Core: Implement Role based Access Control

- This system will give more control of actions an account can perform. System defines: - Permissions to perform some action - Roles: a set of permissions that have some relation - Groups: a set of roles that have some relation Operations: - Grant: Assign and allow - Deny: Assign and do not allow - Revoke: Remove Precedence to know if something can be done: Grant, Deny. That means, if you are granted some action by a role but you have denied the permission, the action can not be done. Some Rules: - Groups can only have roles - Roles can only have permissions - An account can be assigned granted and denied roles. Permissions inherited from roles are granted if roles is granted and denied if roles is denied - An account can be assigned granted and denied permissions - An account can have multiple groups, roles and permissions - An account can not have same role granted and denied at same time - An acconnt can not have same permission granted and denied at same time - Id 0 can not be used to define a group, role or permission Added some permissions as a sample of use (Instant Logout, Skip Queue, Join BGs, Join DF) and some permissions as a workaround to commands till command system is modified to use RBAC
author: Spp <spp@jorge.gr> 2013-02-04 08:21:25 +0100
committer: Spp <spp@jorge.gr> 2013-02-04 09:04:33 +0100
commit: b980aff83e214bab60f141c879c2a392789a4d16 (patch)
tree: 0f9695e62bf2027574655766970cbe6ee0a50f43 /src/server/game/Server
parent: db9b0875500da077be1d0aa808999f59ed0663bc (diff)
3 files changed, 33 insertions, 3 deletions
diff --git a/src/server/game/Server/WorldSession.cpp b/src/server/game/Server/WorldSession.cpp
index 6c689319bc7..522dc95105d 100644
--- a/src/server/game/Server/WorldSession.cpp
+++ b/src/server/game/Server/WorldSession.cpp
@@ -21,6 +21,7 @@
 */
 
 #include "WorldSocket.h"                                    // must be first to make ACE happy with ACE includes in it
+#include "Config.h"
 #include "Common.h"
 #include "DatabaseEnv.h"
 #include "Log.h"
@@ -115,7 +116,8 @@ WorldSession::WorldSession(uint32 id, WorldSocket* sock, AccountTypes sec, uint8
     m_TutorialsChanged(false),
     recruiterId(recruiter),
     isRecruiter(isARecruiter),
-    timeLastWhoCommand(0)
+    timeLastWhoCommand(0),
+    _RBACData(NULL)
 {
     if (sock)
     {
@@ -143,8 +145,8 @@ WorldSession::~WorldSession()
         m_Socket = NULL;
     }
 
-    if (_warden)
-        delete _warden;
+    delete _warden;
+    delete _RBACData;
 
     ///- empty incoming packet queue
     WorldPacket* packet = NULL;
@@ -1200,3 +1202,24 @@ void WorldSession::InitWarden(BigNumber* k, std::string const& os)
         // _warden->Init(this, k);
     }
 }
+
+void WorldSession::LoadPermissions()
+{
+    uint32 id = GetAccountId();
+    std::string name;
+    int32 realmId = ConfigMgr::GetIntDefault("RealmID", 0);
+    AccountMgr::GetName(id, name);
+
+    _RBACData = new RBACData(id, name, realmId);
+    _RBACData->LoadFromDB();
+}
+
+RBACData* WorldSession::GetRBACData()
+{
+    return _RBACData;
+}
+
+bool WorldSession::HasPermission(uint32 permission)
+{
+    return _RBACData->HasPermission(permission);
+}
diff --git a/src/server/game/Server/WorldSession.h b/src/server/game/Server/WorldSession.h
index 11bb7a36f5a..d6877b8a18a 100644
--- a/src/server/game/Server/WorldSession.h
+++ b/src/server/game/Server/WorldSession.h
@@ -24,6 +24,7 @@
 #define __WORLDSESSION_H
 
 #include "Common.h"
+#include "AccountMgr.h"
 #include "SharedDefines.h"
 #include "AddonMgr.h"
 #include "DatabaseEnv.h"
@@ -216,6 +217,10 @@ class WorldSession
         void SendAuthResponse(uint8 code, bool shortForm, uint32 queuePos = 0);
         void SendClientCacheVersion(uint32 version);
 
+        RBACData* GetRBACData();
+        bool HasPermission(uint32 permissionId);
+        void LoadPermissions();
+
         AccountTypes GetSecurity() const { return _security; }
         uint32 GetAccountId() const { return _accountId; }
         Player* GetPlayer() const { return _player; }
@@ -954,6 +959,7 @@ class WorldSession
         bool isRecruiter;
         ACE_Based::LockedQueue<WorldPacket*, ACE_Thread_Mutex> _recvQueue;
         time_t timeLastWhoCommand;
+        RBACData* _RBACData;
 };
 #endif
 /// @}
diff --git a/src/server/game/Server/WorldSocket.cpp b/src/server/game/Server/WorldSocket.cpp
index c80d25be139..c77cad70186 100644
--- a/src/server/game/Server/WorldSocket.cpp
+++ b/src/server/game/Server/WorldSocket.cpp
@@ -953,6 +953,7 @@ int WorldSocket::HandleAuthSession(WorldPacket& recvPacket)
     m_Session->LoadGlobalAccountData();
     m_Session->LoadTutorialsData();
     m_Session->ReadAddonsInfo(recvPacket);
+    m_Session->LoadPermissions();
 
     // Initialize Warden system only if it is enabled by config
     if (sWorld->getBoolConfig(CONFIG_WARDEN_ENABLED))
author	Spp <spp@jorge.gr>	2013-02-04 08:21:25 +0100
committer	Spp <spp@jorge.gr>	2013-02-04 09:04:33 +0100
commit	b980aff83e214bab60f141c879c2a392789a4d16 (patch)
tree	0f9695e62bf2027574655766970cbe6ee0a50f43 /src/server/game/Server
parent	db9b0875500da077be1d0aa808999f59ed0663bc (diff)