From a84e3cf96bd81d4b737cb4922d003f3019f914e5 Mon Sep 17 00:00:00 2001
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Fri, 26 Mar 2021 19:22:37 +0000
Subject: [PATCH] otter cli: change the meaning of list and list-all

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---
 daemon/cmdlistener.rs | 34 +++++++++++++++++++++++++---------
 src/bin/otter.rs      |  3 ++-
 src/spec.rs           |  1 +
 3 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/daemon/cmdlistener.rs b/daemon/cmdlistener.rs
index 3ae2df2f..708ff227 100644
--- a/daemon/cmdlistener.rs
+++ b/daemon/cmdlistener.rs
@@ -180,17 +180,33 @@ fn execute(cs: &mut CommandStream, cmd: MgmtCommand) -> MgmtResponse {
     }
 
     MC::ListGames { all } => {
-      let (scope, auth) = if all == Some(true) {
-        let auth = authorise_scope_direct(cs, &AS::Server)?;
-        (None, auth.therefore_ok())
+      let ag = AccountsGuard::lock();
+      let names = Instance::list_names(
+        None, Authorisation::authorise_any());
+      let auth_all = if all == Some(true) {
+        let auth =cs.superuser.ok_or(ME::AuthorisationError)?.into();
+        Some(auth)
       } else {
-        let AccountSpecified { notional_account, auth, .. } =
-          cs.account.as_ref().ok_or(ME::SpecifyAccount)?;
-        (Some(notional_account), *auth)
+        None
       };
-      let mut games = Instance::list_names(scope, auth);
-      games.sort_unstable();
-      MR::GamesList(games)
+      let mut names = names.into_iter().map(|name| {
+        let gref = Instance::lookup_by_name_unauth(&name)?;
+        let mut igu = gref.lock_even_poisoned();
+        let _ig = if let Some(auth_all) = auth_all {
+          igu.by_ref(auth_all)
+        } else {
+          cs.check_acl(&ag, &mut igu, PCH::Instance, &[TP::ShowInList])?.0
+        };
+        Ok::<_,ME>(name)
+      }).filter(|ent| matches_doesnot!(
+        ent,
+        = Ok(_),
+        ! Err(ME::GameNotFound) | Err(ME::AuthorisationError),
+        = Err(_),
+      ))
+        .collect::<Result<Vec<_>,_>>() ?;
+      names.sort_unstable();
+      MR::GamesList(names)
     }
 
     MC::AlterGame { game, insns, how } => {
diff --git a/src/bin/otter.rs b/src/bin/otter.rs
index d21aa859..31071602 100644
--- a/src/bin/otter.rs
+++ b/src/bin/otter.rs
@@ -501,6 +501,7 @@ fn connect(ma: &MainOpts) -> Conn {
 
 const PLAYER_ALWAYS_PERMS: &[TablePermission] = &[
   TP::TestExistence,
+  TP::ShowInList,
   TP::ViewNotSecret,
   TP::Play,
 ];
@@ -600,7 +601,7 @@ mod list_games {
     let mut ap = ArgumentParser::new();
     ap.refer(&mut sa.all)
       .add_option(&["--all"],StoreTrue,
-                    "list all games, not just yours");
+                  "user superuser access to list *all* games");
     ap
   }
 
diff --git a/src/spec.rs b/src/spec.rs
index 7da64d57..58125f77 100644
--- a/src/spec.rs
+++ b/src/spec.rs
@@ -121,6 +121,7 @@ pub struct AclEntry<Perm: Eq + Hash> {
 #[derive(FromPrimitive,ToPrimitive)]
 pub enum TablePermission {
   TestExistence,
+  ShowInList,
   ViewNotSecret,
   Play,
   ChangePieces,
-- 
2.30.2