[UserListDelegate] Consider providerId (#7018)

Co-authored-by: Lukas Brübach <lukas.bruebach@bdosecurity.de>
2026-06-27 17:13:54 -07:00 · 2026-06-27 11:23:55 -04:00 · 2026-06-27 11:23:55 -04:00 · 6dc974a05d
commit 6dc974a05d
parent 2914874720
19 changed files with 211 additions and 53 deletions
--- a/servatrice/migrations/servatrice_0034_to_0035.sql
+++ b/servatrice/migrations/servatrice_0034_to_0035.sql
@ -3,12 +3,13 @@ ALTER TABLE `cockatrice_users` ADD COLUMN `card_art_params` TEXT DEFAULT NULL, A
 CREATE TABLE IF NOT EXISTS `cockatrice_card_art_name_rules` (
    `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
    `card_name` varchar(255) NOT NULL,
+    `card_provider_id` varchar(255) NOT NULL,
    `mode` enum('ALLOW','DENY') NOT NULL,
    `reason` varchar(255) DEFAULT NULL,
    `created_by` int(7) unsigned DEFAULT NULL,
    `created_at` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
    PRIMARY KEY (`id`),
-    UNIQUE KEY `uniq_card_name` (`card_name`),
+    UNIQUE KEY `uniq_provider_card_name` (`card_provider_id`, `card_name`),
    KEY `idx_mode` (`mode`),
    FOREIGN KEY (`created_by`) REFERENCES `cockatrice_users`(`id`)
    ON DELETE SET NULL
--- a/servatrice/servatrice.sql
+++ b/servatrice/servatrice.sql
@ -305,12 +305,13 @@ CREATE TABLE IF NOT EXISTS `cockatrice_audit` (
 CREATE TABLE IF NOT EXISTS `cockatrice_card_art_name_rules` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  `card_name` varchar(255) NOT NULL,
+  `card_provider_id` varchar(255) NOT NULL,
  `mode` enum('ALLOW','DENY') NOT NULL,
  `reason` varchar(255) DEFAULT NULL,
  `created_by` int(7) unsigned DEFAULT NULL,
  `created_at` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
  PRIMARY KEY (`id`),
-  UNIQUE KEY `uniq_card_name` (`card_name`),
+  UNIQUE KEY `uniq_provider_card_name` (`card_provider_id`, `card_name`),
  KEY `idx_mode` (`mode`),
  FOREIGN KEY (`created_by`) REFERENCES `cockatrice_users`(`id`)
  ON DELETE SET NULL
--- a/servatrice/src/servatrice_database_interface.cpp
+++ b/servatrice/src/servatrice_database_interface.cpp
@ -693,6 +693,9 @@ ServerInfo_User Servatrice_DatabaseInterface::evalUserQueryResult(const QSqlQuer
                if (obj.contains("card_name")) {
                    cap->set_card_name(obj["card_name"].toString().toStdString());
                }
+                if (obj.contains("card_provider_id")) {
+                    cap->set_card_provider_id(obj["card_provider_id"].toString().toStdString());
+                }
                if (obj.contains("marginPctL")) {
                    cap->set_margin_pct_l(obj["marginPctL"].toDouble(0.33));
                }
--- a/servatrice/src/serversocketinterface.cpp
+++ b/servatrice/src/serversocketinterface.cpp
@ -1577,11 +1577,13 @@ Response::ResponseCode AbstractServerSocketInterface::cmdAccountImage(const Comm
    return Response::RespOk;
 }

-bool AbstractServerSocketInterface::isCardNameAllowed(const QString &cardName)
+bool AbstractServerSocketInterface::isCardNameAllowed(const QString &cardName, const QString &cardProviderId)
 {
-    QSqlQuery *q = sqlInterface->prepareQuery("SELECT mode FROM {prefix}_card_art_name_rules WHERE card_name = :name");
+    QSqlQuery *q = sqlInterface->prepareQuery(
+        "SELECT mode FROM {prefix}_card_art_name_rules WHERE card_name = :name AND card_provider_id = :provider");

    q->bindValue(":name", cardName);
+    q->bindValue(":provider", cardProviderId);

    if (!sqlInterface->execSqlQuery(q)) {
        qWarning() << "Card art rule lookup failed; failing open for" << cardName;
@ -1603,8 +1605,9 @@ Response::ResponseCode AbstractServerSocketInterface::cmdSetCardArtParams(const
    }

    const QString cardName = QString::fromStdString(cmd.card_name());
+    const QString cardProviderId = QString::fromStdString(cmd.card_provider_id());

-    if (cardName.length() > MAX_NAME_LENGTH) {
+    if (cardName.length() > MAX_NAME_LENGTH || cardProviderId.length() > MAX_NAME_LENGTH) {
        return Response::RespInvalidData;
    }

@ -1620,7 +1623,7 @@ Response::ResponseCode AbstractServerSocketInterface::cmdSetCardArtParams(const
        return Response::RespOk;
    }

-    if (!isCardNameAllowed(cardName)) {
+    if (!isCardNameAllowed(cardName, cardProviderId)) {
        return Response::RespFunctionNotAllowed;
    }

@ -1633,6 +1636,7 @@ Response::ResponseCode AbstractServerSocketInterface::cmdSetCardArtParams(const

    QJsonObject obj;
    obj["card_name"] = cardName;
+    obj["card_provider_id"] = cardProviderId;
    obj["marginPctL"] = marginPctL;
    obj["marginPctR"] = marginPctR;
    obj["verticalOffset"] = verticalOffset;
@ -1649,6 +1653,7 @@ Response::ResponseCode AbstractServerSocketInterface::cmdSetCardArtParams(const
    // Keep the in-memory userInfo in sync
    auto *cap = userInfo->mutable_card_art_params();
    cap->set_card_name(cmd.card_name());
+    cap->set_card_provider_id(cmd.card_provider_id());
    cap->set_margin_pct_l(marginPctL);
    cap->set_margin_pct_r(marginPctR);
    cap->set_vertical_offset(verticalOffset);
@ -1664,21 +1669,23 @@ Response::ResponseCode AbstractServerSocketInterface::cmdAddCardArtRule(const Co
                                                                        ResponseContainer &)
 {
    const QString cardName = QString::fromStdString(cmd.card_name());
+    const QString cardProviderId = QString::fromStdString(cmd.card_provider_id());
    const QString mode = QString::fromStdString(cmd.mode());

    if (mode != "ALLOW" && mode != "DENY") {
        return Response::RespInvalidData;
    }
-    if (cardName.isEmpty() || cardName.length() > MAX_NAME_LENGTH) {
+    if (cardName.isEmpty() || cardName.length() > MAX_NAME_LENGTH || cardProviderId.length() > MAX_NAME_LENGTH) {
        return Response::RespInvalidData;
    }

    QSqlQuery *q = sqlInterface->prepareQuery("INSERT INTO {prefix}_card_art_name_rules "
-                                              "(card_name, mode, reason, created_by) "
-                                              "VALUES (:name, :mode, :reason, :uid) "
+                                              "(card_name, card_provider_id, mode, reason, created_by) "
+                                              "VALUES (:name, :provider, :mode, :reason, :uid) "
                                              "ON DUPLICATE KEY UPDATE mode=:mode2, reason=:reason2");

    q->bindValue(":name", cardName);
+    q->bindValue(":provider", cardProviderId);
    q->bindValue(":mode", mode);
    q->bindValue(":mode2", mode);
    q->bindValue(":reason", QString::fromStdString(cmd.reason()));
@ -1696,12 +1703,15 @@ Response::ResponseCode AbstractServerSocketInterface::cmdRemoveCardArtRule(const
                                                                           ResponseContainer &)
 {
    auto cardName = QString::fromStdString(cmd.card_name());
-    if (cardName.length() > MAX_NAME_LENGTH) {
+    auto cardProviderId = QString::fromStdString(cmd.card_provider_id());
+    if (cardName.length() > MAX_NAME_LENGTH || cardProviderId.length() > MAX_NAME_LENGTH) {
        return Response::RespInvalidData;
    }
-    QSqlQuery *q = sqlInterface->prepareQuery("DELETE FROM {prefix}_card_art_name_rules WHERE card_name=:name");
+    QSqlQuery *q = sqlInterface->prepareQuery(
+        "DELETE FROM {prefix}_card_art_name_rules WHERE card_name=:name AND card_provider_id=:provider");

    q->bindValue(":name", cardName);
+    q->bindValue(":provider", cardProviderId);

    if (!sqlInterface->execSqlQuery(q)) {
        return Response::RespInternalError;
@ -1713,7 +1723,8 @@ Response::ResponseCode AbstractServerSocketInterface::cmdRemoveCardArtRule(const
 Response::ResponseCode AbstractServerSocketInterface::cmdListCardArtRules(const Command_ListCardArtRules &,
                                                                          ResponseContainer &rc)
 {
-    QSqlQuery *q = sqlInterface->prepareQuery("SELECT card_name, mode, reason FROM {prefix}_card_art_name_rules");
+    QSqlQuery *q = sqlInterface->prepareQuery(
+        "SELECT card_name, card_provider_id, mode, reason FROM {prefix}_card_art_name_rules");

    if (!sqlInterface->execSqlQuery(q)) {
        return Response::RespInternalError;
@ -1724,8 +1735,9 @@ Response::ResponseCode AbstractServerSocketInterface::cmdListCardArtRules(const
    while (q->next()) {
        auto *entry = re->add_entries();
        entry->set_card_name(q->value(0).toString().toStdString());
-        entry->set_mode(q->value(1).toString().toStdString());
-        entry->set_reason(q->value(2).toString().toStdString());
+        entry->set_card_provider_id(q->value(1).toString().toStdString());
+        entry->set_mode(q->value(2).toString().toStdString());
+        entry->set_reason(q->value(3).toString().toStdString());
    }

    rc.setResponseExtension(re);
--- a/servatrice/src/serversocketinterface.h
+++ b/servatrice/src/serversocketinterface.h
@ -129,7 +129,7 @@ private:

    Response::ResponseCode cmdAccountEdit(const Command_AccountEdit &cmd, ResponseContainer &rc);
    Response::ResponseCode cmdAccountImage(const Command_AccountImage &cmd, ResponseContainer &rc);
-    bool isCardNameAllowed(const QString &cardName);
+    bool isCardNameAllowed(const QString &cardName, const QString &cardProviderId);
    Response::ResponseCode cmdSetCardArtParams(const Command_SetCardArtParams &cmd, ResponseContainer &);
    Response::ResponseCode cmdAddCardArtRule(const Command_AddCardArtRule &cmd, ResponseContainer &);
    Response::ResponseCode cmdRemoveCardArtRule(const Command_RemoveCardArtRule &cmd, ResponseContainer &);