161 lines
6.0 KiB
C#
161 lines
6.0 KiB
C#
using RelayServer.Models;
|
|
using SurrealDb.Net;
|
|
|
|
namespace RelayServer.Services.Data;
|
|
|
|
public sealed class PermissionService
|
|
{
|
|
private readonly SurrealDbClient _db;
|
|
|
|
public PermissionService(SurrealDbClient db)
|
|
{
|
|
_db = db;
|
|
}
|
|
|
|
public async Task<bool> CanSendMessagesAsync(string username, string channelId)
|
|
{
|
|
if (await IsOwnerOrAdminAsync(username))
|
|
return true;
|
|
|
|
if (await IsChannelReadOnlyAsync(channelId))
|
|
return false;
|
|
|
|
return await HasPermissionAsync(username, channelId, PermissionFlags.SendMessages);
|
|
}
|
|
|
|
public async Task<bool> CanManageChannelsAsync(string username) =>
|
|
await IsOwnerOrAdminAsync(username) ||
|
|
await HasGlobalPermissionAsync(username, PermissionFlags.ManageChannels);
|
|
|
|
public async Task<bool> CanManageMessagesAsync(string username, string channelId) =>
|
|
await IsOwnerOrAdminAsync(username) ||
|
|
await HasPermissionAsync(username, channelId, PermissionFlags.ManageMessages);
|
|
|
|
public async Task<bool> IsAdministratorAsync(string username) =>
|
|
await IsOwnerOrAdminAsync(username);
|
|
|
|
public async Task<bool> CanViewChannelAsync(string username, string channelId)
|
|
{
|
|
if (await IsOwnerOrAdminAsync(username)) return true;
|
|
return !await IsDeniedByChannelAsync(username, channelId, PermissionFlags.ViewChannel);
|
|
}
|
|
|
|
public async Task<bool> CanSpeakAsync(string username, string channelId)
|
|
{
|
|
if (await IsOwnerOrAdminAsync(username)) return true;
|
|
return !await IsDeniedByChannelAsync(username, channelId, PermissionFlags.Speak);
|
|
}
|
|
|
|
public async Task<bool> CanDeleteChannelAsync(string username) =>
|
|
await IsOwnerOrAdminAsync(username) ||
|
|
await HasGlobalPermissionAsync(username, PermissionFlags.ManageChannels) ||
|
|
await HasGlobalPermissionAsync(username, PermissionFlags.DeleteChannel);
|
|
|
|
public async Task<bool> CanEditChannelAsync(string username) =>
|
|
await IsOwnerOrAdminAsync(username) ||
|
|
await HasGlobalPermissionAsync(username, PermissionFlags.ManageChannels) ||
|
|
await HasGlobalPermissionAsync(username, PermissionFlags.EditChannel);
|
|
|
|
private async Task<bool> IsOwnerOrAdminAsync(string username)
|
|
{
|
|
if (await IsServerOwnerAsync(username))
|
|
return true;
|
|
|
|
var roles = await GetUserRolesAsync(username);
|
|
return roles.Any(r => r.Permissions.HasFlag(PermissionFlags.Administrator));
|
|
}
|
|
|
|
private async Task<bool> HasPermissionAsync(
|
|
string username, string channelId, PermissionFlags flag)
|
|
{
|
|
if (await IsOwnerOrAdminAsync(username))
|
|
return true;
|
|
|
|
var userRoles = await GetUserRolesAsync(username);
|
|
if (userRoles.Count == 0) return false;
|
|
|
|
var channelOverrides = await GetChannelPermissionsAsync(channelId);
|
|
var userRoleIds = new HashSet<string>(userRoles.Select(r => GetRecordIdString(r.Id)));
|
|
|
|
foreach (var co in channelOverrides.Where(co => userRoleIds.Contains(co.RoleId)))
|
|
if (co.Deny.HasFlag(flag)) return false;
|
|
|
|
foreach (var co in channelOverrides.Where(co => userRoleIds.Contains(co.RoleId)))
|
|
if (co.Allow.HasFlag(flag)) return true;
|
|
|
|
return userRoles.Any(r => r.Permissions.HasFlag(flag));
|
|
}
|
|
|
|
private async Task<bool> HasGlobalPermissionAsync(string username, PermissionFlags flag)
|
|
{
|
|
var roles = await GetUserRolesAsync(username);
|
|
return roles.Any(r =>
|
|
r.Permissions.HasFlag(PermissionFlags.Administrator) ||
|
|
r.Permissions.HasFlag(flag));
|
|
}
|
|
|
|
private async Task<bool> IsDeniedByChannelAsync(string username, string channelId, PermissionFlags flag)
|
|
{
|
|
var userRoles = await GetUserRolesAsync(username);
|
|
if (userRoles.Count == 0) return false;
|
|
|
|
var channelOverrides = await GetChannelPermissionsAsync(channelId);
|
|
var userRoleIds = new HashSet<string>(userRoles.Select(r => GetRecordIdString(r.Id)));
|
|
|
|
return channelOverrides
|
|
.Where(co => userRoleIds.Contains(co.RoleId))
|
|
.Any(co => co.Deny.HasFlag(flag));
|
|
}
|
|
|
|
private async Task<bool> IsServerOwnerAsync(string username)
|
|
{
|
|
var userId = $"users:{username.ToLower()}";
|
|
var members = await _db.Select<ServerMembers>("server_members");
|
|
return members.Any(m =>
|
|
string.Equals(m.UserId, userId, StringComparison.OrdinalIgnoreCase) &&
|
|
m.IsOwner);
|
|
}
|
|
|
|
private async Task<List<Roles>> GetUserRolesAsync(string username)
|
|
{
|
|
var userId = $"users:{username.ToLower()}";
|
|
|
|
var userRoleLinks = await _db.Select<UserRoles>("user_roles");
|
|
var userRoleIds = userRoleLinks
|
|
.Where(ur => string.Equals(ur.UserId, userId, StringComparison.OrdinalIgnoreCase))
|
|
.Select(ur => ur.RoleId)
|
|
.ToHashSet();
|
|
|
|
if (userRoleIds.Count == 0) return [];
|
|
|
|
var allRoles = await _db.Select<Roles>("roles");
|
|
return allRoles
|
|
.Where(r => userRoleIds.Contains(GetRecordIdString(r.Id)))
|
|
.ToList();
|
|
}
|
|
|
|
private async Task<List<ChannelPermissions>> GetChannelPermissionsAsync(string channelId)
|
|
{
|
|
var all = await _db.Select<ChannelPermissions>("channel_permissions");
|
|
return all.Where(cp => cp.ChannelId == channelId).ToList();
|
|
}
|
|
|
|
private async Task<bool> IsChannelReadOnlyAsync(string channelId)
|
|
{
|
|
var channels = await _db.Select<Channels>("channels");
|
|
var channel = channels.FirstOrDefault(c => GetRecordIdString(c.Id) == channelId);
|
|
return channel?.IsReadOnly ?? false;
|
|
}
|
|
|
|
private static string GetRecordIdString(object? id)
|
|
{
|
|
if (id is null) return string.Empty;
|
|
var json = System.Text.Json.JsonSerializer.Serialize(id);
|
|
using var doc = System.Text.Json.JsonDocument.Parse(json);
|
|
var root = doc.RootElement;
|
|
var recordId = root.GetProperty("Id").GetString() ?? string.Empty;
|
|
var table = root.GetProperty("Table").GetString() ?? string.Empty;
|
|
return $"{table}:{recordId}";
|
|
}
|
|
}
|