FamilyVaultApp · pawl0wski · Apr 26, 2025 · Apr 16, 2025 · Apr 24, 2025 · Apr 25, 2025
diff --git a/FamilyVaultServer/Models/FamilyGroupMember.cs b/FamilyVaultServer/Models/FamilyGroupMember.cs
@@ -1,4 +1,5 @@
 using FamilyVaultServer.Services.PrivMx.Models;
+using FamilyVaultServer.Utils;
 using System.Text.Json.Serialization;
 
 namespace FamilyVaultServer.Models.Responses
@@ -21,8 +22,7 @@ public static FamilyGroupMember FromPrivMxContextUser(PrivMxContextUser user)
                 Firstname = userIdSplitted.First(),
                 Surname = userIdSplitted.Last(),
                 PublicKey = user.PubKey,
-                // TODO: Ustawienie odpowiedniego PermissionGroup
-                PermissionGroup = PermissionGroup.Member
+                PermissionGroup = AclToPermissionGroupMapper.Map(user.Acl)
             };
         }
     }

diff --git a/FamilyVaultServer/Models/PermissionGroup.cs b/FamilyVaultServer/Models/PermissionGroup.cs
@@ -2,6 +2,7 @@
 {
     public enum PermissionGroup
     {
+        Unknown = -1,
         Guardian = 0,
         Member = 1,
         Guest = 2,

diff --git a/FamilyVaultServer/Services/PrivMx/Models/PrivMxAcl.cs b/FamilyVaultServer/Services/PrivMx/Models/PrivMxAcl.cs
@@ -0,0 +1,11 @@
+namespace FamilyVaultServer.Services.PrivMx.Models
+{
+    public record class PrivMxAcl(string Type, string Object, string? Permission = null)
+    {
+        public override string ToString()
+        {
+            var separator = Permission is not null ? "/" : "";
+            return $"{Type} {Object}{separator}{Permission}";
+        }
+    }
+}
diff --git a/FamilyVaultServer/Utils/AclToPermissionGroupMapper.cs b/FamilyVaultServer/Utils/AclToPermissionGroupMapper.cs
@@ -0,0 +1,31 @@
+using FamilyVaultServer.Models;
+using FamilyVaultServer.Services.PrivMx.Models;
+
+namespace FamilyVaultServer.Utils
+{
+    public static class AclToPermissionGroupMapper
+    {
+        public static PermissionGroup Map(string acl)
+        {
+            if (HasAllRequiredAcls(acl, PermissionGroupAcls.guardianAcl))
+            {
+                return PermissionGroup.Guardian;
+            }
+
+            if (HasAllRequiredAcls(acl, PermissionGroupAcls.memberAcl))
+            {
+                return PermissionGroup.Member;
+            }
+
+            if (HasAllRequiredAcls(acl, PermissionGroupAcls.guestAcl))
+            {
+                return PermissionGroup.Guest;
+            }
+
+            return PermissionGroup.Unknown;
+        }
+
+        private static bool HasAllRequiredAcls(string acl, List<PrivMxAcl> acls) =>
+            acls.All((requiredAcl) => acl.Contains(requiredAcl.ToString()));
+    }
+}
diff --git a/FamilyVaultServer/Utils/PermissionGroupAcls.cs b/FamilyVaultServer/Utils/PermissionGroupAcls.cs
@@ -0,0 +1,40 @@
+using FamilyVaultServer.Services.PrivMx.Models;
+
+namespace FamilyVaultServer.Utils
+{
+    public static class PermissionGroupAcls
+    {
+        public static readonly List<PrivMxAcl> guardianAcl = [
+            new PrivMxAcl("ALLOW", "ALL")
+        ];
+
+        public static readonly List<PrivMxAcl> memberAcl = [
+            new PrivMxAcl("ALLOW", "thread", "READ"),
+            new PrivMxAcl("ALLOW", "thread", "threadCreate"),
+            new PrivMxAcl("ALLOW", "thread", "threadUpdate"),
+            new PrivMxAcl("ALLOW", "thread", "threadMessageSend"),
+            new PrivMxAcl("ALLOW", "thread", "threadMessageDelete"),
+            new PrivMxAcl("ALLOW", "thread", "threadDelete"),
+            new PrivMxAcl("ALLOW", "store", "READ"),
+            new PrivMxAcl("ALLOW", "store", "storeCreate"),
+            new PrivMxAcl("ALLOW", "store", "storeFileCreate"),
+            new PrivMxAcl("ALLOW", "store", "storeFileWrite"),
+            new PrivMxAcl("ALLOW", "store", "storeFileDelete"),
+            new PrivMxAcl("ALLOW", "inbox", "READ"),
+            new PrivMxAcl("ALLOW", "stream", "READ")
+        ];
+
+        public static readonly List<PrivMxAcl> guestAcl = [
+            new PrivMxAcl("ALLOW", "thread", "READ"),
+            new PrivMxAcl("ALLOW", "thread", "threadCreate"),
+            new PrivMxAcl("ALLOW", "thread", "threadMessageSend"),
+            new PrivMxAcl("ALLOW", "thread", "threadMessageDelete"),
+            new PrivMxAcl("ALLOW", "store", "READ"),
+            new PrivMxAcl("ALLOW", "store", "storeCreate"),
+            new PrivMxAcl("ALLOW", "store", "storeFileCreate"),
+            new PrivMxAcl("ALLOW", "store", "storeFileDelete"),
+            new PrivMxAcl("ALLOW", "inbox", "READ"),
+            new PrivMxAcl("ALLOW", "stream", "READ")
+        ];
+    }
+}
diff --git a/FamilyVaultServer/Utils/PermissionGroupToAclMapper.cs b/FamilyVaultServer/Utils/PermissionGroupToAclMapper.cs
@@ -1,4 +1,5 @@
 using FamilyVaultServer.Models;
+using FamilyVaultServer.Services.PrivMx.Models;
 
 namespace FamilyVaultServer.Utils
 {
@@ -8,11 +9,17 @@ public static string Map(PermissionGroup permissionGroup)
         {
             return permissionGroup switch
             {
-                PermissionGroup.Guardian => "ALLOW ALL",
-                PermissionGroup.Member => "ALLOW ALL",
-                PermissionGroup.Guest => "ALLOW ALL",
+                PermissionGroup.Guardian => AclListToString(PermissionGroupAcls.guardianAcl),
+
+                PermissionGroup.Member => AclListToString(PermissionGroupAcls.memberAcl),
+
+                PermissionGroup.Guest => AclListToString(PermissionGroupAcls.guestAcl),
+
                 _ => throw new ArgumentException("Provided not valid PermissionGroup"),
             };
         }
+
+        private static string AclListToString(List<PrivMxAcl> acls) =>
+            string.Join("\n", acls.Select((acl) => acl.ToString()));
     }
 }