Move security evaluations for File/Echoareas back to model
This commit is contained in:
@@ -360,7 +360,7 @@ class Tic extends FTNBase
|
||||
|
||||
// Validate sender is permitted to write
|
||||
// @todo Send a notification
|
||||
if (! $this->file->filearea->sec_write || ($this->file->fftn->security < $this->file->filearea->sec_write))
|
||||
if (! $this->file->filearea->can_write($this->file->fftn->security))
|
||||
throw new NoWriteSecurityException(sprintf('Node [%s] doesnt have enough security to write to [%s] (%d)',$this->file->fftn->ftn,$this->file->filearea->name,$this->file->fftn->security));
|
||||
|
||||
// If the file create time is blank, we'll take the files
|
||||
|
||||
@@ -52,8 +52,8 @@ class Rescan extends Command
|
||||
throw new \Exception(sprintf('FTN [%s] is not subscribed to [%s]',$ao->ftn,$eao->name));
|
||||
|
||||
// Check that an FTN can read the area
|
||||
if (! $eao->sec_read || ($ao->security < $eao->sec_read))
|
||||
throw new \Exception(sprintf('FTN [%s] doesnt have permission to received [%s]',$ao->ftn,$eao->name));
|
||||
if (! $eao->can_read($ao->security))
|
||||
throw new \Exception(sprintf('FTN [%s] doesnt have permission to receive [%s]',$ao->ftn,$eao->name));
|
||||
|
||||
foreach (Echomail::select('id')
|
||||
->where('echoarea_id',$eao->id)
|
||||
|
||||
@@ -343,7 +343,7 @@ class MessageProcess implements ShouldQueue
|
||||
}
|
||||
|
||||
// Can the system send messages to this area?
|
||||
if (! $ea->sec_write || ($this->pktsrc->security < $ea->sec_write)) {
|
||||
if (! $ea->can_write($this->pktsrc->security)) {
|
||||
Log::alert(sprintf('%s:! FTN [%s] is not allowed to post [%s] to [%s].',self::LOGKEY,$this->pktsrc->ftn,$this->msg->msgid,$ea->name));
|
||||
if (! $this->msg->rescanned->count())
|
||||
Notification::route('netmail',$this->pktsrc)->notify(new EchoareaNoWrite($this->msg));
|
||||
|
||||
@@ -149,7 +149,7 @@ final class Echomail extends Model implements Packet
|
||||
$exportto = ($x=$model
|
||||
->echoarea
|
||||
->addresses
|
||||
->filter(function($item) use ($model) { return $item->security >= $model->echoarea->sec_read; }))
|
||||
->filter(function($item) use ($model) { return $model->echoarea->can_read($item->security); }))
|
||||
->pluck('id')
|
||||
->diff($seenby);
|
||||
|
||||
|
||||
@@ -155,7 +155,7 @@ class File extends Model
|
||||
$exportto = $model
|
||||
->filearea
|
||||
->addresses
|
||||
->filter(function($item) use ($model) { return $item->security >= $model->filearea->sec_read; })
|
||||
->filter(function($item) use ($model) { return $model->filearea->can_read($item->security); })
|
||||
->pluck('id')
|
||||
->diff($seenby);
|
||||
|
||||
|
||||
@@ -7,6 +7,39 @@ namespace App\Traits;
|
||||
|
||||
trait AreaSecurity
|
||||
{
|
||||
/**
|
||||
* Does the security level provide read or write access
|
||||
*
|
||||
* @param int $sec
|
||||
* @return bool
|
||||
*/
|
||||
public function can_access(int $sec): bool
|
||||
{
|
||||
return $this->can_read($sec) || $this->can_write($sec);
|
||||
}
|
||||
|
||||
/**
|
||||
* Does the security level provide read access
|
||||
*
|
||||
* @param int $sec
|
||||
* @return bool
|
||||
*/
|
||||
public function can_read(int $sec): bool
|
||||
{
|
||||
return $this->active && (($sec >= ($x=$this->getSecReadAttribute())) && $x);
|
||||
}
|
||||
|
||||
/**
|
||||
* Does the security level provide write access
|
||||
*
|
||||
* @param int $sec
|
||||
* @return bool
|
||||
*/
|
||||
public function can_write(int $sec): bool
|
||||
{
|
||||
return $this->active && (($sec >= ($x=$this->getSecWriteAttribute())) && $x);
|
||||
}
|
||||
|
||||
public function getSecReadAttribute(): int
|
||||
{
|
||||
return ($this->security>>3) & 0x7;
|
||||
|
||||
Reference in New Issue
Block a user