8 files changed, 97 insertions, 20 deletions
diff --git a/Acl.cs b/Acl.cs
new file mode 100644
index 0000000..581a8bc
--- /dev/null
+++ b/Acl.cs
@@ -0,0 +1,35 @@
+namespace HyperBooru;
+
+public enum AclRuleAction {
+    Allow,
+    Deny
+}
+
+public class Acl : HBObject {
+    public HBObject      Subject { get; set; }
+    public List<AclRule> Rules   { get; set; }
+}
+
+public class Acl<T> : Acl where T : Enum {
+    public Type Type => typeof(T);
+
+    public new List<AclRule<T>> Rules {
+        get => base.Rules.Cast<AclRule<T>>().ToList();
+        set => base.Rules = value.Cast<AclRule>().ToList();
+    }
+}
+
+public class AclRule : HBObject {
+    public HBPrincipal   Principal   { get; set; }
+    public AclRuleAction Action      { get; set; }
+    public ulong         Permissions { get; set; }
+}
+
+public class AclRule<T> : AclRule where T : Enum {
+    public Type Type => typeof(T);
+
+    public new T Permissions {
+        get => (T) (object) base.Permissions;
+        set => base.Permissions = (ulong) (object) value;
+    }
+}
diff --git a/HBContext.cs b/HBContext.cs
index c15c20b..c38a614 100644
--- a/HBContext.cs
+++ b/HBContext.cs
@@ -14,13 +14,19 @@ public class HBContext : DbContext {
     public static readonly Guid IngestTag = new("EA212801-5BCC-4C0E-814F-FB9D30DB58BC");
 
     public DbSet<HBObject>      Objects        { get; set; }
-    public DbSet<User>          Users          { get; set; }
     public DbSet<TagDefinition> TagDefinitions { get; set; }
     public DbSet<Tag>           Tags           { get; set; }
     public DbSet<Media>         Media          { get; set; }
     public DbSet<UploadedFile>  UploadedFiles  { get; set; }
     public DbSet<OcrData>       OcrData        { get; set; }
 
+    // Security-related tables
+    public DbSet<HBPrincipal> Principals { get; set; }
+    public DbSet<User>        Users      { get; set; }
+    public DbSet<Group>       Groups     { get; set; }
+    public DbSet<Acl>         Acls       { get; set; }
+    public DbSet<AclRule>     AclRules   { get; set; }
+
     private IConfigService config;
 
     public HBContext(DbContextOptions<HBContext> options, IConfigService config) : base(options) =>
diff --git a/HBObject.cs b/HBObject.cs
index 8001ea3..ba1c226 100644
--- a/HBObject.cs
+++ b/HBObject.cs
@@ -11,4 +11,5 @@ public class HBObject {
     public         int       ObjectId { get; set; }
     public         Guid      Guid     { get; set; } = Guid.NewGuid();
     public virtual List<Tag> Tags     { get; set; } = new();
+    public         Acl?      Acl      { get; set; }
 }
 \ No newline at end of file
diff --git a/Pages/Component/Titlebar.razor b/Pages/Component/Titlebar.razor
index 1772519..ad41532 100644
--- a/Pages/Component/Titlebar.razor
+++ b/Pages/Component/Titlebar.razor
@@ -2,12 +2,10 @@
 
 <script suppress-error="BL9992">
     async function login() {
-        var username = document.querySelector('input#username');
-        var password = document.querySelector('input#password');
+        var form   = document.querySelector('form.login');
+        var inputs = Array.from(form.getElementsByTagName('input'));
 
-        var formData = new FormData();
-        formData.append('username', username.value);
-        formData.append('password', password.value);
+        var formData = new FormData(form);
 
         var resp = await fetch('/Login', {
             method: 'POST',
@@ -17,13 +15,12 @@
         if(resp.ok) {
             window.location.href = '/';
         } else if(resp.status == 403) {
-            var form = document.querySelector('form.login');
             form.classList.remove('bad-login');
             @* TODO: improve this hacky method of triggering reflow *@
             form.offsetWidth;
             form.classList.add('bad-login');
-            username.value = password.value = null;
-            username.focus();
+            inputs.forEach(e => e.value = null);
+            inputs[0].focus();
         } else {
             alert('Unknown error while attempting to login!');
         }
@@ -63,8 +60,8 @@
         <div id="navbar">
             <h2>Login</h2>
             <form onsubmit="login" class="login">
-                <input id="username" placeholder="Username" type="text"/>
-                <input id="password" placeholder="Password" type="password"/>
+                <input name="username" placeholder="Username" type="text"/>
+                <input name="password" placeholder="Password" type="password"/>
             </form>
             <a href="javascript:login();">Login</a>
         </div>
diff --git a/Principal.cs b/Principal.cs
new file mode 100644
index 0000000..d736bf2
--- /dev/null
+++ b/Principal.cs
@@ -0,0 +1,16 @@
+using Microsoft.EntityFrameworkCore;
+
+namespace HyperBooru;
+
+[Index(nameof(Name))]
+public class HBPrincipal : HBObject {
+    public string Name { get; set; }
+}
+
+public class User : HBPrincipal {
+    public string PasswordHash { get; set; }
+}
+
+public class Group : HBPrincipal {
+    public List<HBPrincipal> Members { get; set; }
+}
+\ No newline at end of file
diff --git a/Services/SecurityService.cs b/Services/SecurityService.cs
new file mode 100644
index 0000000..9695254
--- /dev/null
+++ b/Services/SecurityService.cs
@@ -0,0 +1,29 @@
+using Microsoft.EntityFrameworkCore;
+
+namespace HyperBooru.Services;
+
+public class SecurityService {
+    private IDbContextFactory<HBContext> dbFactory;
+
+    private Acl[] acls;
+
+    public SecurityService(IDbContextFactory<HBContext> dbFactory) {
+        this.dbFactory = dbFactory;
+        Reload();
+    }
+
+    public void Reload() {
+        using var db = dbFactory.CreateDbContext();
+        acls = db.Acls
+            .Include(a => a.Rules)
+            .ThenInclude(r => r.Principal)
+            .ToArray();
+    }
+
+    public IEnumerable<HBObject> Filter(IEnumerable<HBObject> objects, ulong permissions) {
+        foreach(var obj in objects) {
+        }
+
+        return Enumerable.Empty<HBObject>();
+    }
+}
diff --git a/User.cs b/User.cs
deleted file mode 100644
index 61ef03f..0000000
--- a/User.cs
+++ /dev/null
@@ -1,9 +0,0 @@
-using Microsoft.EntityFrameworkCore;
-
-namespace HyperBooru;
-
-[Index(nameof(Username))]
-public class User : HBObject {
-    public string Username     { get; set; }
-    public string PasswordHash { get; set; }
-}
diff --git a/wwwroot/js/keyboard.js b/wwwroot/js/keyboard.js
index 8086418..6ba9f9f 100644
--- a/wwwroot/js/keyboard.js
+++ b/wwwroot/js/keyboard.js
@@ -20,6 +20,7 @@ async function keyDownHandler(e) {
             .find(d => d.element == element)
             .dialogObject
             .invokeMethodAsync('KeyHandler', e.key);
+        console.log('lmao');
         e.preventDefault();
         return;
     }
@@ -31,6 +32,7 @@ async function keyDownHandler(e) {
 
     if(button) {
         button.click();
+        console.log('lmao2');
         e.preventDefault();
         return;
     }