search

MovingBlocks / FacadeServer

A headless facade that acts as a game host and provides web-based administration. Automation category: Terasology Facade. See https://forum.terasology.org/threads/facadeserver-headless-server-with-web-interface.1906
Apache License 2.0
4 stars 11 forks source link

Backend for admin permissions #17

Closed Inei1 closed 6 years ago

Inei1 commented 6 years ago

This PR provides the logic for blocking admins from performing certain actions over the REST API.

To test, start up a new server and join the game. There should be a new file called serverAdminPermissions.json. You can also query resources/serverAdminPermissions to get a list of all admin permissions and resources/serverAdmins/{adminId}/permissions for the permissions of a single admin.

Inei1 commented 6 years ago

I am in the process of refactoring some of the code for this PR, so don't merge this (or the frontend PR) yet. None of the logic should be changed, so you could probably test it.

The refactoring is done, this PR is fine to test now. There is a bug in the implementation for the admin permissions for the console, and taking away the permissions after giving them doesn't appear to prevent users from executing console commands on the frontend only.

Inei1 commented 6 years ago

I have done the requested refactoring, and it conveniently fixed one of the more confusing bugs I was dealing with. As for merging the two admin manager classes, I think they could work together. The reason I didn't do it at first is because I wanted to simplify the code. I don't think it would be difficult to merge the two later.

Hold off on merging this for now as I still need to add to swagger.json.

gianluca-nitti commented 6 years ago

Okay, merged - thank you @Inei1 for the work.

I did some testing and the code mostly works as expected. An annoying fact is that console-related permissions are not automatically updated for users connected via the web client (including the one which requested the modification) - for the changes to take effect, you have to connect with the game client. After a bit of investigation I found out that this is due to the headless clients (i.e. users connected via the web client) only being registered to the engine's EntityManager and not to the NetworkSystem, thus AdminPermissionManager (which queries the NetworkSystem) can't find them, and no onConnected event is fired when an headless client connects, so this code in ConsoleResource isn't executed for headless clients (only for normal clients), meaning that refreshing the frontend in the browser and reconnecting doesn't help.

This is mostly due to a poor design choice I made when I wrote HeadlessClient and other classes, since I thought that just registering the entity was enough - but after getting more familiar with the engine I'm quite sure the proper way is to register them to the NetworkSystem.

~I'm going to open an issue~ Just opened issue #19 (mostly as a note to self, but anyone interested is welcome to help) as a reminder to fix this.