Core/RBAC: Move RBAC commands to RBAC using individual permissions

- Use this commit as a sample on how to move commands to RBAC

sql/updates/auth/2013_08_30_00_auth_misc.sql

@@ -0,0 +1,40 @@
+-- Add new permissions
+DELETE FROM `rbac_permissions` WHERE `id` BETWEEN 200 AND 216;
+INSERT INTO `rbac_permissions` (`id`, `name`) VALUES
+(200, 'Command: .rbac'),
+(201, 'Command: .rbac account'),
+(202, 'Command: .rbac account group'),
+(203, 'Command: .rbac account group add'),
+(204, 'Command: .rbac account group remove'),
+(205, 'Command: .rbac account role'),
+(206, 'Command: .rbac account role grant'),
+(207, 'Command: .rbac account role deny'),
+(208, 'Command: .rbac account role revoke'),
+(209, 'Command: .rbac account permission'),
+(210, 'Command: .rbac account permission grant'),
+(211, 'Command: .rbac account permission deny'),
+(212, 'Command: .rbac account permission revoke'),
+(213, 'Command: .rbac list'),
+(214, 'Command: .rbac list groups'),
+(215, 'Command: .rbac list roles'),
+(216, 'Command: .rbac list permissions');
+
+-- Add Permissions to "Administrator Commands Role"
+DELETE FROM `rbac_role_permissions` WHERE `roleId` = 4 AND `permissionId` BETWEEN 200 AND 216;
+INSERT INTO `rbac_role_permissions` (`roleId`, `permissionId`) VALUES
+(4, 200),
+(4, 201),
+(4, 202),
+(4, 203),
+(4, 204),
+(4, 205),
+(4, 206),
+(4, 207),
+(4, 208),
+(4, 209),
+(4, 210),
+(4, 211),
+(4, 213),
+(4, 214),
+(4, 215),
+(4, 216);

sql/updates/world/2013_08_30_02_world_command.sql

@@ -0,0 +1,17 @@
+-- Update command table with new RBAC permissions
+UPDATE `command` SET `permission` = 200 WHERE `name` = '.rbac';
+UPDATE `command` SET `permission` = 201 WHERE `name` = '.rbac account';
+UPDATE `command` SET `permission` = 202 WHERE `name` = '.rbac account group';
+UPDATE `command` SET `permission` = 203 WHERE `name` = '.rbac account group add';
+UPDATE `command` SET `permission` = 204 WHERE `name` = '.rbac account group remove';
+UPDATE `command` SET `permission` = 205 WHERE `name` = '.rbac account role';
+UPDATE `command` SET `permission` = 206 WHERE `name` = '.rbac account role grant';
+UPDATE `command` SET `permission` = 207 WHERE `name` = '.rbac account role deny';
+UPDATE `command` SET `permission` = 208 WHERE `name` = '.rbac account role revoke';
+UPDATE `command` SET `permission` = 209 WHERE `name` = '.rbac account permission';
+UPDATE `command` SET `permission` = 210 WHERE `name` = '.rbac account permission grant';
+UPDATE `command` SET `permission` = 211 WHERE `name` = '.rbac account permission deny';
+UPDATE `command` SET `permission` = 212 WHERE `name` = '.rbac account permission revoke';
+UPDATE `command` SET `permission` = 214 WHERE `name` = '.rbac account list groups';
+UPDATE `command` SET `permission` = 215 WHERE `name` = '.rbac account list roles';
+UPDATE `command` SET `permission` = 216 WHERE `name` = '.rbac account list permissions';

src/server/game/Accounts/RBAC.h

@@ -96,6 +96,26 @@ enum RBACPermissions
     RBAC_PERM_CHANGE_CHANNEL_NOT_MODERATOR                   = 46,
     RBAC_PERM_CHECK_FOR_LOWER_SECURITY                       = 47,
     RBAC_PERM_COMMANDS_PINFO_CHECK_PERSONAL_DATA             = 48,
+    // Leave some space for core permissions
+    RBAC_PERM_COMMAND_RBAC                                   = 200,
+    RBAC_PERM_COMMAND_RBAC_ACC                               = 201,
+    RBAC_PERM_COMMAND_RBAC_ACC_GROUP                         = 202,
+    RBAC_PERM_COMMAND_RBAC_ACC_GROUP_ADD                     = 203,
+    RBAC_PERM_COMMAND_RBAC_ACC_GROUP_DEL                     = 204,
+    RBAC_PERM_COMMAND_RBAC_ACC_ROLE                          = 205,
+    RBAC_PERM_COMMAND_RBAC_ACC_ROLE_GRANT                    = 206,
+    RBAC_PERM_COMMAND_RBAC_ACC_ROLE_DENY                     = 207,
+    RBAC_PERM_COMMAND_RBAC_ACC_ROLE_REVOKE                   = 208,
+    RBAC_PERM_COMMAND_RBAC_ACC_PERM                          = 209,
+    RBAC_PERM_COMMAND_RBAC_ACC_PERM_GRANT                    = 210,
+    RBAC_PERM_COMMAND_RBAC_ACC_PERM_DENY                     = 211,
+    RBAC_PERM_COMMAND_RBAC_ACC_PERM_REVOKE                   = 212,
+    RBAC_PERM_COMMAND_RBAC_LIST                              = 213,
+    RBAC_PERM_COMMAND_RBAC_LIST_GROUPS                       = 214,
+    RBAC_PERM_COMMAND_RBAC_LIST_ROLES                        = 215,
+    RBAC_PERM_COMMAND_RBAC_LIST_PERMS                        = 216,
+
+    // custom permissions 1000+
     RBAC_PERM_MAX
 };
 

src/server/scripts/Commands/cs_rbac.cpp

@@ -53,58 +53,58 @@ public:
     {
         static ChatCommand rbacGroupsCommandTable[] =
         {
-            {         "add", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, &HandleRBACGroupAddCommand,    "", NULL },
-            {      "remove", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, &HandleRBACGroupRemoveCommand, "", NULL },
-            {            "", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, &HandleRBACGroupListCommand,   "", NULL },
-            {          NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false,                          NULL, "", NULL }
+            {         "add", RBAC_PERM_COMMAND_RBAC_ACC_GROUP_ADD,  true, &HandleRBACGroupAddCommand,    "", NULL },
+            {      "remove", RBAC_PERM_COMMAND_RBAC_ACC_GROUP_DEL,  true, &HandleRBACGroupRemoveCommand, "", NULL },
+            {            "", RBAC_PERM_COMMAND_RBAC_ACC_GROUP, true, &HandleRBACGroupListCommand,   "", NULL },
+            {          NULL, 0, false, NULL, "", NULL }
         };
 
         static ChatCommand rbacRolesCommandTable[] =
         {
-            {       "grant", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, &HandleRBACRoleGrantCommand,   "", NULL },
-            {        "deny", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, &HandleRBACRoleDenyCommand,    "", NULL },
-            {      "revoke", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, &HandleRBACRoleRevokeCommand,  "", NULL },
-            {            "", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, &HandleRBACRoleListCommand,    "", NULL },
-            {          NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false,                          NULL, "", NULL }
+            {       "grant", RBAC_PERM_COMMAND_RBAC_ACC_ROLE_GRANT,  true, &HandleRBACRoleGrantCommand,   "", NULL },
+            {        "deny", RBAC_PERM_COMMAND_RBAC_ACC_ROLE_DENY,   true, &HandleRBACRoleDenyCommand,    "", NULL },
+            {      "revoke", RBAC_PERM_COMMAND_RBAC_ACC_ROLE_REVOKE, true, &HandleRBACRoleRevokeCommand,  "", NULL },
+            {            "", RBAC_PERM_COMMAND_RBAC_ACC_ROLE,   true, &HandleRBACRoleListCommand,    "", NULL },
+            {          NULL, 0, false, NULL, "", NULL }
         };
 
         static ChatCommand rbacPermsCommandTable[] =
         {
-            {       "grant", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, &HandleRBACPermGrantCommand,   "", NULL },
-            {        "deny", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, &HandleRBACPermDenyCommand,    "", NULL },
-            {      "revoke", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, &HandleRBACPermRevokeCommand,  "", NULL },
-            {            "", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, &HandleRBACPermListCommand,    "", NULL },
-            {          NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false,                          NULL, "", NULL }
+            {       "grant", RBAC_PERM_COMMAND_RBAC_ACC_PERM_GRANT,  true, &HandleRBACPermGrantCommand,   "", NULL },
+            {        "deny", RBAC_PERM_COMMAND_RBAC_ACC_PERM_DENY,   true, &HandleRBACPermDenyCommand,    "", NULL },
+            {      "revoke", RBAC_PERM_COMMAND_RBAC_ACC_PERM_REVOKE, true, &HandleRBACPermRevokeCommand,  "", NULL },
+            {            "", RBAC_PERM_COMMAND_RBAC_ACC_PERM,   true, &HandleRBACPermListCommand,    "", NULL },
+            {          NULL, 0, false, NULL, "", NULL }
         };
 
         static ChatCommand rbacListCommandTable[] =
         {
-            {      "groups", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, &HandleRBACListGroupsCommand,      "", NULL },
-            {       "roles", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, &HandleRBACListRolesCommand,       "", NULL },
-            { "permissions", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, &HandleRBACListPermissionsCommand, "", NULL },
-            {          NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false,                              NULL, "", NULL }
+            {      "groups", RBAC_PERM_COMMAND_RBAC_LIST_GROUPS, true, &HandleRBACListGroupsCommand,      "", NULL },
+            {       "roles", RBAC_PERM_COMMAND_RBAC_LIST_ROLES,  true, &HandleRBACListRolesCommand,       "", NULL },
+            { "permissions", RBAC_PERM_COMMAND_RBAC_LIST_PERMS,  true, &HandleRBACListPermissionsCommand, "", NULL },
+            {          NULL, 0, false, NULL, "", NULL }
         };
 
         static ChatCommand rbacAccountCommandTable[] =
         {
-            {       "group", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, NULL, "", rbacGroupsCommandTable },
-            {        "role", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, NULL, "", rbacRolesCommandTable },
-            {  "permission", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, NULL, "", rbacPermsCommandTable },
-            {            "", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, &HandleRBACAccountPermissionCommand, "", NULL },
-            {          NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false, NULL, "", NULL }
+            {       "group", RBAC_PERM_COMMAND_RBAC_ACC_GROUP, true, NULL, "", rbacGroupsCommandTable },
+            {        "role", RBAC_PERM_COMMAND_RBAC_ACC_ROLE,  true, NULL, "", rbacRolesCommandTable },
+            {  "permission", RBAC_PERM_COMMAND_RBAC_ACC_PERM,  true, NULL, "", rbacPermsCommandTable },
+            {            "", RBAC_PERM_COMMAND_RBAC_ACC,       true, &HandleRBACAccountPermissionCommand, "", NULL },
+            {          NULL, 0, false, NULL, "", NULL }
         };
 
         static ChatCommand rbacCommandTable[] =
         {
-            {    "account", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, NULL, "", rbacAccountCommandTable },
-            {       "list", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, NULL, "", rbacListCommandTable },
-            {         NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false, NULL, "", NULL }
+            {    "account", RBAC_PERM_COMMAND_RBAC_ACC,  true, NULL, "", rbacAccountCommandTable },
+            {       "list", RBAC_PERM_COMMAND_RBAC_LIST, true, NULL, "", rbacListCommandTable },
+            {         NULL, 0, false, NULL, "", NULL }
         };
 
         static ChatCommand commandTable[] =
         {
-            {       "rbac", RBAC_PERM_ADMINISTRATOR_COMMANDS,  true, NULL, "", rbacCommandTable },
-            {         NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false, NULL, "", NULL }
+            {       "rbac", RBAC_PERM_COMMAND_RBAC, true, NULL, "", rbacCommandTable },
+            {         NULL, 0, false, NULL, "", NULL }
         };
 
         return commandTable;