forked from External/grumble
Return early in GroupMemberCheck.
This commit is contained in:
Mikkel Krautz
parent
1f917dfd8e
commit
fd94729d79
1 changed files with 33 additions and 27 deletions
60
group.go
60
group.go
|
|
@ -131,6 +131,7 @@ func (group *Group) Members() map[int]bool {
|
||||||
//
|
//
|
||||||
// The channel aclchan will always be either equal to current, or be an ancestor.
|
// The channel aclchan will always be either equal to current, or be an ancestor.
|
||||||
func GroupMemberCheck(current *Channel, aclchan *Channel, name string, client *Client) (ok bool) {
|
func GroupMemberCheck(current *Channel, aclchan *Channel, name string, client *Client) (ok bool) {
|
||||||
|
valid := true
|
||||||
invert := false
|
invert := false
|
||||||
token := false
|
token := false
|
||||||
hash := false
|
hash := false
|
||||||
|
|
@ -138,17 +139,17 @@ func GroupMemberCheck(current *Channel, aclchan *Channel, name string, client *C
|
||||||
// Returns the 'correct' return value considering the value
|
// Returns the 'correct' return value considering the value
|
||||||
// of the invert flag.
|
// of the invert flag.
|
||||||
defer func() {
|
defer func() {
|
||||||
if invert {
|
if valid && invert {
|
||||||
ok = !ok
|
ok = !ok
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
|
||||||
member := false
|
|
||||||
channel := current
|
channel := current
|
||||||
|
|
||||||
for {
|
for {
|
||||||
// Empty group name are not valid.
|
// Empty group name are not valid.
|
||||||
if len(name) == 0 {
|
if len(name) == 0 {
|
||||||
|
valid = false
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
// Invert
|
// Invert
|
||||||
|
|
@ -178,40 +179,42 @@ func GroupMemberCheck(current *Channel, aclchan *Channel, name string, client *C
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
|
||||||
// The user is part of this group if the remaining name is part of
|
|
||||||
// his access token list.
|
|
||||||
if token {
|
if token {
|
||||||
|
// The user is part of this group if the remaining name is part of
|
||||||
|
// his access token list.
|
||||||
log.Printf("GroupMemberCheck: Implement token matching")
|
log.Printf("GroupMemberCheck: Implement token matching")
|
||||||
member = false // fixme(mkrautz)
|
return false
|
||||||
|
} else if hash {
|
||||||
// The user is part of this group if the remaining name matches his
|
// The user is part of this group if the remaining name matches his
|
||||||
// cert hash.
|
// cert hash.
|
||||||
} else if hash {
|
|
||||||
log.Printf("GroupMemberCheck: Implement hash matching")
|
log.Printf("GroupMemberCheck: Implement hash matching")
|
||||||
member = false // fixme(mkrautz)
|
return false
|
||||||
// None
|
|
||||||
} else if name == "none" {
|
} else if name == "none" {
|
||||||
member = false
|
// None
|
||||||
// Everyone
|
return false
|
||||||
} else if name == "all" {
|
} else if name == "all" {
|
||||||
member = true
|
// Everyone
|
||||||
|
return true
|
||||||
|
} else if name == "auth" {
|
||||||
// The user is part of the auth group is he is authenticated. That is,
|
// The user is part of the auth group is he is authenticated. That is,
|
||||||
// his UserId is >= 0.
|
// his UserId is >= 0.
|
||||||
} else if name == "auth" {
|
return client.IsRegistered()
|
||||||
member = client.IsRegistered()
|
|
||||||
// The user is part of the strong group if he is authenticated to the server
|
|
||||||
// via a strong certificate (i.e. non-self-signed).
|
|
||||||
} else if name == "strong" {
|
} else if name == "strong" {
|
||||||
|
// The user is part of the strong group if he is authenticated to the server
|
||||||
|
// via a strong certificate (i.e. non-self-signed, trusted by the server's
|
||||||
|
// trusted set of root CAs).
|
||||||
log.Printf("GroupMemberCheck: Implement strong certificate matching")
|
log.Printf("GroupMemberCheck: Implement strong certificate matching")
|
||||||
member = false // fixme(mkrautz)
|
return false
|
||||||
// Is the user in the currently evaluated channel?
|
|
||||||
} else if name == "in" {
|
} else if name == "in" {
|
||||||
member = client.Channel == channel
|
// Is the user in the currently evaluated channel?
|
||||||
// Is the user not in the currently evaluated channel?
|
return client.Channel == channel
|
||||||
} else if name == "out" {
|
} else if name == "out" {
|
||||||
member = client.Channel != channel
|
// Is the user not in the currently evaluated channel?
|
||||||
|
return client.Channel != channel
|
||||||
|
} else if name == "sub" {
|
||||||
// fixme(mkrautz): The sub group implementation below hasn't been thoroughly
|
// fixme(mkrautz): The sub group implementation below hasn't been thoroughly
|
||||||
// tested yet. It might be a bit buggy!
|
// tested yet. It might be a bit buggy!
|
||||||
} else if name == "sub" {
|
|
||||||
// Strip away the "sub," part of the name
|
// Strip away the "sub," part of the name
|
||||||
name = name[4:]
|
name = name[4:]
|
||||||
|
|
||||||
|
|
@ -278,7 +281,7 @@ func GroupMemberCheck(current *Channel, aclchan *Channel, name string, client *C
|
||||||
// This can be either aclchan or current depending on the ~ group operator.
|
// This can be either aclchan or current depending on the ~ group operator.
|
||||||
cofs := indexOf(groupChain, channel)
|
cofs := indexOf(groupChain, channel)
|
||||||
if cofs == -1 {
|
if cofs == -1 {
|
||||||
log.Printf("Invalid chain")
|
valid = false
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -286,6 +289,7 @@ func GroupMemberCheck(current *Channel, aclchan *Channel, name string, client *C
|
||||||
cofs += minpath
|
cofs += minpath
|
||||||
// Check that the minpath parameter that was given is a valid index for groupChain.
|
// Check that the minpath parameter that was given is a valid index for groupChain.
|
||||||
if cofs >= len(groupChain) {
|
if cofs >= len(groupChain) {
|
||||||
|
valid = false
|
||||||
return false
|
return false
|
||||||
} else if cofs < 0 {
|
} else if cofs < 0 {
|
||||||
cofs = 0
|
cofs = 0
|
||||||
|
|
@ -302,10 +306,10 @@ func GroupMemberCheck(current *Channel, aclchan *Channel, name string, client *C
|
||||||
mindepth := cofs + mindesc
|
mindepth := cofs + mindesc
|
||||||
maxdepth := cofs + maxdesc
|
maxdepth := cofs + maxdesc
|
||||||
pdepth := len(playerChain) - 1
|
pdepth := len(playerChain) - 1
|
||||||
member = pdepth >= mindepth && pdepth <= maxdepth
|
return pdepth >= mindepth && pdepth <= maxdepth
|
||||||
|
|
||||||
// Non-magic groups
|
|
||||||
} else {
|
} else {
|
||||||
|
// Non-magic groups
|
||||||
groups := []*Group{}
|
groups := []*Group{}
|
||||||
|
|
||||||
iter := channel
|
iter := channel
|
||||||
|
|
@ -327,17 +331,19 @@ func GroupMemberCheck(current *Channel, aclchan *Channel, name string, client *C
|
||||||
iter = iter.parent
|
iter = iter.parent
|
||||||
}
|
}
|
||||||
|
|
||||||
|
isMember := false
|
||||||
for _, group := range groups {
|
for _, group := range groups {
|
||||||
if group.AddContains(client.UserId()) || group.TemporaryContains(client.UserId()) || group.TemporaryContains(-int(client.Session)) {
|
if group.AddContains(client.UserId()) || group.TemporaryContains(client.UserId()) || group.TemporaryContains(-int(client.Session)) {
|
||||||
member = true
|
isMember = true
|
||||||
}
|
}
|
||||||
if group.RemoveContains(client.UserId()) {
|
if group.RemoveContains(client.UserId()) {
|
||||||
member = false
|
isMember = false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
return isMember
|
||||||
}
|
}
|
||||||
|
|
||||||
return member
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the list of group names in a particular channel.
|
// Get the list of group names in a particular channel.
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue