1 files changed, 20 insertions, 9 deletions

diff --git a/Services/SecurityService.cs b/Services/SecurityService.cs
index 48f2d3e..e365266 100644
--- a/Services/SecurityService.cs
+++ b/Services/SecurityService.cs
@@ -4,7 +4,19 @@ using System.Data;
 
 namespace HyperBooru.Services;
 
-public class SecurityService {
+public interface ISecurityService {
+    public IEnumerable<HBObject> Filter(
+        IEnumerable<HBObject> objects,
+        IPrincipal principal,
+        ulong permissions);
+
+    public IEnumerable<HBObject> Filter<T>(
+        IEnumerable<HBObject> objects,
+        IPrincipal principal,
+        T permissions) where T : Enum;
+}
+
+public class SecurityService : ISecurityService {
     private IDbContextFactory<HBContext> dbFactory;
 
     private MemoryCache<SidStruct, IGroup[]>   membershipCache;
@@ -21,10 +33,10 @@ public class SecurityService {
 
         // TODO: preload the principal cache
         membershipCache = new() {
-            MaxItems   = 1000,
-            MaxAge     = TimeSpan.FromMinutes(10),
-            DataSource = (SidStruct sid) => {
-            }
+            MaxItems = 1000,
+            MaxAge = TimeSpan.FromMinutes(10),
+            DataSource = (SidStruct sid) =>
+                principalProvider.GetGroups(new SecurityIdentifier(sid), true)
         };
 
         aclCache = new() {
@@ -70,10 +82,9 @@ public class SecurityService {
 
         ulong permissions = 0;
 
-        var principals = GetGroupMemberShip(principal)
-            .Cast<IPrincipal>()
-            .Concat(new[] { principal })
-            .Select(p => p.Sid)
+        var principals = membershipCache[principal.Sid.SidStruct]
+            .Select(g => g.Sid)
+            .Concat(new[] { principal.Sid })
             .ToArray();
 
         var allowRules = acl.Rules.Where(r => r.Action == AclRuleAction.Allow);