Core/Chat: Corrected names and descriptions for GM.LowerSecurity config option and related rbac permission (#30644)

author: Mykhailo Redko <ovitnez@gmail.com> 2025-02-14 19:53:07 +0200
committer: GitHub <noreply@github.com> 2025-02-14 18:53:07 +0100
commit: 62fe2d6a8d848b9dcf106ccf9abee10c76493c5d (patch)
tree: 9ea4547d0207e25e4903b32c6bf1fe659859a272
parent: 6f30db7637b9a0772822ecbf9765ed44129ea28b (diff)
5 files changed, 13 insertions, 6 deletions
diff --git a/sql/base/auth_database.sql b/sql/base/auth_database.sql
index d90850cc9bb..bd52ab0edd4 100644
--- a/sql/base/auth_database.sql
+++ b/sql/base/auth_database.sql
@@ -1672,7 +1672,7 @@ INSERT INTO `rbac_permissions` VALUES
 (44,'Receive global GM messages/texts'),
 (45,'Join channels without announce'),
 (46,'Change channel settings without being channel moderator'),
-(47,'Enables lower security than target check'),
+(47,'Can ignore non-strong lower security checks if it\'s disabled in config'),
 (48,'Enable IP, Last Login and EMail output in pinfo'),
 (49,'Forces to enter the email for confirmation on password change'),
 (50,'Allow user to check his own email with .account'),
@@ -2531,7 +2531,8 @@ INSERT INTO `updates` VALUES
 ('2024_08_28_01_auth.sql','BC5D74553AF2D92606F55C1C462D2700FE73BD34','ARCHIVED','2024-08-28 14:55:05',0),
 ('2024_08_30_00_auth.sql','BD76942F1C29AAA2450E051E7CA552672B5E331B','ARCHIVED','2024-08-30 19:24:30',0),
 ('2024_09_26_00_auth.sql','E37C3997FD7851EA360774AC568912846C448272','ARCHIVED','2024-09-26 18:27:26',0),
-('2024_11_22_00_auth.sql','F2C1D1572A3968E9E9D778EF7DC82778DF3EF887','ARCHIVED','2024-11-22 23:18:14',0);
+('2024_11_22_00_auth.sql','F2C1D1572A3968E9E9D778EF7DC82778DF3EF887','ARCHIVED','2024-11-22 23:18:14',0),
+('2025_02_14_00_auth.sql','4A30E92FF519BB41C520CDBF90019291217C26A2','RELEASED','2025-02-14 17:20:00',0);
 /*!40000 ALTER TABLE `updates` ENABLE KEYS */;
 UNLOCK TABLES;
 
diff --git a/sql/updates/auth/3.3.5/2025_02_14_00_auth.sql b/sql/updates/auth/3.3.5/2025_02_14_00_auth.sql
new file mode 100644
index 00000000000..d147a6b499f
--- /dev/null
+++ b/sql/updates/auth/3.3.5/2025_02_14_00_auth.sql
@@ -0,0 +1,2 @@
+--
+UPDATE `rbac_permissions` SET `name`='Can ignore non-strong lower security checks if it\'s disabled in config' WHERE `id`=47;
diff --git a/src/server/game/Accounts/RBAC.h b/src/server/game/Accounts/RBAC.h
index 3b6437c1bfe..5fdc0fe7c1d 100644
--- a/src/server/game/Accounts/RBAC.h
+++ b/src/server/game/Accounts/RBAC.h
@@ -97,7 +97,7 @@ enum RBACPermissions
     RBAC_PERM_RECEIVE_GLOBAL_GM_TEXTMESSAGE                  = 44,
     RBAC_PERM_SILENTLY_JOIN_CHANNEL                          = 45,
     RBAC_PERM_CHANGE_CHANNEL_NOT_MODERATOR                   = 46,
-    RBAC_PERM_CHECK_FOR_LOWER_SECURITY                       = 47,
+    RBAC_PERM_CAN_IGNORE_LOWER_SECURITY_CHECK                = 47,
     RBAC_PERM_COMMANDS_PINFO_CHECK_PERSONAL_DATA             = 48,
     RBAC_PERM_EMAIL_CONFIRM_FOR_PASS_CHANGE                  = 49,
     RBAC_PERM_MAY_CHECK_OWN_EMAIL                            = 50,
diff --git a/src/server/game/Chat/Chat.cpp b/src/server/game/Chat/Chat.cpp
index 427619d0533..31424d7ee43 100644
--- a/src/server/game/Chat/Chat.cpp
+++ b/src/server/game/Chat/Chat.cpp
@@ -77,7 +77,7 @@ bool ChatHandler::HasLowerSecurityAccount(WorldSession* target, uint32 target_ac
         return false;
 
     // ignore only for non-players for non strong checks (when allow apply command at least to same sec level)
-    if (m_session->HasPermission(rbac::RBAC_PERM_CHECK_FOR_LOWER_SECURITY) && !strong && !sWorld->getBoolConfig(CONFIG_GM_LOWER_SECURITY))
+    if (m_session->HasPermission(rbac::RBAC_PERM_CAN_IGNORE_LOWER_SECURITY_CHECK) && !strong && !sWorld->getBoolConfig(CONFIG_GM_LOWER_SECURITY))
         return false;
 
     if (target)
diff --git a/src/server/worldserver/worldserver.conf.dist b/src/server/worldserver/worldserver.conf.dist
index 971eebc6cf9..90df12387f3 100644
--- a/src/server/worldserver/worldserver.conf.dist
+++ b/src/server/worldserver/worldserver.conf.dist
@@ -2178,8 +2178,12 @@ GM.AllowInvite = 0
 
 #
 #    GM.LowerSecurity
-#        Description: Allow lower security levels to use commands on higher security level
-#                     characters.
+#        Description: Disallow lower security levels to use commands on higher security level
+#                     characters. Regardless of this value, lower security check is always
+#                     enabled for accounts without RBAC_PERM_CAN_IGNORE_LOWER_SECURITY_CHECK.
+#                     This option also does not affect "strong" checks, such as in
+#                     certain .account and .rbac commands, which are always enabled.
+#
 #        Default:     0 - (Disabled)
 #                     1 - (Enabled)
author	Mykhailo Redko <ovitnez@gmail.com>	2025-02-14 19:53:07 +0200
committer	GitHub <noreply@github.com>	2025-02-14 18:53:07 +0100
commit	62fe2d6a8d848b9dcf106ccf9abee10c76493c5d (patch)
tree	9ea4547d0207e25e4903b32c6bf1fe659859a272
parent	6f30db7637b9a0772822ecbf9765ed44129ea28b (diff)