From aa0b68f7648bd5a7c14b64737a4f8d3e402bfce5 Mon Sep 17 00:00:00 2001
From: Jake Mannens <jake@asger.xyz>
Date: Wed, 4 Oct 2023 15:59:52 +1100
Subject: Fix SID equality and WellKnownSid mappings

---
 HBContext.cs                                 |  2 +-
 HBObject.cs                                  |  2 +-
 Pages/Component/AclDialog.razor              | 57 ++++++++++++--------
 Pages/Component/AclDialog.razor.css          | 30 ++++++++++-
 Pages/Component/Dialog.razor                 | 14 +++--
 Pages/Component/Switch.razor.css             |  8 +--
 PrincipalProviders/LocalPrincipalProvider.cs |  8 +++
 SecurityIdentifier.cs                        | 79 ++++++++++++++++++++++------
 Services/PrincipalProvider.cs                | 17 ++++++
 9 files changed, 168 insertions(+), 49 deletions(-)

diff --git a/HBContext.cs b/HBContext.cs
index 2e78b5a..dee100d 100644
--- a/HBContext.cs
+++ b/HBContext.cs
@@ -57,7 +57,7 @@ public class HBContext : DbContext {
 
         modelBuilder.Entity<HBObject>()
             .Property(o => o.Owner)
-            .HasDefaultValue(new SecurityIdentifier(WellKnownSidType.WorldSid));
+            .HasDefaultValue(WellKnownSid.WorldSid);
 
         // Seed internal tag definitions
         // These should NEVER change
diff --git a/HBObject.cs b/HBObject.cs
index df60ed0..eecb3f5 100644
--- a/HBObject.cs
+++ b/HBObject.cs
@@ -15,5 +15,5 @@ public class HBObject {
     [ForeignKey("AclId")]
     public         Acl?               Acl      { get; set; }
     public         SecurityIdentifier Owner    { get; set; } =
-        new SecurityIdentifier(WellKnownSidType.WorldSid);
+        WellKnownSid.WorldSid;
 }
\ No newline at end of file
diff --git a/Pages/Component/AclDialog.razor b/Pages/Component/AclDialog.razor
index 8116f04..87fbd6e 100644
--- a/Pages/Component/AclDialog.razor
+++ b/Pages/Component/AclDialog.razor
@@ -2,35 +2,46 @@
 @inject IDbContextFactory<HBContext> dbFactory;
 @implements IDialog
 
-<Dialog Title="Edit permissions" @ref=dialog>
-    @if(obj?.Acl is not null) {
-        <table class="data-table">
-            <tr>
-                <th>Action</th>
-                <th>Subject</th>
-                <th>Permissions</th>
-                <th></th>
-            </tr>
-            @foreach(var rule in obj.Acl.Rules.OrderByDescending(r => r.Action)) {
-                <tr>
-                    <td><div><AclActionSwitch InitialValue=@(rule.Action == AclRuleAction.Allow)/></div></td>
-                    <td>@rule.Principal.ToString()</td>
-                    <td>@GetActivePermissions(rule)</td>
-                    <td>
-                        <a title="Edit" href="javascript:;">&#x1F589</a>
-                        <a title="Delete" href="javascript:;">&#x2716</a>
-                    </td>
-                </tr>
+<Dialog WidthPixels=900 Title="Edit permissions" @ref=dialog>
+    <div class="container">
+        <div>
+            @if(obj?.Acl is not null) {
+                <table class="data-table">
+                    <tr>
+                        <th>Action</th>
+                        <th>Subject</th>
+                        <th colspan="2">Permissions</th>
+                    </tr>
+                    @foreach(var rule in obj.Acl.Rules.OrderByDescending(r => r.Action)) {
+                        <tr>
+                            <td><div><AclActionSwitch InitialValue=@(rule.Action == AclRuleAction.Allow)/></div></td>
+                            <td>
+                                <a class="nondecorated" href="javascript:;">@(WellKnownSid.TranslateSid(rule.Principal) ?? rule.Principal.ToString())</a>
+                            </td>
+                            <td>@GetActivePermissions(rule)</td>
+                            <td>
+                                <a title="Edit" href="javascript:;">&#x1F589</a>
+                                <a title="Delete" href="javascript:;">&#x2716</a>
+                            </td>
+                        </tr>
+                    }
+                </table>
+                <br/>
+                <center><a href="javascript:;">Add new</a></center>
+            } else {
+                <center><i>This item does not have any permissions set!</i></center>
             }
-        </table>
-        <br/>
-        <center><a href="javascript:;">Add new</a></center>
+        </div>
+        <div>
+            <p><i>Click Edit next to an ACL to edit it's permissions</i></p>
+        </div>
+    </div>
+    @if(obj?.Acl is not null) {
         <ButtonContainer>
             <button class="secondary" @onclick=Hide>Cancel</button>
             <button data-keyboard-shortcut="a" @onclick=Hide><u>A</u>pply</button>
         </ButtonContainer>
     } else {
-        <center><i>This item does not have any permissions set!</i></center>
         <ButtonContainer>
             <button class="secondary" @onclick=Hide>Cancel</button>
         </ButtonContainer>
diff --git a/Pages/Component/AclDialog.razor.css b/Pages/Component/AclDialog.razor.css
index f1b7931..b98cc6d 100644
--- a/Pages/Component/AclDialog.razor.css
+++ b/Pages/Component/AclDialog.razor.css
@@ -1,4 +1,28 @@
-table p {
+div.container {
+    display:        flex;
+    flex-direction: row;
+}
+
+div.container > div {
+    width: 50%;
+}
+
+div.container > div:first-child {
+    border-right:  1px solid white;
+    padding-right: 15px;
+}
+
+div.container > div:last-child {
+    padding-left: 15px;
+    height: stretch;
+}
+
+div.container > div:last-child p {
+    vertical-align: middle;
+    text-align: center;
+}
+
+table p {
     margin: 8px 0 8px 0;
 }
 
@@ -17,6 +41,10 @@ table td:last-child {
     font-size: 12pt;
 }
 
+table td:nth-last-child(2) {
+    border-right: none !important;
+}
+
 table tr:nth-child(2n+1) td:not(:first-child) {
     background: rgba(255, 255, 255, 0.1);
 }
diff --git a/Pages/Component/Dialog.razor b/Pages/Component/Dialog.razor
index 673ec2f..8e8ddca 100644
--- a/Pages/Component/Dialog.razor
+++ b/Pages/Component/Dialog.razor
@@ -4,7 +4,7 @@
 <div
     class="dialog"
     onmousedown="dialogMouseDown(event)"
-    style="opacity:0;visibility:hidden;@(heightStyle)"
+    style="opacity:0;visibility:hidden;@(sizeStyle)"
     @ref=dialogDiv>
     @if(Title is not null) {
         <div class="titlebar" onmousedown="dialogTitleMouseDown(event)">
@@ -24,6 +24,8 @@
     [Parameter]
     public RenderFragment ChildContent { get; set; }
 
+    [Parameter]
+    public int WidthPixels { set => width = $"{value}px"; }
     [Parameter]
     public int HeightPixels  { set => height = $"{value}px"; }
     [Parameter]
@@ -41,6 +43,7 @@
 
     private bool visible = false;
 
+    private string? width;
     private string? height;
 
     private ElementReference dialogDiv;
@@ -53,7 +56,7 @@
             await jsRuntime.InvokeVoidAsync("dialogAddObjectReference", new object[] {
                 dialogDiv,
                 DotNetObjectReference.Create(this)
-            });
+    });
         }
     }
 
@@ -65,6 +68,11 @@
         }
     }
 
+    private string sizeStyle => widthStyle + heightStyle;
+
+    private string widthStyle =>
+        $"{(width is null ? "" : $"width:{width};")}";
+
     private string heightStyle =>
-    $"{(height is null ? "" : $"max-height:{height};")}";
+        $"{(height is null ? "" : $"max-height:{height};")}";
 }
diff --git a/Pages/Component/Switch.razor.css b/Pages/Component/Switch.razor.css
index 6b1f5d5..4c2d3a5 100644
--- a/Pages/Component/Switch.razor.css
+++ b/Pages/Component/Switch.razor.css
@@ -11,9 +11,11 @@
 div.switch-inner {
     background:    var(--col-switch-fg);
     border-radius: 20px;
-    height:        20px;
+    height:        18px;
     transition:    margin-left 0.1s linear;
-    width:         20px;
+    width:         18px;
+    margin-top:    1px;
+    margin-left:   1px;
 }
 
 input:checked + div.switch-outer {
@@ -21,5 +23,5 @@ input:checked + div.switch-outer {
 }
 
 input:checked + div.switch-outer > div.switch-inner {
-    margin-left: 20px;
+    margin-left: 21px;
 }
diff --git a/PrincipalProviders/LocalPrincipalProvider.cs b/PrincipalProviders/LocalPrincipalProvider.cs
index d480633..5c27518 100644
--- a/PrincipalProviders/LocalPrincipalProvider.cs
+++ b/PrincipalProviders/LocalPrincipalProvider.cs
@@ -15,6 +15,14 @@ public class LocalPrincipalProvider : PrincipalProvider {
         return db.Principals.FirstOrDefault(p => p.Name == name);
     }
 
+    public override IPrincipal[]? SearchPrincipals(string name) {
+        using var db = dbFactory.CreateDbContext();
+        return db.Principals
+            .Where(p => p.Name.ToLower().Contains(name))
+            .Cast<IPrincipal>()
+            .ToArray();
+    }
+
     public override IUser? GetUser(string name) {
         using var db = dbFactory.CreateDbContext();
         return db.Users.FirstOrDefault(p => p.Name == name);
diff --git a/SecurityIdentifier.cs b/SecurityIdentifier.cs
index c3f11ef..075788d 100644
--- a/SecurityIdentifier.cs
+++ b/SecurityIdentifier.cs
@@ -1,16 +1,43 @@
 using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using System.Diagnostics.CodeAnalysis;
 using System.Numerics;
 using System.Runtime.InteropServices;
+using System.Security.Cryptography.X509Certificates;
 using System.Text.RegularExpressions;
 
 namespace HyperBooru;
 
-public enum WellKnownSidType {
-    NullSid,
-    WorldSid,
-    LocalSid,
-    CreatorOwnerSid,
-    CreatorGroupSid
+public static class WellKnownSid {
+    public static readonly SecurityIdentifier NullSid         = new("S-1-0-0");
+    public static readonly SecurityIdentifier WorldSid        = new("S-1-1-0");
+    public static readonly SecurityIdentifier LocalSid        = new("S-1-2-0");
+    public static readonly SecurityIdentifier CreatorOwnerSid = new("S-1-3-0");
+    public static readonly SecurityIdentifier CreatorGroupSid = new("S-1-3-1");
+
+    private static readonly (string name, SecurityIdentifier sid)[] nameMap = new[] {
+        ( "Everyone",      WorldSid        ),
+        ( "LOCAL",         LocalSid        ),
+        ( "CREATOR OWNER", CreatorGroupSid ),
+        ( "CREATOR GROUP", CreatorGroupSid )
+    };
+
+    public static SecurityIdentifier? TranslateName(string name) {
+        try {
+            return nameMap
+                .First(x => x.name.ToLower() == name.ToLower().Trim())
+                .sid;
+        } catch(InvalidOperationException) {
+            return null;
+        }
+    }
+
+    public static string? TranslateSid(SecurityIdentifier sid) {
+        try {
+            return nameMap.First(x => x.sid == sid).name;
+        } catch(InvalidOperationException) {
+            return null;
+        }
+    }
 }
 
 public class SecurityIdentifier {
@@ -19,17 +46,6 @@ public class SecurityIdentifier {
     private static readonly Regex SddlRegex =
         new(@"^S(-[0-9]+){2,}$", RegexOptions.Compiled);
 
-    private static readonly Dictionary<WellKnownSidType, string> wellKnownSidTypes = new() {
-        { HyperBooru.WellKnownSidType.NullSid,         "S-1-0-0" },
-        { HyperBooru.WellKnownSidType.WorldSid,        "S-1-1-0" },
-        { HyperBooru.WellKnownSidType.LocalSid,        "S-1-2-0" },
-        { HyperBooru.WellKnownSidType.CreatorOwnerSid, "S-1-3-0" },
-        { HyperBooru.WellKnownSidType.CreatorGroupSid, "S-1-3-1" }
-    };
-
-    public SecurityIdentifier(WellKnownSidType wellKnownSidType)
-        : this(wellKnownSidTypes[wellKnownSidType]) {}
-
     public SecurityIdentifier(string sddlForm) {
         var match = SddlRegex.Match(sddlForm);
         if(!match.Success)
@@ -119,6 +135,35 @@ public struct SidStruct {
     public byte[]   IdentifierAuthority;
     [MarshalAs(UnmanagedType.ByValArray)]
     public uint[]   SubAuthorities;
+
+    public static bool operator ==(SidStruct? x, SidStruct? y) =>
+        x?.Equals(y) ?? false;
+
+    public static bool operator !=(SidStruct? x, SidStruct? y) =>
+        !(x == y);
+
+    public override bool Equals([NotNullWhen(true)] object? obj) {
+        if(obj is null || obj is not SidStruct)
+            return false;
+
+        var sid = (SidStruct) obj;
+
+        return
+            Revision == sid.Revision &&
+            SubAuthorityCount == sid.SubAuthorityCount &&
+            Enumerable.SequenceEqual(IdentifierAuthority, sid.IdentifierAuthority) &&
+            Enumerable.SequenceEqual(SubAuthorities, sid.SubAuthorities);
+    }
+
+    public override int GetHashCode() => (
+        Revision,
+        SubAuthorityCount,
+        IdentifierAuthority
+            .Select(v => (uint) v)
+            .Aggregate(0, (a, v) => HashCode.Combine(a, v)),
+        SubAuthorities
+            .Aggregate(0, (a, v) => HashCode.Combine(a, v)))
+        .GetHashCode();
 }
 
 public class SecurityIdentifierConverter : ValueConverter<SecurityIdentifier, byte[]> {
diff --git a/Services/PrincipalProvider.cs b/Services/PrincipalProvider.cs
index d37e8c0..4b2cf42 100644
--- a/Services/PrincipalProvider.cs
+++ b/Services/PrincipalProvider.cs
@@ -5,6 +5,16 @@ public interface IPrincipalProvider {
     public IUser? GetUser(string name);
     public IGroup? GetGroup(string name);
 
+    /// <summary>
+    /// Perform a search for any principals whose account name
+    /// matches the search term specified by <c>name</c>.
+    /// </summary>
+    /// <returns>
+    /// A list of matching principals or <c>null</c> if the
+    /// provider does not support search functionality.
+    /// </returns>
+    public IPrincipal[]? SearchPrincipals(string name);
+
     public IGroup[] GetGroups(IPrincipal principal);
     public IGroup[] GetGroups(IPrincipal principal, bool recurse);
 
@@ -19,6 +29,8 @@ public abstract class PrincipalProvider : IPrincipalProvider {
     public abstract IUser? GetUser(string name);
     public abstract IGroup? GetGroup(string name);
 
+    public abstract IPrincipal[]? SearchPrincipals(string name);
+
     public IGroup[] GetGroups(IPrincipal principal) =>
         GetGroups(principal.Sid, false);
     public IGroup[] GetGroups(IPrincipal principal, bool recurse) =>
@@ -28,4 +40,9 @@ public abstract class PrincipalProvider : IPrincipalProvider {
     public abstract IGroup[] GetGroups(SecurityIdentifier sid, bool recurse);
 
     public abstract bool ValidatePassword(IUser user, string password);
+
+    public void Test() {
+        var ret = SearchPrincipals("lol");
+        Console.WriteLine(ret);
+    }
 }
-- 
cgit v1.3