From d0dff2c5ae9599382bcb3915dfb6c13533deaaa9 Mon Sep 17 00:00:00 2001 From: James Lu Date: Sun, 22 Oct 2017 00:08:16 -0700 Subject: [PATCH] Move permission enumeration to runtime, fix default perms not applying at startup Closes #542. --- coremods/control.py | 4 --- coremods/permissions.py | 59 ++++++++++++----------------------------- 2 files changed, 17 insertions(+), 46 deletions(-) diff --git a/coremods/control.py b/coremods/control.py index 38e4870..dfafc34 100644 --- a/coremods/control.py +++ b/coremods/control.py @@ -105,10 +105,6 @@ def rehash(): log.debug('rehash: updating console log level') world.console_handler.setLevel(getConsoleLogLevel()) - # Reset permissions. - log.debug('rehash: resetting permissions') - permissions.reset_permissions() - for network, ircobj in world.networkobjects.copy().items(): # Server was removed from the config file, disconnect them. log.debug('rehash: checking if %r is in new conf still.', network) diff --git a/coremods/permissions.py b/coremods/permissions.py index 9ad2504..4026afd 100644 --- a/coremods/permissions.py +++ b/coremods/permissions.py @@ -7,53 +7,22 @@ import threading # Global variables: these store mappings of hostmasks/exttargets to lists of permissions each target has. default_permissions = defaultdict(set) -permissions = defaultdict(set) - -# Only allow one thread to change the permissions index at once. -permissions_lock = threading.Lock() from pylinkirc import conf, utils from pylinkirc.log import log -def reset_permissions(): - """ - Loads the permissions specified in the permissions: block of the PyLink configuration, - if such a block exists. Otherwise, fallback to the default permissions specified by plugins. - """ - with permissions_lock: - global permissions - log.debug('permissions.reset_permissions: old perm list: %s', permissions) - - new_permissions = default_permissions.copy() - log.debug('permissions.reset_permissions: new_permissions %s', new_permissions) - if not conf.conf.get('permissions_merge_defaults', True): - log.debug('permissions.reset_permissions: clearing perm list due to permissions_merge_defaults set False.') - new_permissions.clear() - - # Convert all perm lists to sets. - for k, v in conf.conf.get('permissions', {}).items(): - new_permissions[k] |= set(v) - - log.debug('permissions.reset_permissions: new_permissions %s', new_permissions) - permissions.clear() - permissions.update(new_permissions) - log.debug('permissions.reset_permissions: new perm list: %s', permissions) -resetPermissions = reset_permissions - def add_default_permissions(perms): """Adds default permissions to the index.""" - with permissions_lock: - global default_permissions - for target, permlist in perms.items(): - default_permissions[target] |= set(permlist) + global default_permissions + for target, permlist in perms.items(): + default_permissions[target] |= set(permlist) addDefaultPermissions = add_default_permissions def remove_default_permissions(perms): """Remove default permissions from the index.""" - with permissions_lock: - global default_permissions - for target, permlist in perms.items(): - default_permissions[target] -= set(permlist) + global default_permissions + for target, permlist in perms.items(): + default_permissions[target] -= set(permlist) removeDefaultPermissions = remove_default_permissions def check_permissions(irc, uid, perms, also_show=[]): @@ -68,8 +37,17 @@ def check_permissions(irc, uid, perms, also_show=[]): irc.get_hostmask(uid)) return True - # Iterate over all hostmask->permission list mappings. - for host, permlist in permissions.copy().items(): + permissions = defaultdict(set) + # Enumerate the configured permissions list. + for k, v in (conf.conf.get('permissions') or {}).items(): + permissions[k] |= set(v) + + # Merge in default permissions if enabled. + if conf.conf.get('permissions_merge_defaults', True): + for k, v in default_permissions.items(): + permissions[k] |= v + + for host, permlist in permissions.items(): log.debug('permissions: permlist for %s: %s', host, permlist) if irc.match_host(host, uid): # Now, iterate over all the perms we are looking for. @@ -83,6 +61,3 @@ def check_permissions(irc, uid, perms, also_show=[]): raise utils.NotAuthorizedError("You are missing one of the following permissions: %s" % (', '.join(perms+also_show))) checkPermissions = check_permissions - -# Reset our permissions list on startup. -reset_permissions()