initial permissions based webfront access implementation

SharedLibraryCore/BaseController.cs

@@ -30,6 +30,7 @@ namespace SharedLibraryCore
         private static string SocialTitle;
         protected readonly DatabaseContext Context;
         protected List<Page> Pages;
+        protected List<string> PermissionsSet;
 
         public BaseController(IManager manager)
         {
@@ -43,7 +44,6 @@ namespace SharedLibraryCore
                 SocialTitle = AppConfig.SocialLinkTitle;
             }
 
-
             Pages = Manager.GetPageList().Pages
                 .Select(page => new Page
                 {
@@ -135,6 +135,11 @@ namespace SharedLibraryCore
                 var claimsIdentity = new ClaimsIdentity(claims, "login");
                 SignInAsync(new ClaimsPrincipal(claimsIdentity)).Wait();
             }
+            
+            if (AppConfig.PermissionSets.ContainsKey(Client.Level.ToString()))
+            {
+                PermissionsSet = AppConfig.PermissionSets[Client.Level.ToString()];
+            }
 
             var communityName = AppConfig.CommunityInformation?.Name;
             var shouldUseCommunityName = !string.IsNullOrWhiteSpace(communityName)
@@ -160,4 +165,4 @@ namespace SharedLibraryCore
             base.OnActionExecuting(context);
         }
     }
-}
+}

SharedLibraryCore/Configuration/ApplicationConfiguration.cs

@@ -115,7 +115,7 @@ namespace SharedLibraryCore.Configuration
 
         [LocalizedDisplayName("WEBFRONT_CONFIGURATION_ENABLE_COLOR_CODES")]
         public bool EnableColorCodes { get; set; }
-
+        
         [ConfigurationIgnore] public string IngameAccentColorKey { get; set; } = "Cyan";
 
         [LocalizedDisplayName("WEBFRONT_CONFIGURATION_AUTOMESSAGE_PERIOD")]
@@ -144,6 +144,16 @@ namespace SharedLibraryCore.Configuration
             TimeSpan.FromDays(30)
         };
 
+        public Dictionary<string, List<string>> PermissionSets { get; set; } = new()
+        {
+            { Permission.Trusted.ToString(), new List<string> { "*" } },
+            { Permission.Moderator.ToString(), new List<string> { "*" } },
+            { Permission.Administrator.ToString(), new List<string> { "*" } },
+            { Permission.SeniorAdmin.ToString(), new List<string> { "*" } },
+            { Permission.Owner.ToString(), new List<string> { "*" } },
+            { Permission.Console.ToString(), new List<string> { "*" } }
+        };
+
         [ConfigurationIgnore]
         [LocalizedDisplayName("WEBFRONT_CONFIGURATION_PRESET_BAN_REASONS")]
         public Dictionary<string, string> PresetPenaltyReasons { get; set; } = new Dictionary<string, string>

SharedLibraryCore/Utilities.cs

@@ -525,6 +525,45 @@ namespace SharedLibraryCore
             return new TimeSpan(1, 0, 0);
         }
 
+        public static bool HasPermission<TEntity, TPermission>(this IEnumerable<string> permissionsSet, TEntity entity,
+            TPermission permission) where TEntity : Enum where TPermission : Enum
+        {
+            return permissionsSet?.Any(raw =>
+            {
+                if (raw == "*")
+                {
+                    return true;
+                }
+                
+                var split = raw.Split(".");
+
+                if (split.Length != 2)
+                {
+                    return false;
+                }
+
+                if (!Enum.TryParse(typeof(TEntity), split[0], out var e))
+                {
+                    return false;
+                }
+
+                if (!Enum.TryParse(typeof(TPermission), split[1], out var p))
+                {
+                    return false;
+                }
+
+                return (e?.Equals(entity) ?? false) && (p?.Equals(permission) ?? false);
+            }) ?? false;
+        }
+
+        public static bool HasPermission<TEntity, TPermission>(this ApplicationConfiguration appConfig,
+            Permission permissionLevel, TEntity entity,
+            TPermission permission) where TEntity : Enum where TPermission : Enum
+        {
+            return appConfig.PermissionSets.ContainsKey(permissionLevel.ToString()) &&
+                   HasPermission(appConfig.PermissionSets[permissionLevel.ToString()], entity, permission);
+        }
+
         /// <summary>
         ///     returns a list of penalty types that should be shown across all profiles
         /// </summary>

WebfrontCore/Controllers/ActionController.cs

@@ -10,6 +10,7 @@ using SharedLibraryCore;
 using SharedLibraryCore.Commands;
 using SharedLibraryCore.Configuration;
 using SharedLibraryCore.Interfaces;
+using WebfrontCore.Permissions;
 using WebfrontCore.ViewModels;
 
 namespace WebfrontCore.Controllers
@@ -314,6 +315,14 @@ namespace WebfrontCore.Controllers
         public async Task<IActionResult> RecentClientsForm()
         {
             var clients = await Manager.GetClientService().GetRecentClients();
+            foreach (var client in clients)
+            {
+                client.IPAddress =
+                    _appConfig.HasPermission(Client.Level, WebfrontEntity.IPAddress, WebfrontPermission.Read)
+                        ? client.IPAddress
+                        : null;
+            }
+
             return View("~/Views/Shared/Components/Client/_RecentClients.cshtml", clients);
         }
 
@@ -453,4 +462,4 @@ namespace WebfrontCore.Controllers
             })
             .ToDictionary(item => item.Value, item => item.Value);
     }
-}
+}

WebfrontCore/Controllers/Client/ClientController.cs

@@ -7,11 +7,13 @@ using SharedLibraryCore.Interfaces;
 using SharedLibraryCore.QueryHelper;
 using System;
 using System.Collections.Generic;
+using System.ComponentModel;
 using System.Linq;
 using System.Threading;
 using System.Threading.Tasks;
 using Data.Models;
 using Stats.Config;
+using WebfrontCore.Permissions;
 using WebfrontCore.ViewComponents;
 
 namespace WebfrontCore.Controllers
@@ -79,7 +81,7 @@ namespace WebfrontCore.Controllers
                 Level = displayLevel,
                 LevelInt = displayLevelInt,
                 ClientId = client.ClientId,
-                IPAddress = client.IPAddressString,
+                IPAddress = PermissionsSet.HasPermission(WebfrontEntity.IPAddress, WebfrontPermission.Read) ? client.IPAddressString : null,
                 NetworkId = client.NetworkId,
                 Meta = new List<InformationResponse>(),
                 Aliases = client.AliasLink.Children
@@ -90,13 +92,13 @@ namespace WebfrontCore.Controllers
                     .Distinct()
                     .OrderBy(a => a)
                     .ToList(),
-                IPs = client.AliasLink.Children
+                IPs = PermissionsSet.HasPermission(WebfrontEntity.IPAddress, WebfrontPermission.Read) ? client.AliasLink.Children
                     .Where(i => i.IPAddress != null)
                     .OrderByDescending(i => i.DateAdded)
                     .Select(i => i.IPAddress.ConvertIPtoString())
                     .Prepend(client.CurrentAlias.IPAddress.ConvertIPtoString())
                     .Distinct()
-                    .ToList(),
+                    .ToList() : new List<string>(),
                 HasActivePenalty = activePenalties.Any(_penalty => _penalty.Type != EFPenalty.PenaltyType.Flag),
                 Online = Manager.GetActiveClients().FirstOrDefault(c => c.ClientId == client.ClientId) != null,
                 TimeOnline = (DateTime.UtcNow - client.LastConnection).HumanizeForCurrentCulture(),
@@ -191,7 +193,7 @@ namespace WebfrontCore.Controllers
             return View("Find/Index", clientsDto);
         }
 
-        public async Task<IActionResult> Meta(int id, int count, int offset, long? startAt, MetaType? metaFilterType, CancellationToken token)
+        public IActionResult Meta(int id, int count, int offset, long? startAt, MetaType? metaFilterType, CancellationToken token)
         {
             var request = new ClientPaginationRequest
             {
@@ -201,14 +203,15 @@ namespace WebfrontCore.Controllers
                 Before = DateTime.FromFileTimeUtc(startAt ?? DateTime.UtcNow.ToFileTimeUtc())
             };
 
-            var meta = await ProfileMetaListViewComponent.GetClientMeta(_metaService, metaFilterType, Client.Level, request, token);
+            return ViewComponent(typeof(ProfileMetaListViewComponent), new
-
-            if (!meta.Any())
             {
-                return Ok();
+                clientId = request.ClientId,
-            }
+                count = request.Count,
-
+                offset = request.Offset,
-            return View("Components/ProfileMetaList/_List", meta);
+                startAt = request.Before,
+                metaType = metaFilterType,
+                token
+            });
         }
     }
 }

WebfrontCore/Permissions/WebfrontEntity.cs

@@ -0,0 +1,15 @@
+namespace WebfrontCore.Permissions;
+
+public enum WebfrontEntity
+{
+    IPAddress,
+    MetaAliasUpdate
+}
+
+public enum WebfrontPermission
+{
+    Read,
+    Create,
+    Update,
+    Delete
+}

WebfrontCore/ViewComponents/ProfileMetaListViewComponent.cs

@@ -9,16 +9,21 @@ using System.Linq;
 using System.Security.Claims;
 using System.Threading;
 using System.Threading.Tasks;
+using SharedLibraryCore;
+using SharedLibraryCore.Configuration;
+using WebfrontCore.Permissions;
 
 namespace WebfrontCore.ViewComponents
 {
     public class ProfileMetaListViewComponent : ViewComponent
     {
         private readonly IMetaServiceV2 _metaService;
+        private readonly ApplicationConfiguration _appConfig;
 
-        public ProfileMetaListViewComponent(IMetaServiceV2 metaService)
+        public ProfileMetaListViewComponent(IMetaServiceV2 metaService, ApplicationConfiguration appConfig)
         {
             _metaService = metaService;
+            _appConfig = appConfig;
         }
 
         public async Task<IViewComponentResult> InvokeAsync(int clientId, int count, int offset, DateTime? startAt, MetaType? metaType, CancellationToken token)
@@ -39,11 +44,16 @@ namespace WebfrontCore.ViewComponents
             return View("_List", meta);
         }
 
-        public static async Task<IEnumerable<IClientMeta>> GetClientMeta(IMetaServiceV2 metaService, MetaType? metaType,
+        private async Task<IEnumerable<IClientMeta>> GetClientMeta(IMetaServiceV2 metaService, MetaType? metaType,
             EFClient.Permission level, ClientPaginationRequest request, CancellationToken token)
         {
             IEnumerable<IClientMeta> meta = null;
 
+            if (!_appConfig.PermissionSets.TryGetValue(level.ToString(), out var permissionSet))
+            {
+                permissionSet = new List<string>();
+            }
+            
             if (metaType is null or MetaType.All)
             {
                 meta = await metaService.GetRuntimeMeta(request, token);
@@ -51,30 +61,24 @@ namespace WebfrontCore.ViewComponents
 
             else
             {
-                switch (metaType)
+                meta = metaType switch
                 {
-                    case MetaType.Information:
+                    MetaType.Information => await metaService.GetRuntimeMeta<InformationResponse>(request,
-                        meta = await metaService.GetRuntimeMeta<InformationResponse>(request, metaType.Value, token);
+                        metaType.Value, token),
-                        break;
+                    MetaType.AliasUpdate => permissionSet.HasPermission(WebfrontEntity.MetaAliasUpdate, WebfrontPermission.Read) ? await metaService.GetRuntimeMeta<UpdatedAliasResponse>(request,
-                    case MetaType.AliasUpdate:
+                        metaType.Value, token) : new List<IClientMeta>(),
-                        meta = await metaService.GetRuntimeMeta<UpdatedAliasResponse>(request, metaType.Value, token);
+                    MetaType.ChatMessage => await metaService.GetRuntimeMeta<MessageResponse>(request, metaType.Value,
-                        break;
+                        token),
-                    case MetaType.ChatMessage:
+                    MetaType.Penalized => await metaService.GetRuntimeMeta<AdministeredPenaltyResponse>(request,
-                        meta = await metaService.GetRuntimeMeta<MessageResponse>(request, metaType.Value, token);
+                        metaType.Value, token),
-                        break;
+                    MetaType.ReceivedPenalty => await metaService.GetRuntimeMeta<ReceivedPenaltyResponse>(request,
-                    case MetaType.Penalized:
+                        metaType.Value, token),
-                        meta = await metaService.GetRuntimeMeta<AdministeredPenaltyResponse>(request, metaType.Value, token);
+                    MetaType.ConnectionHistory => await metaService.GetRuntimeMeta<ConnectionHistoryResponse>(request,
-                        break;
+                        metaType.Value, token),
-                    case MetaType.ReceivedPenalty:
+                    MetaType.PermissionLevel => await metaService.GetRuntimeMeta<PermissionLevelChangedResponse>(
-                        meta = await metaService.GetRuntimeMeta<ReceivedPenaltyResponse>(request, metaType.Value, token);
+                        request, metaType.Value, token),
-                        break;
+                    _ => meta
-                    case MetaType.ConnectionHistory:
+                };
-                        meta = await metaService.GetRuntimeMeta<ConnectionHistoryResponse>(request, metaType.Value, token);
-                        break;
-                    case MetaType.PermissionLevel:
-                        meta = await metaService.GetRuntimeMeta<PermissionLevelChangedResponse>(request, metaType.Value, token);
-                        break;
-                }
             }
 
             if (level < EFClient.Permission.Trusted)

WebfrontCore/Views/Client/Profile/Meta/_UpdatedAliasResponse.cshtml

@@ -1,5 +1,4 @@
 @using SharedLibraryCore.Dtos.Meta.Responses
-@using SharedLibraryCore
 @model UpdatedAliasResponse
 
 @foreach (var token in Utilities.SplitTranslationTokens("WEBFRONT_PROFILE_META_CONNECT_ALIAS"))