocaido.groupmanager.GroupManager; import org.anjocaido.groupmanager.data.Group; -import org.anjocaido.groupmanager.dataholder.WorldDataHolder; import org.anjocaido.groupmanager.data.User; +import org.anjocaido.groupmanager.dataholder.WorldDataHolder; import org.anjocaido.groupmanager.utils.PermissionCheckResult; import org.bukkit.Bukkit; import org.bukkit.entity.Player; @@ -121,6 +122,7 @@ public class AnjoPermissionsHandler extends PermissionsReaderInterface { public Set<String> getAllPlayersPermissions(String userName, Boolean includeChildren) { Set<String> playerPermArray = new LinkedHashSet<String>(); + Set<String> overrides = new LinkedHashSet<String>(); // Add the players own permissions. playerPermArray.addAll(populatePerms(ph.getUser(userName).getPermissionList(), includeChildren)); @@ -147,18 +149,39 @@ public class AnjoPermissionsHandler extends PermissionsReaderInterface { // Add all group permissions, unless negated by earlier permissions. for (String perm : groupPermArray) { boolean negated = (perm.startsWith("-")); + + // Overridden (Exception) permission defeats negation. + if (perm.startsWith("+")) { + overrides.add(perm.substring(1)); + continue; + } + // Perm doesn't already exists and there is no negation for it // or It's a negated perm where a normal perm doesn't exists (don't allow inheritance to negate higher perms) if ((!negated && !playerPermArray.contains(perm) && !wildcardNegation(playerPermArray, perm)) || (negated && !playerPermArray.contains(perm.substring(1)) && !wildcardNegation(playerPermArray, perm.substring(1)))) playerPermArray.add(perm); - if (perm.startsWith("+") && wildcardNegation(groupPermArray, perm.substring(1))) { - playerPermArray.add(perm.substring(1)); - } } } } + + // Process overridden permissions + + Iterator<String> itr = overrides.iterator(); + + while (itr.hasNext()) { + + String node = itr.next(); + + if (playerPermArray.contains("-" + node)) { + playerPermArray.remove("-" + node); + } + + playerPermArray.add(node); + + } + // Collections.sort(playerPermArray, StringPermissionComparator.getInstance()); return playerPermArray; @@ -1001,17 +1024,34 @@ public class AnjoPermissionsHandler extends PermissionsReaderInterface { if (start == null || targetPermission == null) { return null; } + LinkedList<Group> stack = new LinkedList<Group>(); List<Group> alreadyVisited = new ArrayList<Group>(); + PermissionCheckResult result = new PermissionCheckResult(); + stack.push(start); alreadyVisited.add(start); + + // Set defaults. + result.askedPermission = targetPermission; + result.resultType = PermissionCheckResult.Type.NOTFOUND; + while (!stack.isEmpty()) { Group now = stack.pop(); PermissionCheckResult resultNow = checkGroupOnlyPermission(now, targetPermission); + if (!resultNow.resultType.equals(PermissionCheckResult.Type.NOTFOUND)) { - resultNow.accessLevel = targetPermission; - return resultNow; + + if (resultNow.resultType.equals(PermissionCheckResult.Type.EXCEPTION)) { + resultNow.accessLevel = targetPermission; + return resultNow; + } + + // Negation found so store for later + // as we need to continue looking for an Exception. + result = resultNow; } + for (String sonName : now.getInherits()) { Group son = ph.getGroup(sonName); if (son != null && !alreadyVisited.contains(son)) { @@ -1021,9 +1061,7 @@ public class AnjoPermissionsHandler extends PermissionsReaderInterface { } } } - PermissionCheckResult result = new PermissionCheckResult(); - result.askedPermission = targetPermission; - result.resultType = PermissionCheckResult.Type.NOTFOUND; + return result; } |