From a2ff2df9f35e5d9b7b5dac83f605fa1f6550b540 Mon Sep 17 00:00:00 2001 From: Deon George Date: Sun, 14 Apr 2024 21:16:33 +1000 Subject: [PATCH] Move security evaluations for File/Echoareas back to model --- app/Classes/FTN/Tic.php | 2 +- app/Console/Commands/Areafix/Rescan.php | 4 +-- app/Jobs/MessageProcess.php | 2 +- app/Models/Echomail.php | 2 +- app/Models/File.php | 2 +- app/Traits/AreaSecurity.php | 33 +++++++++++++++++++++++++ resources/views/dashboard.blade.php | 5 ++-- 7 files changed, 42 insertions(+), 8 deletions(-) diff --git a/app/Classes/FTN/Tic.php b/app/Classes/FTN/Tic.php index 1cdcb37..51dacc5 100644 --- a/app/Classes/FTN/Tic.php +++ b/app/Classes/FTN/Tic.php @@ -360,7 +360,7 @@ class Tic extends FTNBase // Validate sender is permitted to write // @todo Send a notification - if (! $this->file->filearea->sec_write || ($this->file->fftn->security < $this->file->filearea->sec_write)) + if (! $this->file->filearea->can_write($this->file->fftn->security)) throw new NoWriteSecurityException(sprintf('Node [%s] doesnt have enough security to write to [%s] (%d)',$this->file->fftn->ftn,$this->file->filearea->name,$this->file->fftn->security)); // If the file create time is blank, we'll take the files diff --git a/app/Console/Commands/Areafix/Rescan.php b/app/Console/Commands/Areafix/Rescan.php index 43187c7..ddd29bb 100644 --- a/app/Console/Commands/Areafix/Rescan.php +++ b/app/Console/Commands/Areafix/Rescan.php @@ -52,8 +52,8 @@ class Rescan extends Command throw new \Exception(sprintf('FTN [%s] is not subscribed to [%s]',$ao->ftn,$eao->name)); // Check that an FTN can read the area - if (! $eao->sec_read || ($ao->security < $eao->sec_read)) - throw new \Exception(sprintf('FTN [%s] doesnt have permission to received [%s]',$ao->ftn,$eao->name)); + if (! $eao->can_read($ao->security)) + throw new \Exception(sprintf('FTN [%s] doesnt have permission to receive [%s]',$ao->ftn,$eao->name)); foreach (Echomail::select('id') ->where('echoarea_id',$eao->id) diff --git a/app/Jobs/MessageProcess.php b/app/Jobs/MessageProcess.php index 7391c6c..1a52360 100644 --- a/app/Jobs/MessageProcess.php +++ b/app/Jobs/MessageProcess.php @@ -343,7 +343,7 @@ class MessageProcess implements ShouldQueue } // Can the system send messages to this area? - if (! $ea->sec_write || ($this->pktsrc->security < $ea->sec_write)) { + if (! $ea->can_write($this->pktsrc->security)) { Log::alert(sprintf('%s:! FTN [%s] is not allowed to post [%s] to [%s].',self::LOGKEY,$this->pktsrc->ftn,$this->msg->msgid,$ea->name)); if (! $this->msg->rescanned->count()) Notification::route('netmail',$this->pktsrc)->notify(new EchoareaNoWrite($this->msg)); diff --git a/app/Models/Echomail.php b/app/Models/Echomail.php index efbc265..6e3ab46 100644 --- a/app/Models/Echomail.php +++ b/app/Models/Echomail.php @@ -149,7 +149,7 @@ final class Echomail extends Model implements Packet $exportto = ($x=$model ->echoarea ->addresses - ->filter(function($item) use ($model) { return $item->security >= $model->echoarea->sec_read; })) + ->filter(function($item) use ($model) { return $model->echoarea->can_read($item->security); })) ->pluck('id') ->diff($seenby); diff --git a/app/Models/File.php b/app/Models/File.php index f949197..5ec2c67 100644 --- a/app/Models/File.php +++ b/app/Models/File.php @@ -155,7 +155,7 @@ class File extends Model $exportto = $model ->filearea ->addresses - ->filter(function($item) use ($model) { return $item->security >= $model->filearea->sec_read; }) + ->filter(function($item) use ($model) { return $model->filearea->can_read($item->security); }) ->pluck('id') ->diff($seenby); diff --git a/app/Traits/AreaSecurity.php b/app/Traits/AreaSecurity.php index dd64e22..2a9128b 100644 --- a/app/Traits/AreaSecurity.php +++ b/app/Traits/AreaSecurity.php @@ -7,6 +7,39 @@ namespace App\Traits; trait AreaSecurity { + /** + * Does the security level provide read or write access + * + * @param int $sec + * @return bool + */ + public function can_access(int $sec): bool + { + return $this->can_read($sec) || $this->can_write($sec); + } + + /** + * Does the security level provide read access + * + * @param int $sec + * @return bool + */ + public function can_read(int $sec): bool + { + return $this->active && (($sec >= ($x=$this->getSecReadAttribute())) && $x); + } + + /** + * Does the security level provide write access + * + * @param int $sec + * @return bool + */ + public function can_write(int $sec): bool + { + return $this->active && (($sec >= ($x=$this->getSecWriteAttribute())) && $x); + } + public function getSecReadAttribute(): int { return ($this->security>>3) & 0x7; diff --git a/resources/views/dashboard.blade.php b/resources/views/dashboard.blade.php index 8c000ac..246412a 100644 --- a/resources/views/dashboard.blade.php +++ b/resources/views/dashboard.blade.php @@ -56,12 +56,12 @@ ->sortBy('name')) as $o) - {{ $o->name }} ({{ $sec=$user->systems->pluck('akas')->flatten()->filter(function($item) use ($o) { return $item->zone->domain_id === $o->id; })->max('security') ?? '-' }})

+ {{ $o->name }} ({{ ($sec=$user->systems->pluck('akas')->flatten()->filter(function($item) use ($o) { return $item->zone->domain_id === $o->id; })->max('security') ?: 0) ?? '-' }})

{{ ($sub=$user->systems->pluck('akas')->flatten()->pluck('echoareas')->flatten()->filter(function($item) use ($o) { return $item->domain_id === $o->id; }))->count() }} Subscribed @foreach ($o->echoareas->sortBy('name') as $eo) - {{ $eo->name }} + {{ $eo->name }} @endforeach @@ -113,6 +113,7 @@ --}} @append + @section('page-scripts') @js('highcharts')