Explicit permission checks and more admin bypasses

This commit is contained in:
Svenja Reissaus 2018-08-02 14:55:21 -03:00
parent 85de278dc9
commit 5fe55afc68
18 changed files with 105 additions and 101 deletions

View File

@ -39,18 +39,16 @@ public class CmdBan extends FCommand {
return; return;
} }
// Can the player ban for this faction? // Adds bypass to admins and clean permission check
// Check for ALLOW access as well before we check for role. if (!fme.isAdminBypassing()) {
if (access != Access.ALLOW) { Access access = myFaction.getAccess(fme, PermissableAction.BAN);
if (!Permission.BAN.has(sender, true) || !assertMinRole(Role.MODERATOR)) { if (access != Access.ALLOW && fme.getRole() != Role.ADMIN) {
return; fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "ban");
}
} else {
if (!Permission.BAN.has(sender, true)) {
return; return;
} }
} }
// Good on permission checks. Now lets just ban the player. // Good on permission checks. Now lets just ban the player.
FPlayer target = argAsFPlayer(0); FPlayer target = argAsFPlayer(0);
if (target == null) { if (target == null) {

View File

@ -31,11 +31,14 @@ public class CmdChest extends FCommand {
return; return;
} }
// This permission check is way too explicit but it's clean // This permission check is way too explicit but it's clean
Access access = myFaction.getAccess(fme, PermissableAction.CHEST); if (!fme.isAdminBypassing()) {
if (access != Access.ALLOW && fme.getRole() != Role.ADMIN) { Access access = myFaction.getAccess(fme, PermissableAction.CHEST);
fme.msg(TL.GENERIC_NOPERMISSION, "chest"); if (access != Access.ALLOW && fme.getRole() != Role.ADMIN) {
return; fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "access chest");
return;
}
} }
me.openInventory(fme.getFaction().getChest()); me.openInventory(fme.getFaction().getChest());

View File

@ -37,14 +37,15 @@ public class CmdClaim extends FCommand {
final Faction forFaction = this.argAsFaction(1, myFaction); // Default to own final Faction forFaction = this.argAsFaction(1, myFaction); // Default to own
if (!fme.isAdminBypassing()) { if (!fme.isAdminBypassing()) {
Access access = forFaction.getAccess(fme, PermissableAction.TERRITORY); Access access = myFaction.getAccess(fme, PermissableAction.TERRITORY);
if (access == Access.DENY) { if (access != Access.ALLOW && fme.getRole() != Role.ADMIN) {
fme.msg(TL.GENERIC_NOPERMISSION, "change faction territory!"); fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "change faction territory");
return; return;
} }
} }
if (radius < 1) { if (radius < 1) {
msg(TL.COMMAND_CLAIM_INVALIDRADIUS); msg(TL.COMMAND_CLAIM_INVALIDRADIUS);
return; return;

View File

@ -31,6 +31,13 @@ public class CmdDeinvite extends FCommand {
@Override @Override
public void perform() { public void perform() {
FPlayer you = this.argAsBestFPlayerMatch(0); FPlayer you = this.argAsBestFPlayerMatch(0);
if (!fme.isAdminBypassing()) {
Access access = myFaction.getAccess(fme, PermissableAction.INVITE);
if (access != Access.ALLOW && fme.getRole() != Role.ADMIN) {
fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "manage invites");
return;
}
}
if (you == null) { if (you == null) {
FancyMessage msg = new FancyMessage(TL.COMMAND_DEINVITE_CANDEINVITE.toString()).color(ChatColor.GOLD); FancyMessage msg = new FancyMessage(TL.COMMAND_DEINVITE_CANDEINVITE.toString()).color(ChatColor.GOLD);
for (String id : myFaction.getInvites()) { for (String id : myFaction.getInvites()) {

View File

@ -44,16 +44,13 @@ public class CmdDisband extends FCommand {
boolean isMyFaction = fme != null && faction == myFaction; boolean isMyFaction = fme != null && faction == myFaction;
if (isMyFaction) { if (!fme.isAdminBypassing()) {
if (!assertMinRole(Role.ADMIN)) { Access access = myFaction.getAccess(fme, PermissableAction.DISBAND);
return; if (access != Access.ALLOW && fme.getRole() != Role.ADMIN) {
} fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "disband faction");
} else {
if (!Permission.DISBAND_ANY.has(sender, true)) {
return; return;
} }
} }
if (!faction.isNormal()) { if (!faction.isNormal()) {
msg(TL.COMMAND_DISBAND_IMMUTABLE.toString()); msg(TL.COMMAND_DISBAND_IMMUTABLE.toString());
return; return;

View File

@ -30,15 +30,15 @@ public class CmdFWarp extends FCommand {
@Override @Override
public void perform() { public void perform() {
//TODO: check if in combat. //TODO: check if in combat.
if (!fme.isAdminBypassing()) {
// Check for access first. Access access = myFaction.getAccess(fme, PermissableAction.WARP);
Access access = myFaction.getAccess(fme, PermissableAction.WARP); if (access != Access.ALLOW && fme.getRole() != Role.ADMIN) {
fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "use warps");
if (access == Access.DENY) { return;
fme.msg(TL.GENERIC_NOPERMISSION, "warp"); }
return;
} }
if (args.size() == 0) { if (args.size() == 0) {
WarpGUI warpGUI = new WarpGUI(fme); WarpGUI warpGUI = new WarpGUI(fme);
warpGUI.build(); warpGUI.build();

View File

@ -55,7 +55,6 @@ public class CmdFly extends FCommand {
} }
} }
if (FPlayers.getInstance().getByPlayer(player).isVanished()) { if (FPlayers.getInstance().getByPlayer(player).isVanished()) {
// Actually, vanished players (such as admins) should not display particles to prevent others from knowing their vanished assistance for moderation. // Actually, vanished players (such as admins) should not display particles to prevent others from knowing their vanished assistance for moderation.
// But we can keep it as a config. // But we can keep it as a config.

View File

@ -47,7 +47,7 @@ public class CmdHome extends FCommand {
fme.msg(TL.COMMAND_HOME_TELEPORTDISABLED); fme.msg(TL.COMMAND_HOME_TELEPORTDISABLED);
return; return;
} }
f (!fme.isAdminBypassing()) { if (!fme.isAdminBypassing()) {
Access access = myFaction.getAccess(fme, PermissableAction.HOME); Access access = myFaction.getAccess(fme, PermissableAction.HOME);
if (access != Access.ALLOW && fme.getRole() != Role.ADMIN) { if (access != Access.ALLOW && fme.getRole() != Role.ADMIN) {
fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "teleport home"); fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "teleport home");

View File

@ -50,11 +50,12 @@ public class CmdInvite extends FCommand {
if (!fme.isAdminBypassing()) { if (!fme.isAdminBypassing()) {
Access access = myFaction.getAccess(fme, PermissableAction.INVITE); Access access = myFaction.getAccess(fme, PermissableAction.INVITE);
if (access == Access.DENY || (access == Access.UNDEFINED && !assertMinRole(Role.MODERATOR))) { if (access != Access.ALLOW && fme.getRole() != Role.ADMIN) {
fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "invite"); fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "manage invites");
return; return;
} }
} }
if (myFaction.isInvited(target)) { if (myFaction.isInvited(target)) {
fme.msg(TL.COMMAND_INVITE_ALREADYINVITED, target.getName()); fme.msg(TL.COMMAND_INVITE_ALREADYINVITED, target.getName());
return; return;

View File

@ -38,11 +38,15 @@ public class CmdSetFWarp extends FCommand {
Access access = myFaction.getAccess(fme, PermissableAction.SETWARP); Access access = myFaction.getAccess(fme, PermissableAction.SETWARP);
// This statement allows us to check if they've specifically denied it, or default to // This statement allows us to check if they've specifically denied it, or default to
// the old setting of allowing moderators to set warps. // the old setting of allowing moderators to set warps.
if (access == Access.DENY || (access == Access.UNDEFINED && !assertMinRole(Role.MODERATOR))) { if (!fme.isAdminBypassing()) {
fme.msg(TL.GENERIC_NOPERMISSION, "set warp"); Access access = myFaction.getAccess(fme, PermissableAction.SETWARP);
return; if (access != Access.ALLOW && fme.getRole() != Role.ADMIN) {
fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "set warps");
return;
}
} }
int maxWarps = P.p.getConfig().getInt("max-warps", 5); int maxWarps = P.p.getConfig().getInt("max-warps", 5);
if (maxWarps <= myFaction.getWarps().size()) { if (maxWarps <= myFaction.getWarps().size()) {
fme.msg(TL.COMMAND_SETFWARP_LIMIT, maxWarps); fme.msg(TL.COMMAND_SETFWARP_LIMIT, maxWarps);

View File

@ -40,22 +40,11 @@ public class CmdSethome extends FCommand {
return; return;
} }
Access access = faction.getAccess(fme, PermissableAction.SETHOME); if (!fme.isAdminBypassing()) {
if (access == Access.DENY) { Access access = myFaction.getAccess(fme, PermissableAction.SETHOME);
fme.msg(TL.GENERIC_NOPERMISSION, "sethome"); if (access != Access.ALLOW && fme.getRole() != Role.ADMIN && !Permission.SETHOME_ANY.has(sender, true)) {
return; fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "set home");
} return;
// If player does not have allow run extra permission checks
if (access != Access.ALLOW) {
if (faction == myFaction) {
if (!assertMinRole(Role.MODERATOR)) {
return;
}
} else {
if (!Permission.SETHOME_ANY.has(sender, true)) {
return;
}
} }
} }

View File

@ -36,13 +36,14 @@ public class CmdTnt extends FCommand {
return; return;
} }
Access access = fme.getFaction().getAccess(fme, PermissableAction.TNTBANK); if (!fme.isAdminBypassing()) {
if (access != Access.ALLOW && fme.getRole() != Role.ADMIN) { Access access = myFaction.getAccess(fme, PermissableAction.TNTBANK);
fme.msg(TL.GENERIC_NOPERMISSION, "tntbank"); if (access != Access.ALLOW && fme.getRole() != Role.ADMIN) {
return; fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "use tnt bank");
return;
}
} }
if (args.size() == 2) { if (args.size() == 2) {
if (args.get(0).equalsIgnoreCase("add") || args.get(0).equalsIgnoreCase("a")) { if (args.get(0).equalsIgnoreCase("add") || args.get(0).equalsIgnoreCase("a")) {
int testNumber = -1; int testNumber = -1;

View File

@ -34,12 +34,16 @@ public class CmdTntFill extends FCommand {
@Override @Override
public void perform() { public void perform() {
Access access = fme.getFaction().getAccess(fme, PermissableAction.TNTFILL); if (!fme.isAdminBypassing()) {
if (access.equals(Access.DENY)) { Access access = myFaction.getAccess(fme, PermissableAction.TNTFILL);
fme.msg(TL.GENERIC_NOPERMISSION, "tntfill"); if (access != Access.ALLOW && fme.getRole() != Role.ADMIN) {
fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "use tnt fill");
return;
}
} }
msg(TL.COMMAND_TNTFILL_HEADER); msg(TL.COMMAND_TNTFILL_HEADER);
int radius = argAsInt(0, 16); int radius = argAsInt(0, 16);
int amount = argAsInt(1, 16); int amount = argAsInt(1, 16);

View File

@ -26,21 +26,10 @@ public class CmdUnban extends FCommand {
@Override @Override
public void perform() { public void perform() {
Access access = myFaction.getAccess(fme, PermissableAction.BAN); if (!fme.isAdminBypassing()) {
if (access == Access.DENY) { Access access = myFaction.getAccess(fme, PermissableAction.BAN);
fme.msg(TL.GENERIC_NOPERMISSION, "ban"); if (access != Access.ALLOW && fme.getRole() != Role.ADMIN && !Permission.BAN.has(sender, true)) {
return; fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "manage bans");
}
// Can the player set the home for this faction?
// Check for ALLOW access as well before we check for role.
// TODO: no more duplicate code :(
if (access != Access.ALLOW) {
if (!Permission.BAN.has(sender) && !(assertMinRole(Role.MODERATOR))) {
return;
}
} else {
if (!Permission.BAN.has(sender, true)) {
return; return;
} }
} }

View File

@ -36,15 +36,13 @@ public class CmdUnclaim extends FCommand {
final Faction forFaction = this.argAsFaction(1, myFaction); // Default to own final Faction forFaction = this.argAsFaction(1, myFaction); // Default to own
if (!fme.isAdminBypassing()) { if (!fme.isAdminBypassing()) {
Access access = forFaction.getAccess(fme, PermissableAction.TERRITORY); Access access = myFaction.getAccess(fme, PermissableAction.TERRITORY);
if (access == Access.DENY) { if (access != Access.ALLOW && fme.getRole() != Role.ADMIN) {
fme.msg(TL.GENERIC_NOPERMISSION, "change faction territory!"); fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "manage faction territory");
return; return;
} }
} }
if (radius < 1) { if (radius < 1) {
msg(TL.COMMAND_CLAIM_INVALIDRADIUS); msg(TL.COMMAND_CLAIM_INVALIDRADIUS);
return; return;

View File

@ -38,21 +38,37 @@ public class FPromoteCommand extends FCommand {
return; return;
} }
Access access = myFaction.getAccess(fme.getRole(), PermissableAction.PROMOTE);
// Well this is messy.
if (access == null || access == Access.UNDEFINED) {
if (!assertMinRole(Role.MODERATOR)) {
return;
}
} else if (access == Access.DENY) {
msg(TL.COMMAND_NOACCESS);
return;
}
Role current = target.getRole(); Role current = target.getRole();
Role promotion = Role.getRelative(current, +relative); Role promotion = Role.getRelative(current, +relative);
// Now it ain't that messy
if (!fme.isAdminBypassing()) {
Access access = myFaction.getAccess(fme, PermissableAction.PROMOTE);
if (access != Access.ALLOW && fme.getRole() != Role.ADMIN) {
fme.msg(TL.GENERIC_NOPERMISSION, "manage ranks");
return;
}
if (target == fme) {
fme.msg(TL.COMMAND_PROMOTE_NOTSELF);
return;
}
// Don't allow people to manage role of their same rank
if (fme.getRole() == current) {
fme.msg(TL.COMMAND_PROMOTE_NOT_SAME);
return;
}
// Don't allow people to promote people to their same or higher rank.
if (fme.getRole().value <= promotion.value) {
fme.msg(TL.COMMAND_PROMOTE_NOT_ALLOWED);
return;
}
}
if (promotion == null) {
fme.msg(TL.COMMAND_PROMOTE_NOTTHATPLAYER);
return;
}
if (promotion == null) { if (promotion == null) {
fme.msg(TL.COMMAND_PROMOTE_NOTTHATPLAYER); fme.msg(TL.COMMAND_PROMOTE_NOTTHATPLAYER);
return; return;

View File

@ -79,11 +79,12 @@ public class FactionsBlockListener implements Listener {
return; return;
} }
if (event.getBlock().getType() == Material.LEGACY_MOB_SPAWNER) { if (event.getBlock().getType() == Material.LEGACY_MOB_SPAWNER) {
Access access = fme.getFaction().getAccess(fme, PermissableAction.SPAWNER); if (!fme.isAdminBypassing()) {
if (access.equals(Access.DENY)) { Access access = myFaction.getAccess(fme, PermissableAction.SPAWNER);
fme.msg(TL.GENERIC_NOPERMISSION, "mine spawners"); if (access != Access.ALLOW && fme.getRole() != Role.ADMIN) {
event.setCancelled(true); fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "mine spawners");
return;
}
} }
} }
} }

View File

@ -360,10 +360,6 @@ public class FactionsPlayerListener implements Listener {
return false; return false;
} }
@EventHandler(priority = EventPriority.NORMAL) @EventHandler(priority = EventPriority.NORMAL)
public void onPlayerJoin(PlayerJoinEvent event) { public void onPlayerJoin(PlayerJoinEvent event) {
initPlayer(event.getPlayer()); initPlayer(event.getPlayer());