From b955f677a726f02a9fb3b3c7d56014a226bf0814 Mon Sep 17 00:00:00 2001
From: Azareal <azareal@users.noreply.github.com>
Date: Sun, 24 Sep 2017 01:49:41 +0100
Subject: [PATCH] Fixed the permission system. Added more debug logging.
 Renamed the label in the Forum Manager and Editor from Hidden to Active.
 Fixed a bug in compileTemplates() where it only loads visible forums from the
 forum store possibly causing trouble. Fixed a bug in the /topics/ route where
 super admin status wasn't being taken into consideration. Dropped down a
 hotfix for the /topics/ route.

---
 member_routes.go                | 14 ++++---
 mysql.sql                       |  9 +++++
 permissions.go                  | 70 ++++++++++++++++++++++-----------
 routes.go                       | 25 ++++++++++--
 template_init.go                |  2 +-
 templates/panel-forum-edit.html |  2 +-
 templates/panel-forums.html     |  6 +--
 user_store.go                   |  1 +
 8 files changed, 91 insertions(+), 38 deletions(-)

diff --git a/member_routes.go b/member_routes.go
index 87af4c42..977a71a5 100644
--- a/member_routes.go
+++ b/member_routes.go
@@ -78,14 +78,16 @@ func routeTopicCreate(w http.ResponseWriter, r *http.Request, user User, sfid st
 
 		// Do a bulk forum fetch, just in case it's the SqlForumStore?
 		forum := fstore.DirtyGet(ffid)
-		fcopy := *forum
-		if hooks["topic_create_frow_assign"] != nil {
-			// TODO: Add the skip feature to all the other row based hooks?
-			if runHook("topic_create_frow_assign", &fcopy).(bool) {
-				continue
+		if forum.Name != "" && forum.Active {
+			fcopy := *forum
+			if hooks["topic_create_frow_assign"] != nil {
+				// TODO: Add the skip feature to all the other row based hooks?
+				if runHook("topic_create_frow_assign", &fcopy).(bool) {
+					continue
+				}
 			}
+			forumList = append(forumList, fcopy)
 		}
-		forumList = append(forumList, fcopy)
 	}
 
 	ctpage := CreateTopicPage{"Create Topic", user, headerVars, forumList, fid}
diff --git a/mysql.sql b/mysql.sql
index 4f2b9323..6aea704e 100644
--- a/mysql.sql
+++ b/mysql.sql
@@ -234,12 +234,21 @@ INSERT INTO users_groups(`name`,`permissions`,`plugin_perms`,`tag`) VALUES ('Not
 
 INSERT INTO forums(`name`,`active`) VALUES ('Reports',0);
 INSERT INTO forums(`name`,`lastTopicTime`,`lastTopicID`,`lastReplyer`,`lastReplyerID`,`lastTopic`) VALUES ('General',UTC_TIMESTAMP(),1,"Admin",1,'Test Topic');
+
 INSERT INTO forums_permissions(`gid`,`fid`,`permissions`) VALUES (1,1,'{"ViewTopic":true,"CreateReply":true,"CreateTopic":true,"PinTopic":true,"CloseTopic":true}');
 INSERT INTO forums_permissions(`gid`,`fid`,`permissions`) VALUES (2,1,'{"ViewTopic":true,"CreateReply":true,"CloseTopic":true}');
 INSERT INTO forums_permissions(`gid`,`fid`,`permissions`) VALUES (3,1,'{}');
 INSERT INTO forums_permissions(`gid`,`fid`,`permissions`) VALUES (4,1,'{}');
 INSERT INTO forums_permissions(`gid`,`fid`,`permissions`) VALUES (5,1,'{}');
 INSERT INTO forums_permissions(`gid`,`fid`,`permissions`) VALUES (6,1,'{}');
+
+INSERT INTO forums_permissions(`gid`,`fid`,`permissions`) VALUES (1,2,'{"ViewTopic":true,"CreateReply":true,"CreateTopic":true,"LikeItem":true,"EditTopic":true,"DeleteTopic":true,"EditReply":true,"DeleteReply":true,"PinTopic":true,"CloseTopic":true}');
+INSERT INTO forums_permissions(`gid`,`fid`,`permissions`) VALUES (2,2,'{"ViewTopic":true,"CreateReply":true,"CreateTopic":true,"LikeItem":true,"EditTopic":true,"DeleteTopic":true,"EditReply":true,"DeleteReply":true,"PinTopic":true,"CloseTopic":true}');
+INSERT INTO forums_permissions(`gid`,`fid`,`permissions`) VALUES (3,2,'{"ViewTopic":true,"CreateReply":true,"CreateTopic":true,"LikeItem":true}');
+INSERT INTO forums_permissions(`gid`,`fid`,`permissions`) VALUES (4,2,'{"ViewTopic":true}');
+INSERT INTO forums_permissions(`gid`,`fid`,`permissions`) VALUES (5,2,'{"ViewTopic":true}');
+INSERT INTO forums_permissions(`gid`,`fid`,`permissions`) VALUES (6,2,'{"ViewTopic":true}');
+
 INSERT INTO topics(`title`,`content`,`createdAt`,`lastReplyAt`,`lastReplyBy`,`createdBy`,`parentID`)
 VALUES ('Test Topic','A topic automatically generated by the software.',UTC_TIMESTAMP(),UTC_TIMESTAMP(),1,1,2);
 
diff --git a/permissions.go b/permissions.go
index a1d80a55..95ed3a0a 100644
--- a/permissions.go
+++ b/permissions.go
@@ -303,7 +303,7 @@ func rebuildForumPermissions(fid int) error {
 	if dev.DebugMode {
 		log.Print("Loading the forum permissions")
 	}
-	forums, err := fstore.GetAll()
+	fids, err := fstore.GetAllIDs()
 	if err != nil {
 		return err
 	}
@@ -350,28 +350,29 @@ func rebuildForumPermissions(fid int) error {
 		group.Forums = []ForumPerms{BlankForumPerms}
 		group.CanSee = []int{}
 
-		for ffid := range forums {
+		for _, ffid := range fids {
 			forumPerm, ok := forumPerms[group.ID][ffid]
 			if ok {
 				//log.Print("Overriding permissions for forum #" + strconv.Itoa(fid))
 				group.Forums = append(group.Forums, forumPerm)
-				if forumPerm.Overrides {
-					if forumPerm.ViewTopic {
-						group.CanSee = append(group.CanSee, ffid)
-					}
-				} else if group.Perms.ViewTopic {
-					group.CanSee = append(group.CanSee, ffid)
-				}
 			} else {
 				//log.Print("Inheriting from default for forum #" + strconv.Itoa(fid))
 				forumPerm = BlankForumPerms
 				group.Forums = append(group.Forums, forumPerm)
 			}
+			if forumPerm.Overrides {
+				if forumPerm.ViewTopic {
+					group.CanSee = append(group.CanSee, ffid)
+				}
+			} else if group.Perms.ViewTopic {
+				group.CanSee = append(group.CanSee, ffid)
+			}
 		}
 		if dev.SuperDebug {
 			log.Printf("group.CanSee %+v\n", group.CanSee)
 			log.Printf("group.Forums %+v\n", group.Forums)
-			log.Print("len(group.Forums)", len(group.Forums))
+			log.Print("len(group.CanSee)", len(group.CanSee))
+			log.Print("len(group.Forums)", len(group.Forums)) // This counts blank aka 0
 		}
 	}
 	return nil
@@ -379,10 +380,13 @@ func rebuildForumPermissions(fid int) error {
 
 // ? - We could have buildForumPermissions and rebuildForumPermissions call a third function containing common logic?
 func buildForumPermissions() error {
-	forums, err := fstore.GetAll()
+	fids, err := fstore.GetAllIDs()
 	if err != nil {
 		return err
 	}
+	if dev.SuperDebug {
+		log.Print("fids: ", fids)
+	}
 
 	rows, err := getForumsPermissionsStmt.Query()
 	if err != nil {
@@ -392,6 +396,9 @@ func buildForumPermissions() error {
 
 	if dev.DebugMode {
 		log.Print("Adding the forum permissions")
+		if dev.SuperDebug {
+			log.Print("forumPerms[gid][fid]")
+		}
 	}
 	// Temporarily store the forum perms in a map before transferring it to a much faster and thread-safe slice
 	forumPerms = make(map[int]map[int]ForumPerms)
@@ -403,6 +410,10 @@ func buildForumPermissions() error {
 		if err != nil {
 			return err
 		}
+
+		if dev.SuperDebug {
+			log.Print("perms: ", string(perms))
+		}
 		err = json.Unmarshal(perms, &pperms)
 		if err != nil {
 			return err
@@ -413,11 +424,14 @@ func buildForumPermissions() error {
 		if !ok {
 			forumPerms[gid] = make(map[int]ForumPerms)
 		}
+
+		if dev.SuperDebug {
+			log.Print("gid: ", gid)
+			log.Print("fid: ", fid)
+			log.Printf("perms: %+v;", pperms)
+		}
 		forumPerms[gid][fid] = pperms
 	}
-	if dev.SuperDebug {
-		log.Print("forumPerms ", forumPerms)
-	}
 
 	groups, err := gstore.GetAll()
 	if err != nil {
@@ -430,32 +444,40 @@ func buildForumPermissions() error {
 		}
 		group.Forums = []ForumPerms{BlankForumPerms}
 		group.CanSee = []int{}
-		for fid := range forums {
+		for _, fid := range fids {
+			if dev.SuperDebug {
+				log.Printf("Forum #%+v\n", fid)
+			}
 			forumPerm, ok := forumPerms[group.ID][fid]
 			if ok {
 				// Override group perms
 				//log.Print("Overriding permissions for forum #" + strconv.Itoa(fid))
 				group.Forums = append(group.Forums, forumPerm)
-				if forumPerm.Overrides {
-					if forumPerm.ViewTopic {
-						group.CanSee = append(group.CanSee, fid)
-					}
-				} else if group.Perms.ViewTopic {
-					group.CanSee = append(group.CanSee, fid)
-				}
 			} else {
 				// Inherit from Group
-				// ? - Is this really inheriting from the Group? At-least for CanSee?
 				//log.Print("Inheriting from default for forum #" + strconv.Itoa(fid))
 				forumPerm = BlankForumPerms
 				group.Forums = append(group.Forums, forumPerm)
 			}
+			if forumPerm.Overrides {
+				if forumPerm.ViewTopic {
+					group.CanSee = append(group.CanSee, fid)
+				}
+			} else if group.Perms.ViewTopic {
+				group.CanSee = append(group.CanSee, fid)
+			}
+
+			if dev.SuperDebug {
+				log.Print("group.ID: ", group.ID)
+				log.Printf("forumPerm: %+v\n", forumPerm)
+				log.Print("group.CanSee: ", group.CanSee)
+			}
 		}
 		if dev.SuperDebug {
 			log.Printf("group.CanSee %+v\n", group.CanSee)
 			log.Printf("group.Forums %+v\n", group.Forums)
 			log.Print("len(group.CanSee)", len(group.CanSee))
-			log.Print("len(group.Forums)", len(group.Forums))
+			log.Print("len(group.Forums)", len(group.Forums)) // This counts blank aka 0
 		}
 	}
 	return nil
diff --git a/routes.go b/routes.go
index be184aed..29a992f0 100644
--- a/routes.go
+++ b/routes.go
@@ -149,6 +149,7 @@ func routeTopics(w http.ResponseWriter, r *http.Request, user User) {
 	}
 	BuildWidgets("topics", nil, headerVars, r)
 
+	// TODO: Add a function for the qlist stuff
 	var qlist string
 	var fidList []interface{}
 	group, err := gstore.Get(user.Group)
@@ -158,12 +159,30 @@ func routeTopics(w http.ResponseWriter, r *http.Request, user User) {
 		return
 	}
 
-	for _, fid := range group.CanSee {
-		if fstore.DirtyGet(fid).Name != "" {
+	var canSee []int
+	if user.IsSuperAdmin {
+		canSee, err = fstore.GetAllVisibleIDs()
+		if err != nil {
+			InternalError(err, w)
+			return
+		}
+	} else {
+		canSee = group.CanSee
+	}
+
+	for _, fid := range canSee {
+		forum := fstore.DirtyGet(fid)
+		if forum.Name != "" && forum.Active {
 			fidList = append(fidList, strconv.Itoa(fid))
 			qlist += "?,"
 		}
 	}
+
+	// ! Need an inline error not a page level error
+	if qlist == "" {
+		NotFound(w, r)
+		return
+	}
 	qlist = qlist[0 : len(qlist)-1]
 
 	var topicList []*TopicsRow
@@ -400,7 +419,7 @@ func routeForums(w http.ResponseWriter, r *http.Request, user User) {
 	for _, fid := range canSee {
 		//log.Print(forums[fid])
 		var forum = *fstore.DirtyGet(fid)
-		if forum.ParentID == 0 {
+		if forum.ParentID == 0 && forum.Name != "" && forum.Active {
 			if forum.LastTopicID != 0 {
 				forum.LastTopicTime, err = relativeTime(forum.LastTopicTime)
 				if err != nil {
diff --git a/template_init.go b/template_init.go
index b21bd368..b705580d 100644
--- a/template_init.go
+++ b/template_init.go
@@ -129,7 +129,7 @@ func compileTemplates() error {
 	}
 
 	var forumList []Forum
-	forums, err := fstore.GetAllVisible()
+	forums, err := fstore.GetAll()
 	if err != nil {
 		return err
 	}
diff --git a/templates/panel-forum-edit.html b/templates/panel-forum-edit.html
index 83613ed7..6bc08d11 100644
--- a/templates/panel-forum-edit.html
+++ b/templates/panel-forum-edit.html
@@ -19,7 +19,7 @@ var form_vars = {'perm_preset': ['can_moderate','can_post','read_only','no_acces
 			<div class="formitem"><input name="forum_desc" type="text" value="{{.Desc}}" placeholder="Where the general stuff happens" /></div>
 		</div>
 		<div class="formrow">
-			<div class="formitem formlabel"><a>Hidden?</a></div>
+			<div class="formitem formlabel"><a>Active</a></div>
 			<div class="formitem"><select name="forum_active">
 				<option{{if not .Active}} selected{{end}} value="1">Yes</option>
 				<option{{if .Active}} selected{{end}} value="0">No</option>
diff --git a/templates/panel-forums.html b/templates/panel-forums.html
index f73cff14..6085e9cb 100644
--- a/templates/panel-forums.html
+++ b/templates/panel-forums.html
@@ -47,10 +47,10 @@
 				<div class="formitem"><input name="forum-desc" type="text" placeholder="Where all the super secret stuff happens" /></div>
 			</div>
 			<div class="formrow">
-				<div class="formitem formlabel"><a>Hidden?</a></div>
+				<div class="formitem formlabel"><a>Active</a></div>
 				<div class="formitem"><select name="forum-active">
-					<option value="0">Yes</option>
-					<option value="1">No</option>
+					<option value="1">Yes</option>
+					<option value="0">No</option>
 				</select></div>
 			</div>
 			<div class="formrow">
diff --git a/user_store.go b/user_store.go
index 9f60d2bd..5db8edeb 100644
--- a/user_store.go
+++ b/user_store.go
@@ -176,6 +176,7 @@ func (mus *MemoryUserStore) BulkGetMap(ids []int) (list map[int]*User, err error
 		return list, nil
 	}
 
+	// TODO: Add a function for the qlist stuff
 	var qlist string
 	var uidList []interface{}
 	for _, id := range ids {