private void OnLinkAttempt(EntityUid uid, AccessReaderComponent component, LinkAttemptEvent args)
{
if (component.Enabled && !IsAllowed(args.User, component))
{
args.Cancel();
}
}
private void OnEmagged(EntityUid uid, AccessReaderComponent reader, GotEmaggedEvent args)
{
if (reader.Enabled == true)
{
reader.Enabled = false;
args.Handled = true;
}
}
public bool IsAllowed(AccessReaderComponent reader, ICollection <string> accessTags)
{
if (reader.DenyTags.Overlaps(accessTags))
{
// Sec owned by cargo.
return(false);
}
return(!reader.Enabled || reader.AccessLists.Count == 0 || reader.AccessLists.Any(a => a.IsSubsetOf(accessTags)));
}
private void OnInit(EntityUid uid, AccessReaderComponent reader, ComponentInit args)
{
var allTags = reader.AccessLists.SelectMany(c => c).Union(reader.DenyTags);
foreach (var level in allTags)
{
if (!_prototypeManager.HasIndex <AccessLevelPrototype>(level))
{
Logger.ErrorS("access", $"Invalid access level: {level}");
}
}
}
/// <summary>
/// Compares the given tags with the readers access list to see if it is allowed.
/// </summary>
/// <param name="accessTags">A list of access tags</param>
/// <param name="reader">An access reader to check against</param>
public bool IsAllowed(ICollection <string> accessTags, AccessReaderComponent reader)
{
if (!reader.Enabled)
{
// Access reader is totally disabled, so access is always allowed.
return(true);
}
if (reader.DenyTags.Overlaps(accessTags))
{
// Sec owned by cargo.
// Note that in resolving the issue with only one specific item "counting" for access, this became a bit more strict.
// As having an ID card in any slot that "counts" with a denied access group will cause denial of access.
// DenyTags doesn't seem to be used right now anyway, though, so it'll be dependent on whoever uses it to figure out if this matters.
return(false);
}
return(reader.AccessLists.Count == 0 || reader.AccessLists.Any(a => a.IsSubsetOf(accessTags)));
}
/// <summary>
/// Searches the given entity for access tags
/// then compares it with the readers access list to see if it is allowed.
/// </summary>
/// <param name="entity">The entity that wants access.</param>
/// <param name="reader">A reader from a different entity</param>
public bool IsAllowed(EntityUid entity, AccessReaderComponent reader)
{
var tags = FindAccessTags(entity);
return(IsAllowed(tags, reader));
}
public async Task TestTags()
{
var server = StartServer();
await server.WaitAssertion(() =>
{
var system = EntitySystem.Get <AccessReaderSystem>();
// test empty
var reader = new AccessReaderComponent();
Assert.That(system.IsAllowed(reader, new[] { "Foo" }), Is.True);
Assert.That(system.IsAllowed(reader, new[] { "Bar" }), Is.True);
Assert.That(system.IsAllowed(reader, new string[] { }), Is.True);
// test deny
reader = new AccessReaderComponent();
reader.DenyTags.Add("A");
Assert.That(system.IsAllowed(reader, new[] { "Foo" }), Is.True);
Assert.That(system.IsAllowed(reader, new[] { "A" }), Is.False);
Assert.That(system.IsAllowed(reader, new[] { "A", "Foo" }), Is.False);
Assert.That(system.IsAllowed(reader, new string[] { }), Is.True);
// test one list
reader = new AccessReaderComponent();
reader.AccessLists.Add(new HashSet <string> {
"A"
});
Assert.That(system.IsAllowed(reader, new[] { "A" }), Is.True);
Assert.That(system.IsAllowed(reader, new[] { "B" }), Is.False);
Assert.That(system.IsAllowed(reader, new[] { "A", "B" }), Is.True);
Assert.That(system.IsAllowed(reader, new string[] { }), Is.False);
// test one list - two items
reader = new AccessReaderComponent();
reader.AccessLists.Add(new HashSet <string> {
"A", "B"
});
Assert.That(system.IsAllowed(reader, new[] { "A" }), Is.False);
Assert.That(system.IsAllowed(reader, new[] { "B" }), Is.False);
Assert.That(system.IsAllowed(reader, new[] { "A", "B" }), Is.True);
Assert.That(system.IsAllowed(reader, new string[] { }), Is.False);
// test two list
reader = new AccessReaderComponent();
reader.AccessLists.Add(new HashSet <string> {
"A"
});
reader.AccessLists.Add(new HashSet <string> {
"B", "C"
});
Assert.That(system.IsAllowed(reader, new[] { "A" }), Is.True);
Assert.That(system.IsAllowed(reader, new[] { "B" }), Is.False);
Assert.That(system.IsAllowed(reader, new[] { "A", "B" }), Is.True);
Assert.That(system.IsAllowed(reader, new[] { "C", "B" }), Is.True);
Assert.That(system.IsAllowed(reader, new[] { "C", "B", "A" }), Is.True);
Assert.That(system.IsAllowed(reader, new string[] { }), Is.False);
// test deny list
reader = new AccessReaderComponent();
reader.AccessLists.Add(new HashSet <string> {
"A"
});
reader.DenyTags.Add("B");
Assert.That(system.IsAllowed(reader, new[] { "A" }), Is.True);
Assert.That(system.IsAllowed(reader, new[] { "B" }), Is.False);
Assert.That(system.IsAllowed(reader, new[] { "A", "B" }), Is.False);
Assert.That(system.IsAllowed(reader, new string[] { }), Is.False);
});
}
/// <summary>
/// Searches an <see cref="AccessComponent"/> in the entity itself, in its active hand or in its ID slot.
/// Then compares the found access with the configured access lists to see if it is allowed.
/// </summary>
/// <remarks>
/// If no access is found, an empty set is used instead.
/// </remarks>
/// <param name="entity">The entity to be searched for access.</param>
public bool IsAllowed(AccessReaderComponent reader, EntityUid entity)
{
var tags = FindAccessTags(entity);
return(IsAllowed(reader, tags));
}
public async Task TestTags()
{
await using var pairTracker = await PoolManager.GetServerClient(new PoolSettings { NoClient = true });
var server = pairTracker.Pair.Server;
await server.WaitAssertion(() =>
{
var system = EntitySystem.Get <AccessReaderSystem>();
// test empty
var reader = new AccessReaderComponent();
Assert.That(system.IsAllowed(new[] { "Foo" }, reader), Is.True);
Assert.That(system.IsAllowed(new[] { "Bar" }, reader), Is.True);
Assert.That(system.IsAllowed(new string[] { }, reader), Is.True);
// test deny
reader = new AccessReaderComponent();
reader.DenyTags.Add("A");
Assert.That(system.IsAllowed(new[] { "Foo" }, reader), Is.True);
Assert.That(system.IsAllowed(new[] { "A" }, reader), Is.False);
Assert.That(system.IsAllowed(new[] { "A", "Foo" }, reader), Is.False);
Assert.That(system.IsAllowed(new string[] { }, reader), Is.True);
// test one list
reader = new AccessReaderComponent();
reader.AccessLists.Add(new HashSet <string> {
"A"
});
Assert.That(system.IsAllowed(new[] { "A" }, reader), Is.True);
Assert.That(system.IsAllowed(new[] { "B" }, reader), Is.False);
Assert.That(system.IsAllowed(new[] { "A", "B" }, reader), Is.True);
Assert.That(system.IsAllowed(new string[] { }, reader), Is.False);
// test one list - two items
reader = new AccessReaderComponent();
reader.AccessLists.Add(new HashSet <string> {
"A", "B"
});
Assert.That(system.IsAllowed(new[] { "A" }, reader), Is.False);
Assert.That(system.IsAllowed(new[] { "B" }, reader), Is.False);
Assert.That(system.IsAllowed(new[] { "A", "B" }, reader), Is.True);
Assert.That(system.IsAllowed(new string[] { }, reader), Is.False);
// test two list
reader = new AccessReaderComponent();
reader.AccessLists.Add(new HashSet <string> {
"A"
});
reader.AccessLists.Add(new HashSet <string> {
"B", "C"
});
Assert.That(system.IsAllowed(new[] { "A" }, reader), Is.True);
Assert.That(system.IsAllowed(new[] { "B" }, reader), Is.False);
Assert.That(system.IsAllowed(new[] { "A", "B" }, reader), Is.True);
Assert.That(system.IsAllowed(new[] { "C", "B" }, reader), Is.True);
Assert.That(system.IsAllowed(new[] { "C", "B", "A" }, reader), Is.True);
Assert.That(system.IsAllowed(new string[] { }, reader), Is.False);
// test deny list
reader = new AccessReaderComponent();
reader.AccessLists.Add(new HashSet <string> {
"A"
});
reader.DenyTags.Add("B");
Assert.That(system.IsAllowed(new[] { "A" }, reader), Is.True);
Assert.That(system.IsAllowed(new[] { "B" }, reader), Is.False);
Assert.That(system.IsAllowed(new[] { "A", "B" }, reader), Is.False);
Assert.That(system.IsAllowed(new string[] { }, reader), Is.False);
});
await pairTracker.CleanReturnAsync();
}
