diff --git a/sql/updates/auth/2013_08_30_00_auth_misc.sql b/sql/updates/auth/2013_08_30_00_auth_misc.sql new file mode 100644 index 00000000000..1f51a8deee8 --- /dev/null +++ b/sql/updates/auth/2013_08_30_00_auth_misc.sql @@ -0,0 +1,40 @@ +-- Add new permissions +DELETE FROM `rbac_permissions` WHERE `id` BETWEEN 200 AND 216; +INSERT INTO `rbac_permissions` (`id`, `name`) VALUES +(200, 'Command: .rbac'), +(201, 'Command: .rbac account'), +(202, 'Command: .rbac account group'), +(203, 'Command: .rbac account group add'), +(204, 'Command: .rbac account group remove'), +(205, 'Command: .rbac account role'), +(206, 'Command: .rbac account role grant'), +(207, 'Command: .rbac account role deny'), +(208, 'Command: .rbac account role revoke'), +(209, 'Command: .rbac account permission'), +(210, 'Command: .rbac account permission grant'), +(211, 'Command: .rbac account permission deny'), +(212, 'Command: .rbac account permission revoke'), +(213, 'Command: .rbac list'), +(214, 'Command: .rbac list groups'), +(215, 'Command: .rbac list roles'), +(216, 'Command: .rbac list permissions'); + +-- Add Permissions to "Administrator Commands Role" +DELETE FROM `rbac_role_permissions` WHERE `roleId` = 4 AND `permissionId` BETWEEN 200 AND 216; +INSERT INTO `rbac_role_permissions` (`roleId`, `permissionId`) VALUES +(4, 200), +(4, 201), +(4, 202), +(4, 203), +(4, 204), +(4, 205), +(4, 206), +(4, 207), +(4, 208), +(4, 209), +(4, 210), +(4, 211), +(4, 213), +(4, 214), +(4, 215), +(4, 216); diff --git a/sql/updates/world/2013_08_30_02_world_command.sql b/sql/updates/world/2013_08_30_02_world_command.sql new file mode 100644 index 00000000000..1b0f1a2a663 --- /dev/null +++ b/sql/updates/world/2013_08_30_02_world_command.sql @@ -0,0 +1,17 @@ +-- Update command table with new RBAC permissions +UPDATE `command` SET `permission` = 200 WHERE `name` = '.rbac'; +UPDATE `command` SET `permission` = 201 WHERE `name` = '.rbac account'; +UPDATE `command` SET `permission` = 202 WHERE `name` = '.rbac account group'; +UPDATE `command` SET `permission` = 203 WHERE `name` = '.rbac account group add'; +UPDATE `command` SET `permission` = 204 WHERE `name` = '.rbac account group remove'; +UPDATE `command` SET `permission` = 205 WHERE `name` = '.rbac account role'; +UPDATE `command` SET `permission` = 206 WHERE `name` = '.rbac account role grant'; +UPDATE `command` SET `permission` = 207 WHERE `name` = '.rbac account role deny'; +UPDATE `command` SET `permission` = 208 WHERE `name` = '.rbac account role revoke'; +UPDATE `command` SET `permission` = 209 WHERE `name` = '.rbac account permission'; +UPDATE `command` SET `permission` = 210 WHERE `name` = '.rbac account permission grant'; +UPDATE `command` SET `permission` = 211 WHERE `name` = '.rbac account permission deny'; +UPDATE `command` SET `permission` = 212 WHERE `name` = '.rbac account permission revoke'; +UPDATE `command` SET `permission` = 214 WHERE `name` = '.rbac account list groups'; +UPDATE `command` SET `permission` = 215 WHERE `name` = '.rbac account list roles'; +UPDATE `command` SET `permission` = 216 WHERE `name` = '.rbac account list permissions'; diff --git a/src/server/game/Accounts/RBAC.h b/src/server/game/Accounts/RBAC.h index 4e98e5f003e..30902f944df 100644 --- a/src/server/game/Accounts/RBAC.h +++ b/src/server/game/Accounts/RBAC.h @@ -96,6 +96,26 @@ enum RBACPermissions RBAC_PERM_CHANGE_CHANNEL_NOT_MODERATOR = 46, RBAC_PERM_CHECK_FOR_LOWER_SECURITY = 47, RBAC_PERM_COMMANDS_PINFO_CHECK_PERSONAL_DATA = 48, + // Leave some space for core permissions + RBAC_PERM_COMMAND_RBAC = 200, + RBAC_PERM_COMMAND_RBAC_ACC = 201, + RBAC_PERM_COMMAND_RBAC_ACC_GROUP = 202, + RBAC_PERM_COMMAND_RBAC_ACC_GROUP_ADD = 203, + RBAC_PERM_COMMAND_RBAC_ACC_GROUP_DEL = 204, + RBAC_PERM_COMMAND_RBAC_ACC_ROLE = 205, + RBAC_PERM_COMMAND_RBAC_ACC_ROLE_GRANT = 206, + RBAC_PERM_COMMAND_RBAC_ACC_ROLE_DENY = 207, + RBAC_PERM_COMMAND_RBAC_ACC_ROLE_REVOKE = 208, + RBAC_PERM_COMMAND_RBAC_ACC_PERM = 209, + RBAC_PERM_COMMAND_RBAC_ACC_PERM_GRANT = 210, + RBAC_PERM_COMMAND_RBAC_ACC_PERM_DENY = 211, + RBAC_PERM_COMMAND_RBAC_ACC_PERM_REVOKE = 212, + RBAC_PERM_COMMAND_RBAC_LIST = 213, + RBAC_PERM_COMMAND_RBAC_LIST_GROUPS = 214, + RBAC_PERM_COMMAND_RBAC_LIST_ROLES = 215, + RBAC_PERM_COMMAND_RBAC_LIST_PERMS = 216, + + // custom permissions 1000+ RBAC_PERM_MAX }; diff --git a/src/server/scripts/Commands/cs_rbac.cpp b/src/server/scripts/Commands/cs_rbac.cpp index 22a71115e76..9c682acb224 100644 --- a/src/server/scripts/Commands/cs_rbac.cpp +++ b/src/server/scripts/Commands/cs_rbac.cpp @@ -53,58 +53,58 @@ public: { static ChatCommand rbacGroupsCommandTable[] = { - { "add", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACGroupAddCommand, "", NULL }, - { "remove", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACGroupRemoveCommand, "", NULL }, - { "", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACGroupListCommand, "", NULL }, - { NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false, NULL, "", NULL } + { "add", RBAC_PERM_COMMAND_RBAC_ACC_GROUP_ADD, true, &HandleRBACGroupAddCommand, "", NULL }, + { "remove", RBAC_PERM_COMMAND_RBAC_ACC_GROUP_DEL, true, &HandleRBACGroupRemoveCommand, "", NULL }, + { "", RBAC_PERM_COMMAND_RBAC_ACC_GROUP, true, &HandleRBACGroupListCommand, "", NULL }, + { NULL, 0, false, NULL, "", NULL } }; static ChatCommand rbacRolesCommandTable[] = { - { "grant", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACRoleGrantCommand, "", NULL }, - { "deny", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACRoleDenyCommand, "", NULL }, - { "revoke", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACRoleRevokeCommand, "", NULL }, - { "", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACRoleListCommand, "", NULL }, - { NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false, NULL, "", NULL } + { "grant", RBAC_PERM_COMMAND_RBAC_ACC_ROLE_GRANT, true, &HandleRBACRoleGrantCommand, "", NULL }, + { "deny", RBAC_PERM_COMMAND_RBAC_ACC_ROLE_DENY, true, &HandleRBACRoleDenyCommand, "", NULL }, + { "revoke", RBAC_PERM_COMMAND_RBAC_ACC_ROLE_REVOKE, true, &HandleRBACRoleRevokeCommand, "", NULL }, + { "", RBAC_PERM_COMMAND_RBAC_ACC_ROLE, true, &HandleRBACRoleListCommand, "", NULL }, + { NULL, 0, false, NULL, "", NULL } }; static ChatCommand rbacPermsCommandTable[] = { - { "grant", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACPermGrantCommand, "", NULL }, - { "deny", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACPermDenyCommand, "", NULL }, - { "revoke", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACPermRevokeCommand, "", NULL }, - { "", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACPermListCommand, "", NULL }, - { NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false, NULL, "", NULL } + { "grant", RBAC_PERM_COMMAND_RBAC_ACC_PERM_GRANT, true, &HandleRBACPermGrantCommand, "", NULL }, + { "deny", RBAC_PERM_COMMAND_RBAC_ACC_PERM_DENY, true, &HandleRBACPermDenyCommand, "", NULL }, + { "revoke", RBAC_PERM_COMMAND_RBAC_ACC_PERM_REVOKE, true, &HandleRBACPermRevokeCommand, "", NULL }, + { "", RBAC_PERM_COMMAND_RBAC_ACC_PERM, true, &HandleRBACPermListCommand, "", NULL }, + { NULL, 0, false, NULL, "", NULL } }; static ChatCommand rbacListCommandTable[] = { - { "groups", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACListGroupsCommand, "", NULL }, - { "roles", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACListRolesCommand, "", NULL }, - { "permissions", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACListPermissionsCommand, "", NULL }, - { NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false, NULL, "", NULL } + { "groups", RBAC_PERM_COMMAND_RBAC_LIST_GROUPS, true, &HandleRBACListGroupsCommand, "", NULL }, + { "roles", RBAC_PERM_COMMAND_RBAC_LIST_ROLES, true, &HandleRBACListRolesCommand, "", NULL }, + { "permissions", RBAC_PERM_COMMAND_RBAC_LIST_PERMS, true, &HandleRBACListPermissionsCommand, "", NULL }, + { NULL, 0, false, NULL, "", NULL } }; static ChatCommand rbacAccountCommandTable[] = { - { "group", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, NULL, "", rbacGroupsCommandTable }, - { "role", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, NULL, "", rbacRolesCommandTable }, - { "permission", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, NULL, "", rbacPermsCommandTable }, - { "", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACAccountPermissionCommand, "", NULL }, - { NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false, NULL, "", NULL } + { "group", RBAC_PERM_COMMAND_RBAC_ACC_GROUP, true, NULL, "", rbacGroupsCommandTable }, + { "role", RBAC_PERM_COMMAND_RBAC_ACC_ROLE, true, NULL, "", rbacRolesCommandTable }, + { "permission", RBAC_PERM_COMMAND_RBAC_ACC_PERM, true, NULL, "", rbacPermsCommandTable }, + { "", RBAC_PERM_COMMAND_RBAC_ACC, true, &HandleRBACAccountPermissionCommand, "", NULL }, + { NULL, 0, false, NULL, "", NULL } }; static ChatCommand rbacCommandTable[] = { - { "account", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, NULL, "", rbacAccountCommandTable }, - { "list", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, NULL, "", rbacListCommandTable }, - { NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false, NULL, "", NULL } + { "account", RBAC_PERM_COMMAND_RBAC_ACC, true, NULL, "", rbacAccountCommandTable }, + { "list", RBAC_PERM_COMMAND_RBAC_LIST, true, NULL, "", rbacListCommandTable }, + { NULL, 0, false, NULL, "", NULL } }; static ChatCommand commandTable[] = { - { "rbac", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, NULL, "", rbacCommandTable }, - { NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false, NULL, "", NULL } + { "rbac", RBAC_PERM_COMMAND_RBAC, true, NULL, "", rbacCommandTable }, + { NULL, 0, false, NULL, "", NULL } }; return commandTable;