From 005a8b050d8e01354f9eb7b46ba4232c341d3c3a Mon Sep 17 00:00:00 2001
From: RaidMax <raidmax@live.com>
Date: Wed, 13 Sep 2023 22:50:37 -0500
Subject: [PATCH] require login for wildcard ip search

---
 .../QueryHelpers/ClientResourceQueryHelper.cs     | 15 +++++++++++----
 .../Controllers/Client/ClientController.cs        |  3 ++-
 .../QueryHelpers/Models/ClientResourceRequest.cs  |  6 ++++--
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/Application/QueryHelpers/ClientResourceQueryHelper.cs b/Application/QueryHelpers/ClientResourceQueryHelper.cs
index acee9f01e..f9bff9388 100644
--- a/Application/QueryHelpers/ClientResourceQueryHelper.cs
+++ b/Application/QueryHelpers/ClientResourceQueryHelper.cs
@@ -8,9 +8,11 @@ using Data.Abstractions;
 using Data.Models;
 using Microsoft.EntityFrameworkCore;
 using SharedLibraryCore;
+using SharedLibraryCore.Configuration;
 using SharedLibraryCore.Dtos;
 using SharedLibraryCore.Helpers;
 using SharedLibraryCore.Interfaces;
+using WebfrontCore.Permissions;
 using WebfrontCore.QueryHelpers.Models;
 using EFClient = Data.Models.Client.EFClient;
 
@@ -18,6 +20,7 @@ namespace IW4MAdmin.Application.QueryHelpers;
 
 public class ClientResourceQueryHelper : IResourceQueryHelper<ClientResourceRequest, ClientResourceResponse>
 {
+    public ApplicationConfiguration _appConfig { get; }
     private readonly IDatabaseContextFactory _contextFactory;
     private readonly IGeoLocationService _geoLocationService;
 
@@ -27,8 +30,10 @@ public class ClientResourceQueryHelper : IResourceQueryHelper<ClientResourceRequ
         public EFAlias Alias { get; set; }
     }
 
-    public ClientResourceQueryHelper(IDatabaseContextFactory contextFactory, IGeoLocationService geoLocationService)
+    public ClientResourceQueryHelper(IDatabaseContextFactory contextFactory, IGeoLocationService geoLocationService,
+        ApplicationConfiguration appConfig)
     {
+        _appConfig = appConfig;
         _contextFactory = contextFactory;
         _geoLocationService = geoLocationService;
     }
@@ -75,7 +80,9 @@ public class ClientResourceQueryHelper : IResourceQueryHelper<ClientResourceRequ
 
         if (!string.IsNullOrWhiteSpace(query.ClientIp))
         {
-            clientAliases = SearchByIp(query, clientAliases);
+            clientAliases = SearchByIp(query, clientAliases,
+                _appConfig.HasPermission(query.RequesterPermission, WebfrontEntity.ClientIPAddress,
+                    WebfrontPermission.Read));
         }
 
         var iqGroupedClientAliases = clientAliases.GroupBy(a => new { a.Client.ClientId, a.Client.LastConnection });
@@ -203,7 +210,7 @@ public class ClientResourceQueryHelper : IResourceQueryHelper<ClientResourceRequ
     }
 
     private static IQueryable<ClientAlias> SearchByIp(ClientResourceRequest query,
-        IQueryable<ClientAlias> clientAliases)
+        IQueryable<ClientAlias> clientAliases, bool canSearchIP)
     {
         var ipString = query.ClientIp.Trim();
         var ipAddress = ipString.ConvertToIP();
@@ -213,7 +220,7 @@ public class ClientResourceQueryHelper : IResourceQueryHelper<ClientResourceRequ
             clientAliases = clientAliases.Where(clientAlias =>
                 clientAlias.Alias.IPAddress != null && clientAlias.Alias.IPAddress == ipAddress);
         }
-        else
+        else if(canSearchIP)
         {
             clientAliases = clientAliases.Where(clientAlias =>
                 EF.Functions.Like(clientAlias.Alias.SearchableIPAddress, $"{ipString}%"));
diff --git a/WebfrontCore/Controllers/Client/ClientController.cs b/WebfrontCore/Controllers/Client/ClientController.cs
index 033774d0e..3f3d85592 100644
--- a/WebfrontCore/Controllers/Client/ClientController.cs
+++ b/WebfrontCore/Controllers/Client/ClientController.cs
@@ -249,7 +249,8 @@ namespace WebfrontCore.Controllers
         {
             ViewBag.Title = Localization["WEBFRONT_SEARCH_RESULTS_TITLE"];
             ViewBag.ClientResourceRequest = request;
-            
+
+            request.RequesterPermission = Client.Level;
             var response = await _clientResourceHelper.QueryResource(request);
             return request.Offset > 0
                 ? PartialView("Find/_AdvancedFindList", response.Results)
diff --git a/WebfrontCore/QueryHelpers/Models/ClientResourceRequest.cs b/WebfrontCore/QueryHelpers/Models/ClientResourceRequest.cs
index d3054ea7d..cc7dec262 100644
--- a/WebfrontCore/QueryHelpers/Models/ClientResourceRequest.cs
+++ b/WebfrontCore/QueryHelpers/Models/ClientResourceRequest.cs
@@ -16,7 +16,9 @@ public class ClientResourceRequest : ClientPaginationRequest
     public EFClient.Permission? ClientLevel { get; set; }
     public Reference.Game? GameName { get; set; }
     public bool IncludeGeolocationData { get; set; } = true;
-
+    
+    public EFClient.Permission RequesterPermission { get; set; } = EFClient.Permission.User;
+    
     public bool HasData => !string.IsNullOrEmpty(ClientName) || !string.IsNullOrEmpty(ClientIp) ||
-                           !string.IsNullOrEmpty(ClientGuid) || ClientLevel is not null || GameName is not null;
+                                                                         !string.IsNullOrEmpty(ClientGuid) || ClientLevel is not null || GameName is not null;
 }