fix(admin): root flags in RequirePermissionsOr & registering admin groups (#700)

Co-authored-by: Michael Wilson <[email protected]>

Author: zonical

managed/CounterStrikeSharp.API.Tests/AdminTests.cs

@@ -85,12 +85,33 @@ public void ShouldAddFlagsAtRuntime()
     [Fact]
     public void ShouldAddPlayerToGroup()
     {
+        // AddPlayerToGroup will create a new AdminData instance here, as "STEAM_0:1:3" does not
+        // exist internally at this stage. Afterwards, AddPlayerToGroup will add "#css/root" as
+        // a group.
         AdminManager.AddPlayerToGroup(new SteamID("STEAM_0:1:3"), "#css/root");
         var adminData = AdminManager.GetPlayerAdminData(new SteamID("STEAM_0:1:3"));
         Assert.NotNull(adminData);
+        Assert.True(adminData.Groups.Any());
         Assert.Equal("#css/root", adminData.Groups.Single());
     }
-    
+
+    [Fact]
+    public void ShouldAddPlayerToGroupAtRuntime()
+    {
+        // Similar to ShouldPlayerAddToGroup, but different in that we create AdminData
+        // manually first, then add the player into the group.
+        // Aimed to resolve an issue raised on Discord by r3troattack.
+
+        AdminManager.CreateAdminData((SteamID)76561197960265999);
+        Assert.False(AdminManager.PlayerInGroup((SteamID)76561197960265999, "#css/root"));
+        AdminManager.AddPlayerToGroup((SteamID)76561197960265999, "#css/root");
+
+        var adminData = AdminManager.GetPlayerAdminData((SteamID)76561197960265999);
+        Assert.NotNull(adminData);
+        Assert.True(adminData.Groups.Any());
+        Assert.Equal("#css/root", adminData.Groups.Single());
+    }
+
     [Fact]
     public void ShouldAddPlayerPermissionOverridesAtRuntime()
     {
@@ -116,4 +137,108 @@ public void ShouldAddCommandPermissionOverridesWithEmpty()
         Assert.True(AdminManager.CommandIsOverriden("runtime_command_b"));
         Assert.False(AdminManager.GetPermissionOverrides("runtime_command_b").Any());
     }
-}
+
+    [Fact]
+    public void ShouldAllowRootFlagInRequiresPermissions()
+    {
+        Assert.False(AdminManager.PlayerHasPermissions((SteamID)76561197960265732, "@css/root"));
+        AdminManager.AddPlayerPermissions((SteamID)76561197960265732, "@css/root");
+        Assert.True(AdminManager.PlayerHasPermissions((SteamID)76561197960265732, "@css/root"));
+
+        var adminData = AdminManager.GetPlayerAdminData((SteamID)76561197960265732);
+        Assert.NotNull(adminData);
+        Assert.True(adminData.DomainHasRootFlag("css"));
+
+        var requirePerms = new RequiresPermissions("@css/ban");
+        Assert.NotNull(requirePerms);
+        Assert.True(requirePerms.CanExecuteCommand((SteamID)76561197960265732));
+    }
+
+    [Fact]
+    public void ShouldRequiresPermissionsPass()
+    {
+        Assert.False(AdminManager.PlayerHasPermissions((SteamID)76561197960265738, "@css/ban"));
+        AdminManager.AddPlayerPermissions((SteamID)76561197960265738, "@css/ban");
+        Assert.True(AdminManager.PlayerHasPermissions((SteamID)76561197960265738, "@css/ban"));
+
+        var requirePerms = new RequiresPermissions("@css/ban");
+        Assert.NotNull(requirePerms);
+        Assert.True(requirePerms.CanExecuteCommand((SteamID)76561197960265738));
+    }
+
+    [Fact]
+    public void ShouldRequiresPermissionsOrPassSameDomain()
+    {
+        Assert.False(AdminManager.PlayerHasPermissions((SteamID)76561197960265739, "@css/ban"));
+        AdminManager.AddPlayerPermissions((SteamID)76561197960265739, "@css/ban");
+        Assert.True(AdminManager.PlayerHasPermissions((SteamID)76561197960265739, "@css/ban"));
+
+        var requirePerms = new RequiresPermissionsOr("@css/ban", "@css/kick");
+        Assert.NotNull(requirePerms);
+        Assert.True(requirePerms.CanExecuteCommand((SteamID)76561197960265739));
+    }
+
+    [Fact]
+    public void ShouldRequiresPermissionsOrPassDifferentDomains()
+    {
+        Assert.False(AdminManager.PlayerHasPermissions((SteamID)76561197960265740, "@css/ban"));
+        AdminManager.AddPlayerPermissions((SteamID)76561197960265740, "@css/ban");
+        Assert.True(AdminManager.PlayerHasPermissions((SteamID)76561197960265740, "@css/ban"));
+
+        var requirePerms = new RequiresPermissionsOr("@css/ban", "@domain2/flag");
+        Assert.NotNull(requirePerms);
+        Assert.True(requirePerms.CanExecuteCommand((SteamID)76561197960265740));
+    }
+
+    [Fact]
+    public void ShouldRequiresPermissionsCheckFail()
+    {
+        Assert.False(AdminManager.PlayerHasPermissions((SteamID)76561197960265735, "@css/ban"));
+        AdminManager.AddPlayerPermissions((SteamID)76561197960265735, "@css/ban");
+        Assert.True(AdminManager.PlayerHasPermissions((SteamID)76561197960265735, "@css/ban"));
+
+        var requirePerms = new RequiresPermissions("@css/kick");
+        Assert.NotNull(requirePerms);
+        Assert.False(requirePerms.CanExecuteCommand((SteamID)76561197960265735));
+    }
+
+    [Fact]
+    public void ShouldRequiresPermissionsOrCheckFailSameDomain()
+    {
+        Assert.False(AdminManager.PlayerHasPermissions((SteamID)76561197960265736, "@css/ban"));
+        AdminManager.AddPlayerPermissions((SteamID)76561197960265736, "@css/ban");
+        Assert.True(AdminManager.PlayerHasPermissions((SteamID)76561197960265736, "@css/ban"));
+
+        var requirePerms = new RequiresPermissionsOr("@css/kick", "@css/vote");
+        Assert.NotNull(requirePerms);
+        Assert.False(requirePerms.CanExecuteCommand((SteamID)76561197960265736));
+    }
+
+    [Fact]
+    public void ShouldRequiresPermissionsOrCheckFailDifferentDomains()
+    {
+        Assert.False(AdminManager.PlayerHasPermissions((SteamID)76561197960265737, "@css/ban"));
+        AdminManager.AddPlayerPermissions((SteamID)76561197960265737, "@css/ban");
+        Assert.True(AdminManager.PlayerHasPermissions((SteamID)76561197960265737, "@css/ban"));
+
+        var requirePerms = new RequiresPermissionsOr("@css/kick", "@domain2/flag");
+        Assert.NotNull(requirePerms);
+        Assert.False(requirePerms.CanExecuteCommand((SteamID)76561197960265737));
+    }
+
+    [Fact]
+    public void ShouldAllowRootFlagInRequiresPermissionsOr()
+    {
+        Assert.False(AdminManager.PlayerHasPermissions((SteamID)76561197960265733, "@css/root"));
+        AdminManager.AddPlayerPermissions((SteamID)76561197960265733, "@css/root");
+        Assert.True(AdminManager.PlayerHasPermissions((SteamID)76561197960265733, "@css/root"));
+
+        var adminData = AdminManager.GetPlayerAdminData((SteamID)76561197960265733);
+        Assert.NotNull(adminData);
+        Assert.True(adminData.DomainHasRootFlag("css"));
+
+        var requirePerms = new RequiresPermissionsOr("@css/ban", "@css/kick", "@domain2/flag");
+        Assert.NotNull(requirePerms);
+        Assert.True(requirePerms.CanExecuteCommand((SteamID)76561197960265733));
+    }
+}

managed/CounterStrikeSharp.API/Core/Commands/CommandManager.cs

@@ -117,7 +117,7 @@ private void HandleCommandInternal(int playerSlot, IntPtr commandInfo)
                         }
 
                         attr.Command = name;
-                        if (!attr.CanExecuteCommand(caller))
+                        if (!attr.CanExecuteCommand(caller.AuthorizedSteamID))
                         {
                             var responseStr = (attr.GetType() == typeof(RequiresPermissions)) ?
                                 Application.Localizer["Missing permissions"] :
@@ -166,4 +166,4 @@ private void HandleCommandInternal(int playerSlot, IntPtr commandInfo)
             }
         }
     }
-}
+}

managed/CounterStrikeSharp.API/Modules/Admin/AdminGroup.cs

@@ -1,15 +1,6 @@
-using System;
-using System.Collections.Generic;
-using System.IO;
-using System.Linq;
-using System.Numerics;
-using System.Text;
-using System.Text.Json;
+using System.Text.Json;
 using System.Text.Json.Serialization;
-
-using CounterStrikeSharp.API.Core;
 using CounterStrikeSharp.API.Modules.Entities;
-using CounterStrikeSharp.API.Modules.Utils;
 
 namespace CounterStrikeSharp.API.Modules.Admin
 {
@@ -157,22 +148,28 @@ public static void AddPlayerToGroup(SteamID? steamId, params string[] groups)
         {
             if (steamId == null) return;
             var data = GetPlayerAdminData(steamId);
+
             if (data == null)
             {
                 data = new AdminData()
                 {
                     Identity = steamId.SteamId64.ToString(),
-                    Flags = new(),
-                    Groups = new(groups)
+                    Flags = new()
                 };
             }
 
             foreach (var group in groups)
             {
+                // If we're already in this group, we don't need to assign permissions again.
+                if (data.Groups.Contains(group)) continue;
+
+                data.Groups.Add(group);
+
+                // If this group exists internally, apply group permissions to the player.
                 if (Groups.TryGetValue(group, out var groupDef))
                 {
                     AddPlayerPermissions(steamId, groupDef.Flags.ToArray());
-                    groupDef.CommandOverrides.ToList().ForEach(x => data.CommandOverrides[x.Key] = x.Value);
+                    groupDef.CommandOverrides.ToList().ForEach(x => data.CommandOverrides[x.Key] = x.Value);    
                 }
             }
             Admins[steamId] = data;

managed/CounterStrikeSharp.API/Modules/Admin/AdminManager.cs

@@ -1,10 +1,6 @@
 using CounterStrikeSharp.API.Modules.Commands;
-using CounterStrikeSharp.API.Modules.Utils;
-using System.Linq;
 using System.Reflection;
 using CounterStrikeSharp.API.Core.Commands;
-using CounterStrikeSharp.API.Core.Logging;
-using Microsoft.Extensions.Logging;
 
 namespace CounterStrikeSharp.API.Modules.Admin
 {
@@ -100,4 +96,4 @@ private static void ListAdminOverridesCommand(CCSPlayerController? player, Comma
             }
         }
     }
-}
+}

managed/CounterStrikeSharp.API/Modules/Admin/AdminPermissions.cs

@@ -1,16 +1,8 @@
-using System;
-using System.IO;
-using System.Collections.Generic;
-using System.Text.Json.Serialization;
+using System.Text.Json.Serialization;
 using System.Text.Json;
 using CounterStrikeSharp.API.Modules.Entities;
-using System.Linq;
 using CounterStrikeSharp.API.Core.Logging;
 using Microsoft.Extensions.Logging;
-using System.Text.Json.Nodes;
-using System.Numerics;
-using CounterStrikeSharp.API.Modules.Utils;
-using System.Diagnostics.Eventing.Reader;
 
 namespace CounterStrikeSharp.API.Modules.Admin
 {
@@ -23,7 +15,7 @@ public partial class AdminData
         [JsonPropertyName("immunity")] public uint Immunity { get; set; } = 0;
         [JsonPropertyName("command_overrides")] public Dictionary<string, bool> CommandOverrides { get; init; } = new();
 
-        // Key is the domain of the flag "e.g "css, os, kzsurf"). This should NOT include the @ character.
+        // Key is the domain of the flag "e.g "css, os, kzsurf". This should NOT include the @ character.
         // Value is a hashmap of the flags inside of the domain (e.g "@css/generic")
         public Dictionary<string, HashSet<string>> Flags { get; init; } = new();
 
@@ -81,7 +73,9 @@ public void AddFlags(HashSet<string> flags)
                 {
                     Flags[domain] = new HashSet<string>();
                 }
-                Flags[domain].UnionWith(flags.Where(flag => flag.StartsWith(PermissionCharacters.UserPermissionChar + domain + '/')).ToHashSet());
+
+                var matchingFlags = flags.Where(flag => flag.StartsWith(PermissionCharacters.UserPermissionChar + domain + '/'));
+                Flags[domain].UnionWith(matchingFlags.ToHashSet());
             }
         }
 
@@ -166,14 +160,43 @@ public static void LoadAdminData(string adminDataPath)
             }
         }
 
-		/// <summary>
+        /// <summary>
+        /// Creates a blank AdminData object for a player. This is not saved to "configs/admins.json"
+        /// </summary>
+        /// <param name="player">Player controller.</param>
+        /// <returns>Blank AdminData class.</returns>
+        public static AdminData? CreateAdminData(CCSPlayerController? player)
+        {
+            if (player == null || player is { IsValid: false }) return null;
+            return CreateAdminData(player.AuthorizedSteamID);
+        }
+
+        /// <summary>
+        /// Creates a blank AdminData object for a player. This is not saved to "configs/admins.json"
+        /// </summary>
+        /// <param name="steamID">SteamID object of the player.</param>
+        /// <returns>Blank AdminData class.</returns>
+        public static AdminData? CreateAdminData(SteamID? steamID)
+        {
+            if (steamID is null) return null;
+            var adminData = new AdminData()
+            {
+                Identity = steamID.SteamId64.ToString()
+            };
+
+            Admins[steamID] = adminData;
+
+            return adminData;
+        }
+
+        /// <summary>
 		/// Grabs the admin data for a player that was loaded from "configs/admins.json" and "configs/admins_groups.json".
 		/// </summary>
 		/// <param name="player">Player controller</param>
 		/// <returns>AdminData class if data found, null if not.</returns>
 		public static AdminData? GetPlayerAdminData(CCSPlayerController? player)
 		{
-			if (player == null) return null;
+			if (player == null || player is { IsValid : false }) return null;
             return GetPlayerAdminData(player.AuthorizedSteamID);
 		}
 
@@ -194,7 +217,7 @@ public static void LoadAdminData(string adminDataPath)
 		/// <param name="player">Player controller</param>
 		public static void RemovePlayerAdminData(CCSPlayerController? player)
 		{
-			if (player == null) return;
+			if (player == null || player is { IsValid: false }) return;
 			RemovePlayerAdminData(player.AuthorizedSteamID);
 		}
 
@@ -208,6 +231,14 @@ public static void RemovePlayerAdminData(SteamID? steamId)
             Admins.Remove(steamId);
         }
 
+        /// <summary>
+        /// Removes all locally stored admin data. This is not saved to "configs/admins.json"
+        /// </summary>
+        public static void FlushLocalAdminData()
+        {
+            Admins.Clear();
+        }
+
         #region Command Permission Checks
 
         /// <summary>

managed/CounterStrikeSharp.API/Modules/Admin/BaseRequiresPermissions.cs

@@ -1,8 +1,4 @@
-using CounterStrikeSharp.API.Core;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using CounterStrikeSharp.API.Modules.Entities;
+using CounterStrikeSharp.API.Modules.Entities;
 
 namespace CounterStrikeSharp.API.Modules.Admin
 {
@@ -27,19 +23,29 @@ public BaseRequiresPermissions(params string[] permissions)
             Command = "";
         }
 
-        public virtual bool CanExecuteCommand(CCSPlayerController? caller)
+        public virtual bool CanExecuteCommand(SteamID? steamID)
         {
+            if (steamID is null) return false;
+
+            var adminData = AdminManager.GetPlayerAdminData(steamID);
+            if (adminData is null) return false;
+
             // If we have a command in the "command_overrides" section in "configs/admins.json",
             // we skip the checks below and just return the defined value.
-            if (caller?.AuthorizedSteamID == null) return false;
-            var adminData = AdminManager.GetPlayerAdminData(caller.AuthorizedSteamID);
-            if (adminData == null) return false;
             if (adminData.CommandOverrides.TryGetValue(Command, out var command))
             {
                 return command;
             }
 
             return true;
         }
+
+        public virtual bool CanExecuteCommand(CCSPlayerController? caller)
+        {
+            if ( caller is null || caller is { IsValid: false } ) return false;
+            if ( caller.AuthorizedSteamID is null ) return false;
+
+            return CanExecuteCommand(caller.AuthorizedSteamID);
+        }
     }
 }