aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sql/updates/auth/2013_08_30_00_auth_misc.sql40
-rw-r--r--sql/updates/world/2013_08_30_02_world_command.sql17
-rw-r--r--src/server/game/Accounts/RBAC.h20
-rw-r--r--src/server/scripts/Commands/cs_rbac.cpp56
4 files changed, 105 insertions, 28 deletions
diff --git a/sql/updates/auth/2013_08_30_00_auth_misc.sql b/sql/updates/auth/2013_08_30_00_auth_misc.sql
new file mode 100644
index 00000000000..1f51a8deee8
--- /dev/null
+++ b/sql/updates/auth/2013_08_30_00_auth_misc.sql
@@ -0,0 +1,40 @@
+-- Add new permissions
+DELETE FROM `rbac_permissions` WHERE `id` BETWEEN 200 AND 216;
+INSERT INTO `rbac_permissions` (`id`, `name`) VALUES
+(200, 'Command: .rbac'),
+(201, 'Command: .rbac account'),
+(202, 'Command: .rbac account group'),
+(203, 'Command: .rbac account group add'),
+(204, 'Command: .rbac account group remove'),
+(205, 'Command: .rbac account role'),
+(206, 'Command: .rbac account role grant'),
+(207, 'Command: .rbac account role deny'),
+(208, 'Command: .rbac account role revoke'),
+(209, 'Command: .rbac account permission'),
+(210, 'Command: .rbac account permission grant'),
+(211, 'Command: .rbac account permission deny'),
+(212, 'Command: .rbac account permission revoke'),
+(213, 'Command: .rbac list'),
+(214, 'Command: .rbac list groups'),
+(215, 'Command: .rbac list roles'),
+(216, 'Command: .rbac list permissions');
+
+-- Add Permissions to "Administrator Commands Role"
+DELETE FROM `rbac_role_permissions` WHERE `roleId` = 4 AND `permissionId` BETWEEN 200 AND 216;
+INSERT INTO `rbac_role_permissions` (`roleId`, `permissionId`) VALUES
+(4, 200),
+(4, 201),
+(4, 202),
+(4, 203),
+(4, 204),
+(4, 205),
+(4, 206),
+(4, 207),
+(4, 208),
+(4, 209),
+(4, 210),
+(4, 211),
+(4, 213),
+(4, 214),
+(4, 215),
+(4, 216);
diff --git a/sql/updates/world/2013_08_30_02_world_command.sql b/sql/updates/world/2013_08_30_02_world_command.sql
new file mode 100644
index 00000000000..1b0f1a2a663
--- /dev/null
+++ b/sql/updates/world/2013_08_30_02_world_command.sql
@@ -0,0 +1,17 @@
+-- Update command table with new RBAC permissions
+UPDATE `command` SET `permission` = 200 WHERE `name` = '.rbac';
+UPDATE `command` SET `permission` = 201 WHERE `name` = '.rbac account';
+UPDATE `command` SET `permission` = 202 WHERE `name` = '.rbac account group';
+UPDATE `command` SET `permission` = 203 WHERE `name` = '.rbac account group add';
+UPDATE `command` SET `permission` = 204 WHERE `name` = '.rbac account group remove';
+UPDATE `command` SET `permission` = 205 WHERE `name` = '.rbac account role';
+UPDATE `command` SET `permission` = 206 WHERE `name` = '.rbac account role grant';
+UPDATE `command` SET `permission` = 207 WHERE `name` = '.rbac account role deny';
+UPDATE `command` SET `permission` = 208 WHERE `name` = '.rbac account role revoke';
+UPDATE `command` SET `permission` = 209 WHERE `name` = '.rbac account permission';
+UPDATE `command` SET `permission` = 210 WHERE `name` = '.rbac account permission grant';
+UPDATE `command` SET `permission` = 211 WHERE `name` = '.rbac account permission deny';
+UPDATE `command` SET `permission` = 212 WHERE `name` = '.rbac account permission revoke';
+UPDATE `command` SET `permission` = 214 WHERE `name` = '.rbac account list groups';
+UPDATE `command` SET `permission` = 215 WHERE `name` = '.rbac account list roles';
+UPDATE `command` SET `permission` = 216 WHERE `name` = '.rbac account list permissions';
diff --git a/src/server/game/Accounts/RBAC.h b/src/server/game/Accounts/RBAC.h
index 4e98e5f003e..30902f944df 100644
--- a/src/server/game/Accounts/RBAC.h
+++ b/src/server/game/Accounts/RBAC.h
@@ -96,6 +96,26 @@ enum RBACPermissions
RBAC_PERM_CHANGE_CHANNEL_NOT_MODERATOR = 46,
RBAC_PERM_CHECK_FOR_LOWER_SECURITY = 47,
RBAC_PERM_COMMANDS_PINFO_CHECK_PERSONAL_DATA = 48,
+ // Leave some space for core permissions
+ RBAC_PERM_COMMAND_RBAC = 200,
+ RBAC_PERM_COMMAND_RBAC_ACC = 201,
+ RBAC_PERM_COMMAND_RBAC_ACC_GROUP = 202,
+ RBAC_PERM_COMMAND_RBAC_ACC_GROUP_ADD = 203,
+ RBAC_PERM_COMMAND_RBAC_ACC_GROUP_DEL = 204,
+ RBAC_PERM_COMMAND_RBAC_ACC_ROLE = 205,
+ RBAC_PERM_COMMAND_RBAC_ACC_ROLE_GRANT = 206,
+ RBAC_PERM_COMMAND_RBAC_ACC_ROLE_DENY = 207,
+ RBAC_PERM_COMMAND_RBAC_ACC_ROLE_REVOKE = 208,
+ RBAC_PERM_COMMAND_RBAC_ACC_PERM = 209,
+ RBAC_PERM_COMMAND_RBAC_ACC_PERM_GRANT = 210,
+ RBAC_PERM_COMMAND_RBAC_ACC_PERM_DENY = 211,
+ RBAC_PERM_COMMAND_RBAC_ACC_PERM_REVOKE = 212,
+ RBAC_PERM_COMMAND_RBAC_LIST = 213,
+ RBAC_PERM_COMMAND_RBAC_LIST_GROUPS = 214,
+ RBAC_PERM_COMMAND_RBAC_LIST_ROLES = 215,
+ RBAC_PERM_COMMAND_RBAC_LIST_PERMS = 216,
+
+ // custom permissions 1000+
RBAC_PERM_MAX
};
diff --git a/src/server/scripts/Commands/cs_rbac.cpp b/src/server/scripts/Commands/cs_rbac.cpp
index 22a71115e76..9c682acb224 100644
--- a/src/server/scripts/Commands/cs_rbac.cpp
+++ b/src/server/scripts/Commands/cs_rbac.cpp
@@ -53,58 +53,58 @@ public:
{
static ChatCommand rbacGroupsCommandTable[] =
{
- { "add", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACGroupAddCommand, "", NULL },
- { "remove", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACGroupRemoveCommand, "", NULL },
- { "", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACGroupListCommand, "", NULL },
- { NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false, NULL, "", NULL }
+ { "add", RBAC_PERM_COMMAND_RBAC_ACC_GROUP_ADD, true, &HandleRBACGroupAddCommand, "", NULL },
+ { "remove", RBAC_PERM_COMMAND_RBAC_ACC_GROUP_DEL, true, &HandleRBACGroupRemoveCommand, "", NULL },
+ { "", RBAC_PERM_COMMAND_RBAC_ACC_GROUP, true, &HandleRBACGroupListCommand, "", NULL },
+ { NULL, 0, false, NULL, "", NULL }
};
static ChatCommand rbacRolesCommandTable[] =
{
- { "grant", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACRoleGrantCommand, "", NULL },
- { "deny", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACRoleDenyCommand, "", NULL },
- { "revoke", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACRoleRevokeCommand, "", NULL },
- { "", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACRoleListCommand, "", NULL },
- { NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false, NULL, "", NULL }
+ { "grant", RBAC_PERM_COMMAND_RBAC_ACC_ROLE_GRANT, true, &HandleRBACRoleGrantCommand, "", NULL },
+ { "deny", RBAC_PERM_COMMAND_RBAC_ACC_ROLE_DENY, true, &HandleRBACRoleDenyCommand, "", NULL },
+ { "revoke", RBAC_PERM_COMMAND_RBAC_ACC_ROLE_REVOKE, true, &HandleRBACRoleRevokeCommand, "", NULL },
+ { "", RBAC_PERM_COMMAND_RBAC_ACC_ROLE, true, &HandleRBACRoleListCommand, "", NULL },
+ { NULL, 0, false, NULL, "", NULL }
};
static ChatCommand rbacPermsCommandTable[] =
{
- { "grant", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACPermGrantCommand, "", NULL },
- { "deny", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACPermDenyCommand, "", NULL },
- { "revoke", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACPermRevokeCommand, "", NULL },
- { "", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACPermListCommand, "", NULL },
- { NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false, NULL, "", NULL }
+ { "grant", RBAC_PERM_COMMAND_RBAC_ACC_PERM_GRANT, true, &HandleRBACPermGrantCommand, "", NULL },
+ { "deny", RBAC_PERM_COMMAND_RBAC_ACC_PERM_DENY, true, &HandleRBACPermDenyCommand, "", NULL },
+ { "revoke", RBAC_PERM_COMMAND_RBAC_ACC_PERM_REVOKE, true, &HandleRBACPermRevokeCommand, "", NULL },
+ { "", RBAC_PERM_COMMAND_RBAC_ACC_PERM, true, &HandleRBACPermListCommand, "", NULL },
+ { NULL, 0, false, NULL, "", NULL }
};
static ChatCommand rbacListCommandTable[] =
{
- { "groups", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACListGroupsCommand, "", NULL },
- { "roles", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACListRolesCommand, "", NULL },
- { "permissions", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACListPermissionsCommand, "", NULL },
- { NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false, NULL, "", NULL }
+ { "groups", RBAC_PERM_COMMAND_RBAC_LIST_GROUPS, true, &HandleRBACListGroupsCommand, "", NULL },
+ { "roles", RBAC_PERM_COMMAND_RBAC_LIST_ROLES, true, &HandleRBACListRolesCommand, "", NULL },
+ { "permissions", RBAC_PERM_COMMAND_RBAC_LIST_PERMS, true, &HandleRBACListPermissionsCommand, "", NULL },
+ { NULL, 0, false, NULL, "", NULL }
};
static ChatCommand rbacAccountCommandTable[] =
{
- { "group", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, NULL, "", rbacGroupsCommandTable },
- { "role", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, NULL, "", rbacRolesCommandTable },
- { "permission", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, NULL, "", rbacPermsCommandTable },
- { "", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, &HandleRBACAccountPermissionCommand, "", NULL },
- { NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false, NULL, "", NULL }
+ { "group", RBAC_PERM_COMMAND_RBAC_ACC_GROUP, true, NULL, "", rbacGroupsCommandTable },
+ { "role", RBAC_PERM_COMMAND_RBAC_ACC_ROLE, true, NULL, "", rbacRolesCommandTable },
+ { "permission", RBAC_PERM_COMMAND_RBAC_ACC_PERM, true, NULL, "", rbacPermsCommandTable },
+ { "", RBAC_PERM_COMMAND_RBAC_ACC, true, &HandleRBACAccountPermissionCommand, "", NULL },
+ { NULL, 0, false, NULL, "", NULL }
};
static ChatCommand rbacCommandTable[] =
{
- { "account", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, NULL, "", rbacAccountCommandTable },
- { "list", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, NULL, "", rbacListCommandTable },
- { NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false, NULL, "", NULL }
+ { "account", RBAC_PERM_COMMAND_RBAC_ACC, true, NULL, "", rbacAccountCommandTable },
+ { "list", RBAC_PERM_COMMAND_RBAC_LIST, true, NULL, "", rbacListCommandTable },
+ { NULL, 0, false, NULL, "", NULL }
};
static ChatCommand commandTable[] =
{
- { "rbac", RBAC_PERM_ADMINISTRATOR_COMMANDS, true, NULL, "", rbacCommandTable },
- { NULL, RBAC_PERM_ADMINISTRATOR_COMMANDS, false, NULL, "", NULL }
+ { "rbac", RBAC_PERM_COMMAND_RBAC, true, NULL, "", rbacCommandTable },
+ { NULL, 0, false, NULL, "", NULL }
};
return commandTable;