From b118570499756be0fbcebe8f5f45a62f142703d4 Mon Sep 17 00:00:00 2001
From: Max Bischof <maximilian.bischof@dataport.de>
Date: Wed, 24 Jul 2024 15:27:27 +0200
Subject: [PATCH] Add permission system

---
 .../service/contentStorage.service.ts         | 14 +++++--
 .../modules/h5p-editor/types/lumi-types.ts    |  9 -----
 .../src/modules/h5p-editor/uc/h5p.uc.ts       |  3 --
 .../permission-system.ts                      | 40 +++++++++++++++++++
 .../service/h5p-library-management.service.ts | 24 ++++++-----
 5 files changed, 64 insertions(+), 26 deletions(-)
 create mode 100644 apps/server/src/modules/h5p-library-management/permission-system.ts

diff --git a/apps/server/src/modules/h5p-editor/service/contentStorage.service.ts b/apps/server/src/modules/h5p-editor/service/contentStorage.service.ts
index caad97b0145..ddb220acd20 100644
--- a/apps/server/src/modules/h5p-editor/service/contentStorage.service.ts
+++ b/apps/server/src/modules/h5p-editor/service/contentStorage.service.ts
@@ -1,12 +1,13 @@
+import { S3ClientAdapter } from '@infra/s3-client';
 import {
 	ContentId,
+	ContentPermission,
 	IContentMetadata,
 	IContentStorage,
 	IFileStats,
 	ILibraryName,
 	IUser as ILumiUser,
 	LibraryName,
-	Permission,
 } from '@lumieducation/h5p-server';
 import {
 	HttpException,
@@ -17,7 +18,6 @@ import {
 	NotFoundException,
 	UnprocessableEntityException,
 } from '@nestjs/common';
-import { S3ClientAdapter } from '@infra/s3-client';
 import { ErrorUtils } from '@src/core/error/utils';
 import { Readable } from 'stream';
 import { H5pFileDto } from '../controller/dto/h5p-file.dto';
@@ -184,8 +184,14 @@ export class ContentStorage implements IContentStorage {
 		return result;
 	}
 
-	public getUserPermissions(): Promise<Permission[]> {
-		const permissions = [Permission.Delete, Permission.Download, Permission.Edit, Permission.Embed, Permission.View];
+	public getUserPermissions(): Promise<ContentPermission[]> {
+		const permissions = [
+			ContentPermission.Delete,
+			ContentPermission.Download,
+			ContentPermission.Edit,
+			ContentPermission.Embed,
+			ContentPermission.View,
+		];
 
 		return Promise.resolve(permissions);
 	}
diff --git a/apps/server/src/modules/h5p-editor/types/lumi-types.ts b/apps/server/src/modules/h5p-editor/types/lumi-types.ts
index 2d9ec1db8a2..dcf7d1495f8 100644
--- a/apps/server/src/modules/h5p-editor/types/lumi-types.ts
+++ b/apps/server/src/modules/h5p-editor/types/lumi-types.ts
@@ -15,12 +15,6 @@ export class LumiUserWithContentData implements IUser {
 
 	schoolId: EntityId;
 
-	canCreateRestricted: boolean;
-
-	canInstallRecommended: boolean;
-
-	canUpdateAndInstallLibraries: boolean;
-
 	email: string;
 
 	id: EntityId;
@@ -34,9 +28,6 @@ export class LumiUserWithContentData implements IUser {
 		this.contentParentId = parentParams.parentId;
 		this.schoolId = parentParams.schoolId;
 
-		this.canCreateRestricted = user.canCreateRestricted;
-		this.canInstallRecommended = user.canInstallRecommended;
-		this.canUpdateAndInstallLibraries = user.canUpdateAndInstallLibraries;
 		this.email = user.email;
 		this.id = user.id;
 		this.name = user.name;
diff --git a/apps/server/src/modules/h5p-editor/uc/h5p.uc.ts b/apps/server/src/modules/h5p-editor/uc/h5p.uc.ts
index deca6dd0a7d..a6794b544a4 100644
--- a/apps/server/src/modules/h5p-editor/uc/h5p.uc.ts
+++ b/apps/server/src/modules/h5p-editor/uc/h5p.uc.ts
@@ -356,9 +356,6 @@ export class H5PEditorUc {
 
 	private changeUserType(currentUser: ICurrentUser): LumiIUser {
 		const user: LumiIUser = {
-			canCreateRestricted: false,
-			canInstallRecommended: false,
-			canUpdateAndInstallLibraries: false,
 			email: '',
 			id: currentUser.userId,
 			name: '',
diff --git a/apps/server/src/modules/h5p-library-management/permission-system.ts b/apps/server/src/modules/h5p-library-management/permission-system.ts
new file mode 100644
index 00000000000..b7bf71f5b7e
--- /dev/null
+++ b/apps/server/src/modules/h5p-library-management/permission-system.ts
@@ -0,0 +1,40 @@
+/* eslint-disable @typescript-eslint/no-unused-vars */
+import {
+	ContentPermission,
+	GeneralPermission,
+	IPermissionSystem,
+	IUser,
+	TemporaryFilePermission,
+	UserDataPermission,
+} from '@lumieducation/h5p-server';
+
+export default class PermissionSystem implements IPermissionSystem<IUser> {
+	checkForUserData(
+		actingUser: IUser,
+		permission: UserDataPermission,
+		contentId: string,
+		affectedUserId?: string
+	): Promise<boolean> {
+		return Promise.resolve(true);
+	}
+
+	async checkForContent(
+		actingUser: IUser | undefined,
+		permission: ContentPermission,
+		contentId?: string
+	): Promise<boolean> {
+		return Promise.resolve(true);
+	}
+
+	async checkForTemporaryFile(
+		user: IUser | undefined,
+		permission: TemporaryFilePermission,
+		filename?: string
+	): Promise<boolean> {
+		return Promise.resolve(true);
+	}
+
+	async checkForGeneralAction(actingUser: IUser | undefined, permission: GeneralPermission): Promise<boolean> {
+		return Promise.resolve(true);
+	}
+}
diff --git a/apps/server/src/modules/h5p-library-management/service/h5p-library-management.service.ts b/apps/server/src/modules/h5p-library-management/service/h5p-library-management.service.ts
index a6ab56ae29a..5cc9593b04a 100644
--- a/apps/server/src/modules/h5p-library-management/service/h5p-library-management.service.ts
+++ b/apps/server/src/modules/h5p-library-management/service/h5p-library-management.service.ts
@@ -1,20 +1,21 @@
 import {
-	H5PConfig,
 	cacheImplementations,
-	LibraryManager,
 	ContentTypeCache,
+	H5PConfig,
+	ILibraryAdministrationOverviewItem,
 	IUser,
 	LibraryAdministration,
-	ILibraryAdministrationOverviewItem,
+	LibraryManager,
 } from '@lumieducation/h5p-server';
 import ContentManager from '@lumieducation/h5p-server/build/src/ContentManager';
 import ContentTypeInformationRepository from '@lumieducation/h5p-server/build/src/ContentTypeInformationRepository';
+import { IHubContentType } from '@lumieducation/h5p-server/build/src/types';
 import { Injectable, InternalServerErrorException, NotFoundException } from '@nestjs/common';
+import { ConfigService } from '@nestjs/config';
 import { ContentStorage, LibraryStorage } from '@src/modules/h5p-editor';
 import { readFileSync } from 'fs';
 import { parse } from 'yaml';
-import { ConfigService } from '@nestjs/config';
-import { IHubContentType } from '@lumieducation/h5p-server/build/src/types';
+import PermissionSystem from '../permission-system';
 import { IH5PLibraryManagementConfig } from './h5p-library-management.config';
 
 const h5pConfig = new H5PConfig(undefined, {
@@ -75,8 +76,14 @@ export class H5PLibraryManagementService {
 			undefined,
 			h5pConfig
 		);
-		this.contentTypeRepo = new ContentTypeInformationRepository(this.contentTypeCache, this.libraryManager, h5pConfig);
-		const contentManager = new ContentManager(this.contentStorage);
+		const permissionSystem = new PermissionSystem();
+		this.contentTypeRepo = new ContentTypeInformationRepository(
+			this.contentTypeCache,
+			this.libraryManager,
+			h5pConfig,
+			permissionSystem
+		);
+		const contentManager = new ContentManager(this.contentStorage, permissionSystem);
 		this.libraryAdministration = new LibraryAdministration(this.libraryManager, contentManager);
 		const filePath = this.configService.get<string>('H5P_EDITOR__LIBRARY_LIST_PATH');
 
@@ -115,9 +122,6 @@ export class H5PLibraryManagementService {
 
 	private createDefaultIUser(): IUser {
 		const user: IUser = {
-			canCreateRestricted: true,
-			canInstallRecommended: true,
-			canUpdateAndInstallLibraries: true,
 			email: 'a@b.de',
 			id: 'a',
 			name: 'a',