hide recommended version unless visibility is public

Fixes #276
This commit is contained in:
Jake Potrebic 2020-12-20 17:50:14 -08:00
parent 7e4930d1f6
commit 62f3a76011
No known key found for this signature in database
GPG Key ID: 7C58557EC9C421F8
8 changed files with 76 additions and 46 deletions

View File

@ -11,7 +11,7 @@ import org.jdbi.v3.core.enums.EnumByOrdinal;
import java.time.OffsetDateTime;
import java.util.List;
public class ProjectVersionsTable {
public class ProjectVersionsTable implements VisibilityModel {
private long id;
private OffsetDateTime createdAt;

View File

@ -12,7 +12,7 @@ import org.jdbi.v3.core.enums.EnumByOrdinal;
import java.time.OffsetDateTime;
import java.util.Collection;
public class ProjectsTable implements Visitable {
public class ProjectsTable implements Visitable, VisibilityModel {
private long id;
private OffsetDateTime createdAt;

View File

@ -0,0 +1,13 @@
package io.papermc.hangar.db.model;
import io.papermc.hangar.model.Visibility;
import org.jdbi.v3.core.enums.EnumByOrdinal;
public interface VisibilityModel {
@EnumByOrdinal
Visibility getVisibility();
@EnumByOrdinal
void setVisibility(Visibility visibility);
}

View File

@ -23,7 +23,6 @@ import io.papermc.hangar.model.Role;
import io.papermc.hangar.model.generated.ApiSessionResponse;
import io.papermc.hangar.model.generated.SessionType;
import io.papermc.hangar.security.HangarAuthentication;
import io.papermc.hangar.service.project.ProjectService;
import io.papermc.hangar.service.sso.ChangeAvatarToken;
import io.papermc.hangar.util.AuthUtils;
import org.apache.commons.lang3.StringUtils;
@ -68,7 +67,7 @@ public class AuthenticationService extends HangarService {
private final AuthenticationManager authenticationManager;
private final RoleService roleService;
private final PermissionService permissionService;
private final ProjectService projectService;
private final VisibilityService visibilityService;
private final OrgService orgService;
private final RestTemplate restTemplate;
private final ObjectMapper objectMapper;
@ -81,7 +80,7 @@ public class AuthenticationService extends HangarService {
private static final Pattern API_KEY_PATTERN = Pattern.compile("(" + UUID_REGEX + ").(" + UUID_REGEX + ")");
@Autowired
public AuthenticationService(HangarConfig hangarConfig, HangarDao<UserDao> userDao, HangarDao<SessionsDao> sessionsDao, HangarDao<ApiKeyDao> apiKeyDao, HangarDao<ProjectDao> projectDao, AuthenticationManager authenticationManager, RoleService roleService, PermissionService permissionService, ProjectService projectService, OrgService orgService, RestTemplate restTemplate, ObjectMapper objectMapper, HttpServletRequest request, Supplier<Optional<UsersTable>> currentUser) {
public AuthenticationService(HangarConfig hangarConfig, HangarDao<UserDao> userDao, HangarDao<SessionsDao> sessionsDao, HangarDao<ApiKeyDao> apiKeyDao, HangarDao<ProjectDao> projectDao, AuthenticationManager authenticationManager, RoleService roleService, PermissionService permissionService, VisibilityService visibilityService, OrgService orgService, RestTemplate restTemplate, ObjectMapper objectMapper, HttpServletRequest request, Supplier<Optional<UsersTable>> currentUser) {
this.hangarConfig = hangarConfig;
this.userDao = userDao;
this.sessionsDao = sessionsDao;
@ -90,7 +89,7 @@ public class AuthenticationService extends HangarService {
this.authenticationManager = authenticationManager;
this.roleService = roleService;
this.permissionService = permissionService;
this.projectService = projectService;
this.visibilityService = visibilityService;
this.orgService = orgService;
this.restTemplate = restTemplate;
this.objectMapper = objectMapper;
@ -155,11 +154,11 @@ public class AuthenticationService extends HangarService {
Permission projectPermissions;
if (apiScope.getId() != null) {
projectPermissions = permissionService.getProjectPermissions(userId, apiScope.getId());
projectsTable = projectService.checkVisibility(projectDao.get().getById(apiScope.getId()), projectPermissions);
projectsTable = visibilityService.checkVisibility(projectDao.get().getById(apiScope.getId()), projectPermissions);
}
else {
projectPermissions = permissionService.getProjectPermissions(userId, apiScope.getOwner(), apiScope.getSlug());
projectsTable = projectService.checkVisibility(projectDao.get().getBySlug(apiScope.getOwner(), apiScope.getSlug()), projectPermissions);
projectsTable = visibilityService.checkVisibility(projectDao.get().getBySlug(apiScope.getOwner(), apiScope.getSlug()), projectPermissions);
}
if (projectsTable == null) {
throw new HangarApiException(HttpStatus.NOT_FOUND);

View File

@ -9,9 +9,7 @@ import io.papermc.hangar.db.model.ProjectVersionTagsTable;
import io.papermc.hangar.db.model.ProjectVersionVisibilityChangesTable;
import io.papermc.hangar.db.model.ProjectVersionsTable;
import io.papermc.hangar.db.model.ProjectsTable;
import io.papermc.hangar.db.model.UsersTable;
import io.papermc.hangar.exceptions.HangarException;
import io.papermc.hangar.model.Permission;
import io.papermc.hangar.model.Platform;
import io.papermc.hangar.model.TagColor;
import io.papermc.hangar.model.Visibility;
@ -50,20 +48,20 @@ public class VersionService extends HangarService {
private final HangarDao<VisibilityDao> visibilityDao;
private final ProjectService projectService;
private final ChannelService channelService;
private final VisibilityService visibilityService;
private final UserService userService;
private final PermissionService permissionService;
private final HttpServletRequest request;
@Autowired
public VersionService(HangarDao<ProjectVersionDao> versionDao, HangarDao<ProjectDao> projectDao, HangarDao<VisibilityDao> visibilityDao, ProjectService projectService, ChannelService channelService, UserService userService, PermissionService permissionService, HttpServletRequest request) {
public VersionService(HangarDao<ProjectVersionDao> versionDao, HangarDao<ProjectDao> projectDao, HangarDao<VisibilityDao> visibilityDao, ProjectService projectService, ChannelService channelService, VisibilityService visibilityService, UserService userService, HttpServletRequest request) {
this.versionDao = versionDao;
this.projectDao = projectDao;
this.visibilityDao = visibilityDao;
this.projectService = projectService;
this.channelService = channelService;
this.visibilityService = visibilityService;
this.userService = userService;
this.permissionService = permissionService;
this.request = request;
}
@ -102,16 +100,11 @@ public class VersionService extends HangarService {
if (project.getRecommendedVersionId() == null) {
return null;
}
return versionDao.get().getProjectVersion(project.getId(), "", project.getRecommendedVersionId());
return visibilityService.checkVisibility(versionDao.get().getProjectVersion(project.getId(), "", project.getRecommendedVersionId()), ProjectVersionsTable::getProjectId);
}
public ProjectVersionsTable getVersion(long projectId, long versionId) {
Permission perms = permissionService.getProjectPermissions(currentUser.get().map(UsersTable::getId).orElse(-10L), projectId);
ProjectVersionsTable pvt = versionDao.get().getProjectVersion(projectId, "", versionId);
if (!perms.has(Permission.SeeHidden) && !perms.has(Permission.IsProjectMember) && pvt.getVisibility() != Visibility.PUBLIC) {
return null;
}
return pvt;
return visibilityService.checkVisibility(versionDao.get().getProjectVersion(projectId, "", versionId), ProjectVersionsTable::getProjectId);
}
public ProjectVersionsTable getVersion(String author, String slug, long versionId) {
@ -127,7 +120,6 @@ public class VersionService extends HangarService {
versionDao.get().deleteVersion(versionId);
}
public void changeVisibility(VersionData versionData, Visibility visibility, String comment, long userId) {
if (versionData.getV().getVisibility() == visibility) return; // No change

View File

@ -0,0 +1,41 @@
package io.papermc.hangar.service;
import io.papermc.hangar.db.model.UsersTable;
import io.papermc.hangar.db.model.VisibilityModel;
import io.papermc.hangar.model.Permission;
import io.papermc.hangar.model.Visibility;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import java.util.function.Function;
@Service
public class VisibilityService extends HangarService {
private final PermissionService permissionService;
@Autowired
public VisibilityService(PermissionService permissionService) {
this.permissionService = permissionService;
}
@Nullable
public <T extends VisibilityModel> T checkVisibility(@Nullable T model, Function<T, Long> projectIdSupplier) {
if (model == null) {
return null;
}
return checkVisibility(model, permissionService.getProjectPermissions(currentUser.get().map(UsersTable::getId).orElse(-10L), projectIdSupplier.apply(model)));
}
@Nullable
public <T extends VisibilityModel> T checkVisibility(@Nullable T model, Permission permission) {
if (model == null) {
return null;
}
if (!permission.has(Permission.SeeHidden) && !permission.has(Permission.IsProjectMember) && model.getVisibility() != Visibility.PUBLIC) {
return null;
}
return model;
}
}

View File

@ -25,10 +25,10 @@ import io.papermc.hangar.model.viewhelpers.UnhealthyProject;
import io.papermc.hangar.model.viewhelpers.UserRole;
import io.papermc.hangar.service.HangarService;
import io.papermc.hangar.service.PermissionService;
import io.papermc.hangar.service.VisibilityService;
import io.papermc.hangar.service.pluginupload.ProjectFiles;
import io.papermc.hangar.util.RequestUtil;
import io.papermc.hangar.util.Routes;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpStatus;
@ -56,13 +56,14 @@ public class ProjectService extends HangarService {
private final HangarDao<ProjectVersionDao> versionDao;
private final HangarDao<GeneralDao> generalDao;
private final FlagService flagService;
private final VisibilityService visibilityService;
private final PermissionService permissionService;
private final ProjectFiles projectFiles;
private final HttpServletRequest request;
@Autowired
public ProjectService(HangarConfig hangarConfig, HangarDao<ProjectDao> projectDao, HangarDao<UserDao> userDao, HangarDao<VisibilityDao> visibilityDao, HangarDao<ProjectVersionDao> versionDao, HangarDao<GeneralDao> generalDao, ProjectFiles projectFiles, FlagService flagService, PermissionService permissionService, HttpServletRequest request) {
public ProjectService(HangarConfig hangarConfig, HangarDao<ProjectDao> projectDao, HangarDao<UserDao> userDao, HangarDao<VisibilityDao> visibilityDao, HangarDao<ProjectVersionDao> versionDao, HangarDao<GeneralDao> generalDao, ProjectFiles projectFiles, FlagService flagService, VisibilityService visibilityService, PermissionService permissionService, HttpServletRequest request) {
this.hangarConfig = hangarConfig;
this.projectDao = projectDao;
this.userDao = userDao;
@ -71,6 +72,7 @@ public class ProjectService extends HangarService {
this.generalDao = generalDao;
this.projectFiles = projectFiles;
this.flagService = flagService;
this.visibilityService = visibilityService;
this.permissionService = permissionService;
this.request = request;
}
@ -120,10 +122,7 @@ public class ProjectService extends HangarService {
noteCount = messages.size();
}
Map.Entry<String, ProjectVisibilityChangesTable> latestProjectVisibilityChangeWithUser = visibilityDao.get().getLatestProjectVisibilityChange(projectsTable.getId());
ProjectVersionsTable recommendedVersion = null;
if (projectsTable.getRecommendedVersionId() != null) {
recommendedVersion = versionDao.get().getProjectVersion(projectsTable.getId(), "", projectsTable.getRecommendedVersionId());
}
ProjectVersionsTable recommendedVersion = visibilityService.checkVisibility(versionDao.get().getProjectVersion(projectsTable.getId(), "", projectsTable.getRecommendedVersionId()), ProjectVersionsTable::getProjectId);
String iconUrl = Routes.PROJECTS_SHOW_ICON.getRouteUrl(projectsTable.getOwnerName(), projectsTable.getSlug());
long starCount = userDao.get().getProjectStargazers(projectsTable.getId(), 0, null).size();
long watcherCount = userDao.get().getProjectWatchers(projectsTable.getId(), 0, null).size();
@ -168,28 +167,11 @@ public class ProjectService extends HangarService {
}
public ProjectsTable getProjectsTable(long projectId) {
return checkVisibility(projectDao.get().getById(projectId));
return visibilityService.checkVisibility(projectDao.get().getById(projectId), ProjectsTable::getId);
}
public ProjectsTable getProjectsTable(String author, String name) {
return checkVisibility(projectDao.get().getBySlug(author, name));
}
public ProjectsTable checkVisibility(@Nullable ProjectsTable projectsTable) {
if (projectsTable == null) {
return null;
}
return checkVisibility(projectsTable, permissionService.getProjectPermissions(currentUser.get().map(UsersTable::getId).orElse(-10L), projectsTable.getId()));
}
public ProjectsTable checkVisibility(@Nullable ProjectsTable projectsTable, Permission permission) {
if (projectsTable == null) {
return null;
}
if (!permission.has(Permission.SeeHidden) && !permission.has(Permission.IsProjectMember) && projectsTable.getVisibility() != Visibility.PUBLIC) {
return null;
}
return projectsTable;
return visibilityService.checkVisibility(projectDao.get().getBySlug(author, name), ProjectsTable::getId);
}
public void changeVisibility(ProjectsTable project, Visibility newVisibility, String comment) {

View File

@ -16,6 +16,9 @@ Base template for Project overview.
<script nonce="${nonce}">
<#outputformat "JavaScript">
window.PROJECT = ${mapper.valueToTree(p.project)};
<#if !p.recommendedVersion??>
window.PROJECT.recommendedVersionId = null;
</#if>
window.CAN_EDIT_PAGES = ${sp.perms(Permission.EditPage)?c};
</#outputformat>
</script>