require login for wildcard ip search

RaidMax · Sep 14, 2023 · 7ecbf85 · 7ecbf85
1 parent ec6424b
commit 7ecbf85
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 7 deletions.
diff --git a/Application/QueryHelpers/ClientResourceQueryHelper.cs b/Application/QueryHelpers/ClientResourceQueryHelper.cs
@@ -8,16 +8,19 @@
 using Data.Models;
 using Microsoft.EntityFrameworkCore;
 using SharedLibraryCore;
+using SharedLibraryCore.Configuration;
 using SharedLibraryCore.Dtos;
 using SharedLibraryCore.Helpers;
 using SharedLibraryCore.Interfaces;
+using WebfrontCore.Permissions;
 using WebfrontCore.QueryHelpers.Models;
 using EFClient = Data.Models.Client.EFClient;
 
 namespace IW4MAdmin.Application.QueryHelpers;
 
 public class ClientResourceQueryHelper : IResourceQueryHelper<ClientResourceRequest, ClientResourceResponse>
 {
+ public ApplicationConfiguration _appConfig { get; }
  private readonly IDatabaseContextFactory _contextFactory;
  private readonly IGeoLocationService _geoLocationService;
 
@@ -27,8 +30,10 @@ private class ClientAlias
  public EFAlias Alias { get; set; }
  }
 
- public ClientResourceQueryHelper(IDatabaseContextFactory contextFactory, IGeoLocationService geoLocationService)
+ public ClientResourceQueryHelper(IDatabaseContextFactory contextFactory, IGeoLocationService geoLocationService,
+ ApplicationConfiguration appConfig)
  {
+ _appConfig = appConfig;
  _contextFactory = contextFactory;
  _geoLocationService = geoLocationService;
  }
@@ -75,7 +80,9 @@ private async Task<ResourceQueryHelperResult<ClientResourceResponse>> StartFromC
 
  if (!string.IsNullOrWhiteSpace(query.ClientIp))
  {
- clientAliases = SearchByIp(query, clientAliases);
+ clientAliases = SearchByIp(query, clientAliases,
+ _appConfig.HasPermission(query.RequesterPermission, WebfrontEntity.ClientIPAddress,
+ WebfrontPermission.Read));
  }
 
  var iqGroupedClientAliases = clientAliases.GroupBy(a => new { a.Client.ClientId, a.Client.LastConnection });
@@ -203,7 +210,7 @@ private static Expression<Func<ClientAlias, bool>> ExactNameMatch(string lowerCa
  }
 
  private static IQueryable<ClientAlias> SearchByIp(ClientResourceRequest query,
- IQueryable<ClientAlias> clientAliases)
+ IQueryable<ClientAlias> clientAliases, bool canSearchIP)
  {
  var ipString = query.ClientIp.Trim();
  var ipAddress = ipString.ConvertToIP();
@@ -213,7 +220,7 @@ private static IQueryable<ClientAlias> SearchByIp(ClientResourceRequest query,
  clientAliases = clientAliases.Where(clientAlias =>
  clientAlias.Alias.IPAddress != null && clientAlias.Alias.IPAddress == ipAddress);
  }
- else
+ else if(canSearchIP)
  {
  clientAliases = clientAliases.Where(clientAlias =>
  EF.Functions.Like(clientAlias.Alias.SearchableIPAddress, $"{ipString}%"));

diff --git a/WebfrontCore/Controllers/Client/ClientController.cs b/WebfrontCore/Controllers/Client/ClientController.cs
@@ -249,7 +249,8 @@ public async Task<IActionResult> AdvancedFind(ClientResourceRequest request)
  {
  ViewBag.Title = Localization["WEBFRONT_SEARCH_RESULTS_TITLE"];
  ViewBag.ClientResourceRequest = request;
-
+
+ request.RequesterPermission = Client.Level;
  var response = await _clientResourceHelper.QueryResource(request);
  return request.Offset > 0
  ? PartialView("Find/_AdvancedFindList", response.Results)

diff --git a/WebfrontCore/QueryHelpers/Models/ClientResourceRequest.cs b/WebfrontCore/QueryHelpers/Models/ClientResourceRequest.cs
@@ -16,7 +16,9 @@ public class ClientResourceRequest : ClientPaginationRequest
  public EFClient.Permission? ClientLevel { get; set; }
  public Reference.Game? GameName { get; set; }
  public bool IncludeGeolocationData { get; set; } = true;
-
+
+ public EFClient.Permission RequesterPermission { get; set; } = EFClient.Permission.User;
+
  public bool HasData => !string.IsNullOrEmpty(ClientName) || !string.IsNullOrEmpty(ClientIp) ||
- !string.IsNullOrEmpty(ClientGuid) || ClientLevel is not null || GameName is not null;
+  !string.IsNullOrEmpty(ClientGuid) || ClientLevel is not null || GameName is not null;
 }