From f03f392cee0e8feae37d5594a2b76cfcdf53cb62 Mon Sep 17 00:00:00 2001
From: blue <blue@macaw.me>
Date: Sat, 15 Mar 2025 00:06:58 +0200
Subject: [PATCH] First permissions restriction

---
 example.config.yml |  4 ++--
 jay.cpp            | 11 ++++++++---
 module/actor.cpp   |  6 +++---
 module/actor.h     |  2 +-
 module/module.cpp  | 15 +++++++++++++--
 module/module.h    |  9 +++++++--
 6 files changed, 34 insertions(+), 13 deletions(-)

diff --git a/example.config.yml b/example.config.yml
index 9f6a4a7..ffe7d50 100644
--- a/example.config.yml
+++ b/example.config.yml
@@ -15,5 +15,5 @@ modules:
     alias: actor
     enabled: true
     permissions:
-      - read: [Owner, User]
-      - write: [Owner]
+      read: [Owner, User]
+      write: [Owner]
diff --git a/jay.cpp b/jay.cpp
index 8001488..b3edb99 100644
--- a/jay.cpp
+++ b/jay.cpp
@@ -10,11 +10,16 @@ static const std::map<
     std::function<
         std::shared_ptr<Module::Module>(
             const std::shared_ptr<Core>&,
-            const std::shared_ptr<Connection>&
+            const std::shared_ptr<Connection>&,
+            const Module::Module::Permissions& permissions
         )
     >
 > moduleNames = {
-    {"actor", [](const std::shared_ptr<Core>& core, const std::shared_ptr<Connection>& connection) { return std::make_shared<Module::Actor>(core, connection); }}
+    {"actor", [](
+        const std::shared_ptr<Core>& core, 
+        const std::shared_ptr<Connection>& connection,
+        const Module::Module::Permissions& permissions
+    ) { return std::make_shared<Module::Actor>(core, connection, permissions); }}
 };
 
 Jay::Jay(const std::string& configPath):
@@ -56,7 +61,7 @@ void Jay::createModules() {
             continue;
 
         core->logger.log(Logger::info, "enabling module " + pair.first, {"Jay"});
-        modules.emplace_back(pair.second(core, connection));
+        modules.emplace_back(pair.second(core, connection, conf.permissions));
         core->router.registerModule(pair.first, modules.back());
     }
 }
diff --git a/module/actor.cpp b/module/actor.cpp
index 4d66b1b..44d5848 100644
--- a/module/actor.cpp
+++ b/module/actor.cpp
@@ -3,8 +3,8 @@
 
 #include "actor.h"
 
-Module::Actor::Actor(const std::shared_ptr<Core>& core, const std::shared_ptr<Connection>& connection):
-    Module(core, connection)
+Module::Actor::Actor(const std::shared_ptr<Core>& core, const std::shared_ptr<Connection>& connection, const Permissions& permissions):
+    Module(core, connection, permissions)
 {}
 
 Module::Actor::~Actor() noexcept {}
@@ -13,7 +13,7 @@ void Module::Actor::message(const std::shared_ptr<::Actor>& actor, const Module:
     std::string result;
 
     if (args.front() == "list")
-        result = list();
+        result = hasPermission("read", actor) ? list() : "Can not tell you that";
 
     if (!result.empty())
         connection->send(actor->jid, result);
diff --git a/module/actor.h b/module/actor.h
index d4e3b8d..ef89150 100644
--- a/module/actor.h
+++ b/module/actor.h
@@ -9,7 +9,7 @@ namespace Module {
 
 class Actor : public Module {
 public:
-    Actor(const std::shared_ptr<Core>& core, const std::shared_ptr<Connection>& connection);
+    Actor(const std::shared_ptr<Core>& core, const std::shared_ptr<Connection>& connection, const Permissions& permissions);
     ~Actor() noexcept;
 
     virtual void message(const std::shared_ptr<::Actor>& actor, const Tokens& args) override;
diff --git a/module/module.cpp b/module/module.cpp
index 07ed4ca..56815ff 100644
--- a/module/module.cpp
+++ b/module/module.cpp
@@ -3,13 +3,24 @@
 
 #include "module.h"
 
+#include <algorithm>
+
 #include "gloox/message.h"
 
-Module::Module::Module(const std::shared_ptr<Core>& core, const std::shared_ptr<Connection>& connection):
+Module::Module::Module(const std::shared_ptr<Core>& core, const std::shared_ptr<Connection>& connection, const Permissions& permissions):
     core(core),
-    connection(connection)
+    connection(connection),
+    permissions(permissions)
 {}
 
+bool Module::Module::hasPermission(const std::string& permission, const std::shared_ptr<::Actor>& actor) const {
+    Permissions::const_iterator itr = permissions.find(permission);
+    if (itr == permissions.end())
+        return false;
+
+    return std::find(itr->second.begin(), itr->second.end(), actor->getGroup()) != itr->second.end();    
+}
+
 Module::Module::~Module() noexcept {}
 
 std::vector<std::string> Module::Module::split(const std::string& string, const std::string& delimiter) {
diff --git a/module/module.h b/module/module.h
index 7cb038b..61a7911 100644
--- a/module/module.h
+++ b/module/module.h
@@ -16,20 +16,25 @@ namespace Module {
 class Module {
 public:
     typedef std::vector<std::string> Tokens;
+    typedef std::vector<std::string> List;
+    typedef std::map<std::string, List> Permissions;
 
 protected:
-    Module(const std::shared_ptr<Core>& core, const std::shared_ptr<Connection>& connection);
+    Module(const std::shared_ptr<Core>& core, const std::shared_ptr<Connection>& connection, const Permissions& permissions);
+
+    bool hasPermission(const std::string& permission, const std::shared_ptr<::Actor>& actor) const;
 
 public:
     virtual ~Module() noexcept;
 
     static Tokens split(const std::string& string, const std::string& delimiter = " ");
 
-    virtual void message(const std::shared_ptr<Actor>& actor, const Tokens& args) = 0;
+    virtual void message(const std::shared_ptr<::Actor>& actor, const Tokens& args) = 0;
 
 protected:
     std::shared_ptr<Core> core;
     std::shared_ptr<Connection> connection;
+    Permissions permissions;
 
 };