diff --git a/Content.IntegrationTests/Tests/Access/AccessReaderTest.cs b/Content.IntegrationTests/Tests/Access/AccessReaderTest.cs index e1275fa8ad..e14a034fb7 100644 --- a/Content.IntegrationTests/Tests/Access/AccessReaderTest.cs +++ b/Content.IntegrationTests/Tests/Access/AccessReaderTest.cs @@ -21,53 +21,53 @@ namespace Content.IntegrationTests.Tests.Access // test empty var reader = new AccessReaderComponent(); - Assert.That(system.IsAllowed(reader, new[] { "Foo" }), Is.True); - Assert.That(system.IsAllowed(reader, new[] { "Bar" }), Is.True); - Assert.That(system.IsAllowed(reader, new string[] { }), Is.True); + Assert.That(system.IsAllowed(new[] { "Foo" }, reader), Is.True); + Assert.That(system.IsAllowed(new[] { "Bar" }, reader), Is.True); + Assert.That(system.IsAllowed(new string[] { }, reader), Is.True); // test deny reader = new AccessReaderComponent(); reader.DenyTags.Add("A"); - Assert.That(system.IsAllowed(reader, new[] { "Foo" }), Is.True); - Assert.That(system.IsAllowed(reader, new[] { "A" }), Is.False); - Assert.That(system.IsAllowed(reader, new[] { "A", "Foo" }), Is.False); - Assert.That(system.IsAllowed(reader, new string[] { }), Is.True); + Assert.That(system.IsAllowed(new[] { "Foo" }, reader), Is.True); + Assert.That(system.IsAllowed(new[] { "A" }, reader), Is.False); + Assert.That(system.IsAllowed(new[] { "A", "Foo" }, reader), Is.False); + Assert.That(system.IsAllowed(new string[] { }, reader), Is.True); // test one list reader = new AccessReaderComponent(); reader.AccessLists.Add(new HashSet { "A" }); - Assert.That(system.IsAllowed(reader, new[] { "A" }), Is.True); - Assert.That(system.IsAllowed(reader, new[] { "B" }), Is.False); - Assert.That(system.IsAllowed(reader, new[] { "A", "B" }), Is.True); - Assert.That(system.IsAllowed(reader, new string[] { }), Is.False); + Assert.That(system.IsAllowed(new[] { "A" }, reader), Is.True); + Assert.That(system.IsAllowed(new[] { "B" }, reader), Is.False); + Assert.That(system.IsAllowed(new[] { "A", "B" }, reader), Is.True); + Assert.That(system.IsAllowed(new string[] { }, reader), Is.False); // test one list - two items reader = new AccessReaderComponent(); reader.AccessLists.Add(new HashSet { "A", "B" }); - Assert.That(system.IsAllowed(reader, new[] { "A" }), Is.False); - Assert.That(system.IsAllowed(reader, new[] { "B" }), Is.False); - Assert.That(system.IsAllowed(reader, new[] { "A", "B" }), Is.True); - Assert.That(system.IsAllowed(reader, new string[] { }), Is.False); + Assert.That(system.IsAllowed(new[] { "A" }, reader), Is.False); + Assert.That(system.IsAllowed(new[] { "B" }, reader), Is.False); + Assert.That(system.IsAllowed(new[] { "A", "B" }, reader), Is.True); + Assert.That(system.IsAllowed(new string[] { }, reader), Is.False); // test two list reader = new AccessReaderComponent(); reader.AccessLists.Add(new HashSet { "A" }); reader.AccessLists.Add(new HashSet { "B", "C" }); - Assert.That(system.IsAllowed(reader, new[] { "A" }), Is.True); - Assert.That(system.IsAllowed(reader, new[] { "B" }), Is.False); - Assert.That(system.IsAllowed(reader, new[] { "A", "B" }), Is.True); - Assert.That(system.IsAllowed(reader, new[] { "C", "B" }), Is.True); - Assert.That(system.IsAllowed(reader, new[] { "C", "B", "A" }), Is.True); - Assert.That(system.IsAllowed(reader, new string[] { }), Is.False); + Assert.That(system.IsAllowed(new[] { "A" }, reader), Is.True); + Assert.That(system.IsAllowed(new[] { "B" }, reader), Is.False); + Assert.That(system.IsAllowed(new[] { "A", "B" }, reader), Is.True); + Assert.That(system.IsAllowed(new[] { "C", "B" }, reader), Is.True); + Assert.That(system.IsAllowed(new[] { "C", "B", "A" }, reader), Is.True); + Assert.That(system.IsAllowed(new string[] { }, reader), Is.False); // test deny list reader = new AccessReaderComponent(); reader.AccessLists.Add(new HashSet { "A" }); reader.DenyTags.Add("B"); - Assert.That(system.IsAllowed(reader, new[] { "A" }), Is.True); - Assert.That(system.IsAllowed(reader, new[] { "B" }), Is.False); - Assert.That(system.IsAllowed(reader, new[] { "A", "B" }), Is.False); - Assert.That(system.IsAllowed(reader, new string[] { }), Is.False); + Assert.That(system.IsAllowed(new[] { "A" }, reader), Is.True); + Assert.That(system.IsAllowed(new[] { "B" }, reader), Is.False); + Assert.That(system.IsAllowed(new[] { "A", "B" }, reader), Is.False); + Assert.That(system.IsAllowed(new string[] { }, reader), Is.False); }); } diff --git a/Content.Server/AI/Pathfinding/PathfindingHelpers.cs b/Content.Server/AI/Pathfinding/PathfindingHelpers.cs index 3aeb483ecb..74ee0416d1 100644 --- a/Content.Server/AI/Pathfinding/PathfindingHelpers.cs +++ b/Content.Server/AI/Pathfinding/PathfindingHelpers.cs @@ -116,7 +116,7 @@ namespace Content.Server.AI.Pathfinding var accessSystem = EntitySystem.Get(); foreach (var reader in node.AccessReaders) { - if (!accessSystem.IsAllowed(reader, access)) + if (!accessSystem.IsAllowed(access, reader)) { return false; } diff --git a/Content.Server/AI/Pathfinding/PathfindingSystem.Grid.cs b/Content.Server/AI/Pathfinding/PathfindingSystem.Grid.cs index 037ac965ed..24a8bcdfea 100644 --- a/Content.Server/AI/Pathfinding/PathfindingSystem.Grid.cs +++ b/Content.Server/AI/Pathfinding/PathfindingSystem.Grid.cs @@ -232,7 +232,7 @@ public sealed partial class PathfindingSystem var access = _accessReader.FindAccessTags(entity); foreach (var reader in node.AccessReaders) { - if (!_accessReader.IsAllowed(reader, access)) + if (!_accessReader.IsAllowed(access, reader)) { return false; } diff --git a/Content.Server/Access/Components/IdCardConsoleComponent.cs b/Content.Server/Access/Components/IdCardConsoleComponent.cs index 3ee409ac92..ca888a8f12 100644 --- a/Content.Server/Access/Components/IdCardConsoleComponent.cs +++ b/Content.Server/Access/Components/IdCardConsoleComponent.cs @@ -56,7 +56,7 @@ namespace Content.Server.Access.Components var privilegedIdEntity = PrivilegedIdSlot.Item; var accessSystem = EntitySystem.Get(); - return privilegedIdEntity != null && accessSystem.IsAllowed(reader, privilegedIdEntity.Value); + return privilegedIdEntity != null && accessSystem.IsAllowed(privilegedIdEntity.Value, reader); } /// diff --git a/Content.Server/Atmos/Monitor/Systems/AirAlarmSystem.cs b/Content.Server/Atmos/Monitor/Systems/AirAlarmSystem.cs index b41b6a4245..483f62abc0 100644 --- a/Content.Server/Atmos/Monitor/Systems/AirAlarmSystem.cs +++ b/Content.Server/Atmos/Monitor/Systems/AirAlarmSystem.cs @@ -258,7 +258,7 @@ namespace Content.Server.Atmos.Monitor.Systems if (!EntityManager.TryGetComponent(uid, out AccessReaderComponent reader) || user == null) return false; - if (!_accessSystem.IsAllowed(reader, user.Value)) + if (!_accessSystem.IsAllowed(user.Value, reader)) { _popup.PopupEntity(Loc.GetString("air-alarm-ui-access-denied"), user.Value, Filter.Entities(user.Value)); return false; diff --git a/Content.Server/Cargo/CargoSystem.Console.cs b/Content.Server/Cargo/CargoSystem.Console.cs index 1008dcaa6b..11188c5173 100644 --- a/Content.Server/Cargo/CargoSystem.Console.cs +++ b/Content.Server/Cargo/CargoSystem.Console.cs @@ -190,7 +190,7 @@ namespace Content.Server.Cargo public bool ApproveOrder(EntityUid uid, EntityUid approver, int id, int orderNumber, AccessReaderComponent? reader = null) { // does the approver have permission to approve orders? - if (Resolve(uid, ref reader) && !_accessReaderSystem.IsAllowed(reader, approver)) + if (Resolve(uid, ref reader) && !_accessReaderSystem.IsAllowed(approver, reader)) return false; // get the approver's name diff --git a/Content.Server/Doors/Systems/DoorSystem.cs b/Content.Server/Doors/Systems/DoorSystem.cs index 9c47776006..81988efacf 100644 --- a/Content.Server/Doors/Systems/DoorSystem.cs +++ b/Content.Server/Doors/Systems/DoorSystem.cs @@ -217,9 +217,9 @@ public sealed class DoorSystem : SharedDoorSystem return AccessType switch { // Some game modes modify access rules. - AccessTypes.AllowAllIdExternal => !isExternal || _accessReaderSystem.IsAllowed(access, user.Value), + AccessTypes.AllowAllIdExternal => !isExternal || _accessReaderSystem.IsAllowed(user.Value, access), AccessTypes.AllowAllNoExternal => !isExternal, - _ => _accessReaderSystem.IsAllowed(access, user.Value) + _ => _accessReaderSystem.IsAllowed(user.Value, access) }; } diff --git a/Content.Server/Lock/LockSystem.cs b/Content.Server/Lock/LockSystem.cs index ac1b97876f..c004879556 100644 --- a/Content.Server/Lock/LockSystem.cs +++ b/Content.Server/Lock/LockSystem.cs @@ -156,7 +156,7 @@ namespace Content.Server.Lock if (!Resolve(uid, ref reader)) return true; - if (!_accessReader.IsAllowed(reader, user)) + if (!_accessReader.IsAllowed(user, reader)) { if (!quiet) reader.Owner.PopupMessage(user, Loc.GetString("lock-comp-has-user-access-fail")); diff --git a/Content.Server/Power/EntitySystems/ApcSystem.cs b/Content.Server/Power/EntitySystems/ApcSystem.cs index e4c805d61f..563a4719f6 100644 --- a/Content.Server/Power/EntitySystems/ApcSystem.cs +++ b/Content.Server/Power/EntitySystems/ApcSystem.cs @@ -48,7 +48,7 @@ namespace Content.Server.Power.EntitySystems if (args.Session.AttachedEntity == null) return; - if (access == null || _accessReader.IsAllowed(access, args.Session.AttachedEntity.Value)) + if (access == null || _accessReader.IsAllowed(args.Session.AttachedEntity.Value, access)) { ApcToggleBreaker(uid, component); } diff --git a/Content.Server/VendingMachines/VendingMachineSystem.cs b/Content.Server/VendingMachines/VendingMachineSystem.cs index e974c0eb50..4ac0a432ed 100644 --- a/Content.Server/VendingMachines/VendingMachineSystem.cs +++ b/Content.Server/VendingMachines/VendingMachineSystem.cs @@ -175,7 +175,7 @@ namespace Content.Server.VendingMachines if (TryComp(vendComponent.Owner, out var accessReader)) { - if (!_accessReader.IsAllowed(accessReader, sender.Value) && !vendComponent.Emagged) + if (!_accessReader.IsAllowed(sender.Value, accessReader) && !vendComponent.Emagged) { _popupSystem.PopupEntity(Loc.GetString("vending-machine-component-try-eject-access-denied"), uid, Filter.Pvs(uid)); Deny(uid, vendComponent); diff --git a/Content.Shared/Access/Systems/AccessReaderSystem.cs b/Content.Shared/Access/Systems/AccessReaderSystem.cs index d6f55fb29a..da273ab8cd 100644 --- a/Content.Shared/Access/Systems/AccessReaderSystem.cs +++ b/Content.Shared/Access/Systems/AccessReaderSystem.cs @@ -26,7 +26,7 @@ namespace Content.Shared.Access.Systems private void OnLinkAttempt(EntityUid uid, AccessReaderComponent component, LinkAttemptEvent args) { - if (component.Enabled && !IsAllowed(component, args.User)) + if (component.Enabled && !IsAllowed(args.User, component)) args.Cancel(); } @@ -59,13 +59,17 @@ namespace Content.Shared.Access.Systems /// If no access is found, an empty set is used instead. /// /// The entity to bor access. - public bool IsAllowed(AccessReaderComponent reader, EntityUid entity) + /// + public bool IsAllowed(EntityUid entity, AccessReaderComponent? reader = null) { + if (!Resolve(entity, ref reader, false)) + return true; + var tags = FindAccessTags(entity); - return IsAllowed(reader, tags); + return IsAllowed(tags, reader); } - public bool IsAllowed(AccessReaderComponent reader, ICollection accessTags) + public bool IsAllowed(ICollection accessTags, AccessReaderComponent reader) { if (!reader.Enabled) {