feat: DiscordRoleFilter

CHANGELOG.md

@@ -1,5 +1,7 @@
 # Changelog
 
+- Added DiscordRoleFilter feature and settings
+
 ## 5.0.0
 - Replace the API Throttler by a Guzzle Middleware which is more efficient
 - Make driver compatible with connector 2.0.x

README.md

@@ -96,6 +96,26 @@ Simply confirm using the `Authorize` button which will redirect you to the SeAT
 
 You'll be invited automatically to the Discord Server and attached channels.
 
+## Settings
+
+The SeAT global_settings table has a key 'seat-discord-connector' used by this module.  This contains serialized settings use by this module.
+
+| Field            | Description                                                                                                       | Default Value                          |
+|------------------|-------------------------------------------------------------------------------------------------------------------|----------------------------------------|
+| can_add_roles    | List of discord role names or role ids seperated by colon, that this connector is allowed to add.                 |                                        |
+|                  | The special role name of "@@everyrole" acts as wildcard, while blank "" means none.                               |                                        |
+|                  | A role needs to be visible through visibleRoles to be affected by this setting.                                   | @@everyrole:RoleName Example2 RemoveMe |
+| can_remove_roles | List of discord role names or role ids seperated by colon, that this connector is allowed to remove.              |                                        |
+|                  | The special role name of "@@everyrole" acts as wildcard, while blank "" means none.                               |                                        |
+|                  | A role needs to be visible through visibleRoles to be affected by this setting.                                   | @@everyrole:RoleName Example2 RemoveMe |
+| visible_roles    | List of discord role names or role ids seperated by colon, that this connector has visibiliy of from              |                                        |
+|                  | the discord server. The special role name of "@@everyrole" acts as wildcard, while blank "" means none.           |                                        |
+|                  | For most usage of this feature configuring visibleRoles to a non-default value will prevent all changes to roles. | @@everyrole:RoleName Example2 RemoveMe |
+
+By default this connector expects to fully manage all roles at the Discord server.
+Through careful manipulation of these values you can define the scope of roles that can be manipulated by this connector.
+The use of "RoleName Example2 RemoveMe" in the default setting has been chosen to allow the administrators best guess at understanding how the field should be configured for multiple roles from looking at the setting without reading this documentation.
+
 ## Upgrade
 
 If you're coming from a version prior to 4.x, you may want to convert your data into the new connector structure.

src/Config/seat-connector.config.php

@@ -44,5 +44,20 @@
             'label' => 'seat-connector-discord::seat.use_email_scope',
             'type'  => 'checkbox',
         ],
+        [
+            'name'  => 'visible_roles',
+            'label' => 'seat-connector-discord::seat.visible_roles',
+            'type'  => 'text',
+        ],
+        [
+            'name'  => 'can_add_roles',
+            'label' => 'seat-connector-discord::seat.can_add_roles',
+            'type'  => 'text',
+        ],
+        [
+            'name'  => 'can_remove_roles',
+            'label' => 'seat-connector-discord::seat.can_remove_roles',
+            'type'  => 'text',
+        ],
     ],
 ];

src/Driver/DiscordClient.php

@@ -78,6 +78,21 @@ class DiscordClient implements IClient
      */
     private $owner_id;
 
+    /**
+     * @var  Warlof\Seat\Connector\Drivers\Discord\Driver\DiscordRoleFilter
+     */
+    private $visible_roles;
+
+    /**
+     * @var  Warlof\Seat\Connector\Drivers\Discord\Driver\DiscordRoleFilter
+     */
+    private $can_add_roles;
+
+    /**
+     * @var  Warlof\Seat\Connector\Drivers\Discord\Driver\DiscordRoleFilter
+     */
+    private $can_remove_roles;
+
     /**
      * DiscordClient constructor.
      *
@@ -88,6 +103,9 @@ private function __construct(array $parameters)
         $this->guild_id  = $parameters['guild_id'];
         $this->bot_token = $parameters['bot_token'];
         $this->owner_id  = $parameters['owner_id'];
+        $this->visible_roles = new DiscordRoleFilter($parameters['visible_roles']);
+        $this->can_add_roles = new DiscordRoleFilter($parameters['can_add_roles']);
+        $this->can_remove_roles = new DiscordRoleFilter($parameters['can_remove_roles']);
 
         $this->members = collect();
         $this->roles   = collect();
@@ -120,9 +138,12 @@ public static function getInstance(): IClient
                 throw new DriverSettingsException('Parameter bot_token is missing.');
 
             self::$instance = new DiscordClient([
-                'guild_id'  => $settings->guild_id,
-                'bot_token' => $settings->bot_token,
-                'owner_id'  => property_exists($settings, 'owner_id') ? $settings->owner_id : null,
+                'guild_id'         => $settings->guild_id,
+                'bot_token'        => $settings->bot_token,
+                'owner_id'         => property_exists($settings, 'owner_id') ? $settings->owner_id : null,
+                'visible_roles'    => property_exists($settings, 'visible_roles') ? $settings->visible_roles : DiscordRoleFilter::DEFAULT_VISIBLE_ROLES,
+                'can_add_roles'    => property_exists($settings, 'can_add_roles') ? $settings->can_add_roles : DiscordRoleFilter::DEFAULT_CAN_ADD_ROLES,
+                'can_remove_roles' => property_exists($settings, 'can_remove_roles') ? $settings->can_remove_roles : DiscordRoleFilter::DEFAULT_CAN_REMOVE_ROLES,
             ]);
         }
 
@@ -354,8 +375,38 @@ private function seedRoles()
             // ignore managed roles (ie: booster)
             if ($role_attributes['managed']) continue;
 
+            if (! $this->checkVisibleRoles($role_attributes['name'], $role_attributes['id'])) continue;
+
             $role = new DiscordRole($role_attributes);
             $this->roles->put($role->getId(), $role);
         }
     }
+
+    /**
+     * @params any $args
+     * @return bool
+     */
+    public function checkVisibleRoles(...$args) : bool
+    {
+        return $this->visible_roles->check(...$args);
+    }
+
+    /**
+     * @params any $args
+     * @return bool
+     */
+    public function checkCanAddRoles(...$args) : bool
+    {
+        return $this->can_add_roles->check(...$args);
+    }
+
+    /**
+     * @params any $args
+     * @return bool
+     */
+    public function checkCanRemoveRoles(...$args) : bool
+    {
+        return $this->can_remove_roles->check(...$args);
+    }
+
 }

src/Driver/DiscordMember.php

@@ -145,6 +145,8 @@ public function getSets(): array
 
                 if (is_null($set)) continue;
 
+                if (! DiscordClient::getInstance()->checkVisibleRoles($set->getName(), $set->getId())) continue;
+
                 $this->roles->put($role_id, $set);
             }
         }
@@ -179,6 +181,9 @@ public function addSet(ISet $group)
             if (in_array($group->getId(), $this->role_ids) || $this->isOwner())
                 return;
 
+            if (! DiscordClient::getInstance()->checkCanAddRoles($group->getName(), $group->getId()))
+                return;
+
             DiscordClient::getInstance()->sendCall('PUT', '/guilds/{guild.id}/members/{user.id}/roles/{role.id}', [
                 'guild.id' => DiscordClient::getInstance()->getGuildId(),
                 'role.id' => $group->getId(),
@@ -205,6 +210,9 @@ public function removeSet(ISet $group)
             if (! in_array($group->getId(), $this->role_ids) || $this->isOwner())
                 return;
 
+            if (! DiscordClient::getInstance()->checkCanRemoveRoles($group->getName(), $group->getId()))
+                return;
+
             DiscordClient::getInstance()->sendCall('DELETE', '/guilds/{guild.id}/members/{user.id}/roles/{role.id}', [
                 'guild.id' => DiscordClient::getInstance()->getGuildId(),
                 'role.id'  => $group->getId(),

src/Driver/DiscordRole.php

@@ -101,6 +101,9 @@ public function addMember(IUser $user)
         if (in_array($user, $this->getMembers()))
             return;
 
+        if (! DiscordClient::getInstance()->checkCanAddRoles($this->name, $this->id))
+            return;
+
         try {
             DiscordClient::getInstance()->sendCall('PUT', '/guilds/{guild.id}/members/{user.id}/roles/{role.id}', [
                 'guild.id' => DiscordClient::getInstance()->getGuildId(),
@@ -126,6 +129,9 @@ public function removeMember(IUser $user)
         if (! in_array($user, $this->getMembers()))
             return;
 
+        if (! DiscordClient::getInstance()->checkCanRemoveRoles($this->name, $this->id))
+            return;
+
         try {
             DiscordClient::getInstance()->sendCall('DELETE', '/guilds/{guild.id}/members/{user.id}/roles/{role.id}', [
                 'guild.id' => DiscordClient::getInstance()->getGuildId(),

src/Driver/DiscordRoleFilter.php

@@ -0,0 +1,156 @@
+<?php
+
+/**
+ * This file is part of SeAT Discord Connector.
+ *
+ * Copyright (C) 2021  Troyburn <[email protected]>
+ *
+ * SeAT Discord Connector is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * any later version.
+ *
+ * SeAT Discord Connector is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+
+namespace Warlof\Seat\Connector\Drivers\Discord\Driver;
+
+class DiscordRoleFilter
+{
+    /**
+     *
+     * @var array of string
+     */
+    private $filter_specs;
+
+    /**
+     *
+     * @var bool
+     */
+    private $everyrole;
+
+    /**
+     *
+     * @var string EVERYROLE_ENTRY
+     */
+    public const EVERYROLE_ENTRY = '@@everyrole';
+
+    /**
+     * Arbitrary string "RoleName Example2 RemoveMe" exist to self document a valid setting in database.
+     *
+     * @var string DEFAULT_CAN_REMOVE_ROLES
+     */
+    public const DEFAULT_CAN_REMOVE_ROLES = '@@everyrole:RoleName Example2 RemoveMe';
+
+    /**
+     * Arbitrary string "RoleName Example2 RemoveMe" exist to self document a valid setting in database.
+     *
+     * @var string DEFAULT_CAN_ADD_ROLES
+     */
+    public const DEFAULT_CAN_ADD_ROLES    = '@@everyrole:RoleName Example2 RemoveMe';
+
+    /**
+     * Arbitrary string "RoleName Example2 RemoveMe" exist to self document a valid setting in database.
+     *
+     * @var string DEFAULT_VISIBLE_ROLES
+     */
+    public const DEFAULT_VISIBLE_ROLES    = '@@everyrole:RoleName Example2 RemoveMe';
+
+    /**
+     * DiscordRoleFilter constructor.
+     *
+     * @param string $spec
+     * @param string $explodeOn
+     */
+    public function __construct(string $spec = '', string $explodeOn = ':')
+    {
+        $this->filter_specs = explode($explodeOn, $spec);
+        while (($key = array_search('', $this->filter_specs)) !== FALSE) {
+            unset($this->filter_specs[$key]);   /* remove empty string items */
+        }
+        $this->everyrole = in_array(self::EVERYROLE_ENTRY, $this->filter_specs);
+    }
+
+    /**
+     * Check a single role against the filter spec.
+     *
+     * @param string|null $s
+     * @return mixed
+     */
+    public function checkOne(string $s = null, $defaultValue = false)
+    {
+        if (empty($s)) {
+            return $defaultValue;
+        }
+
+        if ($this->everyrole === true) {
+            return true;
+        }
+
+        /* theoretically it should be possible to modify this matching
+         *  element to return true, false or $defaultValue (with an implied
+         *  non-bool type) to implement ordered precedence rules and
+         *  question mark prefixed inversion of a spec written like:
+         * "Role.*:!RoleABC:RoleXYZ"
+         */
+        return in_array($s, $this->filter_specs) ? true : $defaultValue;
+    }
+
+    /**
+     * Check all the roles in an array of role against the filter spec.
+     *
+     * @param array $ary
+     * @param mixed $defaultValue  Expected to be bool or null.
+     * @return mixed or type of $defaultValue
+     */
+    public function checkAll(array $ary = null, $defaultValue = false)
+    {
+        if (is_null($ary) || empty($ary)) {
+            return $defaultValue;
+        }
+
+        if ($this->everyrole === true) {	// superflous?
+            return true;
+        }
+
+        foreach ($ary as $item) {
+            $res = $this->checkOne($item, null);
+            if (! is_null($res)) {
+                return $res;
+            }
+        }
+
+        return $defaultValue;
+    }
+
+    /**
+     * Check the arguments given as role against the filter spec.
+     * Returns true|false accordingly.
+     * @param $args
+     * @return bool
+     */
+    public function check(...$args) : bool
+    {
+        // $args = func_get_args();
+        foreach ($args as $val) {
+            if(is_array($val))
+                $res = $this->checkAll($val, null);
+            else
+                $res = $this->checkOne($val, null);
+            if (! is_null($res)) {
+                return $res;
+            }
+        }
+        return false;
+    }
+
+}
+
+?>

src/Http/Controllers/SettingsController.php

@@ -55,17 +55,23 @@ class SettingsController extends Controller
     public function store(Request $request)
     {
         $request->validate([
-            'client_id'       => 'required|string',
-            'client_secret'   => 'required|string',
-            'bot_token'       => 'required|string',
-            'use_email_scope' => 'boolean',
+            'client_id'        => 'required|string',
+            'client_secret'    => 'required|string',
+            'bot_token'        => 'required|string',
+            'use_email_scope'  => 'boolean',
+            'visible_roles'    => 'string',
+            'can_add_roles'    => 'string',
+            'can_remove_roles' => 'string',
         ]);
 
         $settings = (object) [
-            'client_id'       => $request->input('client_id'),
-            'client_secret'   => $request->input('client_secret'),
-            'bot_token'       => $request->input('bot_token'),
-            'use_email_scope' => $request->input('use_email_scope', 0),
+            'client_id'        => $request->input('client_id'),
+            'client_secret'    => $request->input('client_secret'),
+            'bot_token'        => $request->input('bot_token'),
+            'use_email_scope'  => $request->input('use_email_scope', 0),
+            'visible_roles'    => $request->input('visible_roles'),
+            'can_add_roles'    => $request->input('can_add_roles'),
+            'can_remove_roles' => $request->input('can_remove_roles'),
         ];
 
         setting(['seat-connector.drivers.discord', $settings], true);

src/lang/en/seat.php

@@ -1,8 +1,11 @@
 <?php
 
 return [
-    'client_id'       => 'Client ID',
-    'client_secret'   => 'Client Secret',
-    'bot_token'       => 'Bot Token',
-    'use_email_scope' => 'Use email as Unique ID? Email scope will be requested from users.',
+    'client_id'        => 'Client ID',
+    'client_secret'    => 'Client Secret',
+    'bot_token'        => 'Bot Token',
+    'use_email_scope'  => 'Use email as Unique ID? Email scope will be requested from users.',
+    'visible_roles'    => 'Manage visibleRoles for Discord Role filter',
+    'can_add_roles'    => 'Manage canAddRoles for Discord Role filter',
+    'can_remove_roles' => 'Manage canRemoveRoles for Discord Role filter',
 ];