From cc2b43a9f2ee9ec9282cc31954679a3e7a105eb2 Mon Sep 17 00:00:00 2001
From: Nadja Reitzenstein <me@dequbed.space>
Date: Wed, 16 Mar 2022 15:09:25 +0100
Subject: [PATCH] Reverse visibility check to properly disclose machines

Machines that you have disclose on are always shown.
Machines you *don't* have `disclose` on are *also* show *iff* you are using them.
---
 src/api/machines.rs | 39 ++++++++++++++++++++++++---------------
 1 file changed, 24 insertions(+), 15 deletions(-)

diff --git a/src/api/machines.rs b/src/api/machines.rs
index a57e662..940448d 100644
--- a/src/api/machines.rs
+++ b/src/api/machines.rs
@@ -62,24 +62,33 @@ impl machines::Server for Machines {
 
                 let mut filtered_v = Vec::with_capacity(v.len());
                 for (id, machine) in v.into_iter() {
-                    match machine.get_status().await {
-                        // Always show a machine if they're in use by myself
-                        Status::InUse(ref bywho) =>
-                            if bywho.is_some() && bywho.as_ref().filter(|bywho| *bywho == user).is_some()
-                            {
+                    // Check if the user has disclose. If yes, machines are always shown.
+                    let required_disclose = &machine.desc.privs.disclose;
+                    if session.as_ref().unwrap().perms.iter()
+                              .any(|rule| rule.match_perm(required_disclose))
+                    {
+                        filtered_v.push((id, machine));
+                    } else {
+                        // If no, match their state. Used & reserved machines are also shown
+                        match machine.get_status().await {
+                            // Always show a machine if they're in use by myself
+                            Status::InUse(ref bywho) =>
+                                if bywho.is_some() && bywho.as_ref().filter(|bywho| *bywho == user).is_some()
+                                {
+                                    filtered_v.push((id, machine));
+                                }
+                            Status::Reserved(ref bywho) => if bywho == user {
                                 filtered_v.push((id, machine));
                             }
-                        Status::Reserved(ref bywho) => if bywho == user {
-                            filtered_v.push((id, machine));
-                        }
 
-                        // The rest depends on the actual priviledges below
-                        _ => {
-                            let required_disclose = &machine.desc.privs.disclose;
-                            if session.as_ref().unwrap().perms.iter()
-                                .any(|rule| rule.match_perm(required_disclose))
-                            {
-                                filtered_v.push((id, machine));
+                            // The rest depends on the actual priviledges below
+                            _ => {
+                                let required_disclose = &machine.desc.privs.disclose;
+                                if session.as_ref().unwrap().perms.iter()
+                                          .any(|rule| rule.match_perm(required_disclose))
+                                {
+                                    filtered_v.push((id, machine));
+                                }
                             }
                         }
                     }