From 191be84e320c07d2eaa1eb6324b6ff23bc556c13 Mon Sep 17 00:00:00 2001
From: KernelDeimos <eric.alex.dube@gmail.com>
Date: Tue, 23 Jul 2024 19:24:40 -0400
Subject: [PATCH] dev: migrate svc_permission check() to scan()

---
 src/backend/src/om/entitystorage/ProtectedAppES.js | 6 ++++--
 src/backend/src/routers/auth/check-app.js          | 5 ++++-
 src/backend/src/routers/hosting/puter-site.js      | 5 ++++-
 src/backend/src/services/drivers/DriverService.js  | 6 ++++--
 4 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/src/backend/src/om/entitystorage/ProtectedAppES.js b/src/backend/src/om/entitystorage/ProtectedAppES.js
index 7ee537ae6..270247049 100644
--- a/src/backend/src/om/entitystorage/ProtectedAppES.js
+++ b/src/backend/src/om/entitystorage/ProtectedAppES.js
@@ -17,6 +17,7 @@
  * along with this program.  If not, see <https://www.gnu.org/licenses/>.
  */
 const { AppUnderUserActorType, UserActorType } = require("../../services/auth/Actor");
+const { PermissionUtil } = require("../../services/auth/PermissionService");
 const { Context } = require("../../util/context");
 const { BaseES } = require("./BaseES");
 
@@ -84,11 +85,12 @@ class ProtectedAppES extends BaseES {
         const app_uid = await entity.get('uid');
         const svc_permission = services.get('permission');
         const permission_to_check = `app:uid#${app_uid}:access`;
-        const perm = await svc_permission.check(
+        const reading = await svc_permission.scan(
             actor, permission_to_check,
         );
+        const options = PermissionUtil.reading_to_options(reading);
         
-        if ( perm ) return;
+        if ( options.length > 0 ) return;
         
         // `true` here means "do not send downstream"
         return true;
diff --git a/src/backend/src/routers/auth/check-app.js b/src/backend/src/routers/auth/check-app.js
index 91f222405..586f1dfae 100644
--- a/src/backend/src/routers/auth/check-app.js
+++ b/src/backend/src/routers/auth/check-app.js
@@ -23,6 +23,7 @@ const { NodeUIDSelector, NodePathSelector } = require("../../filesystem/node/sel
 const { NodeChildSelector } = require("../../filesystem/node/selectors");
 const { get_app } = require("../../helpers");
 const { UserActorType, Actor, AppUnderUserActorType } = require("../../services/auth/Actor");
+const { PermissionUtil } = require("../../services/auth/PermissionService");
 const { Context } = require("../../util/context");
 
 module.exports = eggspress('/auth/check-app', {
@@ -68,7 +69,9 @@ module.exports = eggspress('/auth/check-app', {
         }),
     });
 
-    const authenticated = !! await svc_permission.check(app_actor, 'flag:app-is-authenticated');
+    const reading = await svc_permission.scan(app_actor, 'flag:app-is-authenticated');
+    const options = PermissionUtil.reading_to_options(reading);
+    const authenticated = options.length > 0;
 
     let token;
     if ( authenticated ) token = await svc_auth.get_user_app_token(app_uid);
diff --git a/src/backend/src/routers/hosting/puter-site.js b/src/backend/src/routers/hosting/puter-site.js
index fbf9ce5f7..3e77fedff 100644
--- a/src/backend/src/routers/hosting/puter-site.js
+++ b/src/backend/src/routers/hosting/puter-site.js
@@ -26,6 +26,7 @@ const { TYPE_DIRECTORY } = require("../../filesystem/FSNodeContext");
 const { LLRead } = require("../../filesystem/ll_operations/ll_read");
 const { Actor, UserActorType, SiteActorType } = require("../../services/auth/Actor");
 const APIError = require("../../api/APIError");
+const { PermissionUtil } = require("../../services/auth/PermissionService");
 
 const AT_DIRECTORY_NAMESPACE = '4aa6dc52-34c1-4b8a-b63c-a62b27f727cf';
 
@@ -251,9 +252,11 @@ class PuterSiteMiddleware extends AdvancedBase {
                         return {};
                     }
                         
-                    return await svc_permission.check(
+                    const reading = await svc_permission.scan(
                         user_actor, `site:uid#${site.uuid}:access`
                     );
+                    const options = PermissionUtil.reading_to_options(reading);
+                    return options.length > 0;
                 })();
                 
                 if ( ! perm ) {
diff --git a/src/backend/src/services/drivers/DriverService.js b/src/backend/src/services/drivers/DriverService.js
index 0553714ad..032514051 100644
--- a/src/backend/src/services/drivers/DriverService.js
+++ b/src/backend/src/services/drivers/DriverService.js
@@ -22,6 +22,7 @@ const { DriverError } = require("./DriverError");
 const { TypedValue } = require("./meta/Runtime");
 const BaseService = require("../BaseService");
 const { Driver } = require("../../definitions/Driver");
+const { PermissionUtil } = require("../auth/PermissionService");
 
 /**
  * DriverService provides the functionality of Puter drivers.
@@ -109,8 +110,9 @@ class DriverService extends BaseService {
         const services = Context.get('services');
         const svc_permission = services.get('permission');
 
-        const perm = await svc_permission.check(actor, `driver:${interface_name}:${method}`);
-        if ( ! perm ) {
+        const reading = await svc_permission.scan(actor, `driver:${interface_name}:${method}`);
+        const options = PermissionUtil.reading_to_options(reading);
+        if ( ! (options.length > 0) ) {
             throw APIError.create('permission_denied');
         }