From b980aff83e214bab60f141c879c2a392789a4d16 Mon Sep 17 00:00:00 2001
From: Spp <spp@jorge.gr>
Date: Mon, 4 Feb 2013 08:21:25 +0100
Subject: Core: Implement Role based Access Control - This system will give
 more control of actions an account can perform.

System defines:
- Permissions to perform some action
- Roles: a set of permissions that have some relation
- Groups: a set of roles that have some relation

Operations:
- Grant: Assign and allow
- Deny: Assign and do not allow
- Revoke: Remove

Precedence to know if something can be done: Grant, Deny. That means, if you are granted some action by a role but you have denied the permission, the action can not be done.

Some Rules:
- Groups can only have roles
- Roles can only have permissions
- An account can be assigned granted and denied roles. Permissions inherited from roles are granted if roles is granted and denied if roles is denied
- An account can be assigned granted and denied permissions
- An account can have multiple groups, roles and permissions
- An account can not have same role granted and denied at same time
- An acconnt can not have same permission granted and denied at same time
- Id 0 can not be used to define a group, role or permission

Added some permissions as a sample of use (Instant Logout, Skip Queue, Join BGs, Join DF) and some permissions as a workaround to commands till command system is modified to use RBAC
---
 src/server/game/Chat/Chat.cpp | 25 ++++++++++++++++++++++---
 1 file changed, 22 insertions(+), 3 deletions(-)

(limited to 'src/server/game/Chat/Chat.cpp')

diff --git a/src/server/game/Chat/Chat.cpp b/src/server/game/Chat/Chat.cpp
index 0bf7c8591e3..b8f80fb36ac 100644
--- a/src/server/game/Chat/Chat.cpp
+++ b/src/server/game/Chat/Chat.cpp
@@ -122,8 +122,27 @@ const char *ChatHandler::GetTrinityString(int32 entry) const
 
 bool ChatHandler::isAvailable(ChatCommand const& cmd) const
 {
-    // check security level only for simple  command (without child commands)
-    return m_session->GetSecurity() >= AccountTypes(cmd.SecurityLevel);
+    uint32 permission = 0;
+
+    ///@Workaround:: Fast adaptation to RBAC system till all commands are moved to permissions
+    switch (AccountTypes(cmd.SecurityLevel))
+    {
+        case SEC_ADMINISTRATOR:
+            permission = RBAC_PERM_ADMINISTRATOR_COMMANDS;
+            break;
+        case SEC_GAMEMASTER:
+            permission = RBAC_PERM_GAMEMASTER_COMMANDS;
+            break;
+        case SEC_MODERATOR:
+            permission = RBAC_PERM_MODERATOR_COMMANDS;
+            break;
+        case SEC_PLAYER:
+        default:
+            permission = RBAC_PERM_PLAYER_COMMANDS;
+            break;
+    }
+
+    return m_session->HasPermission(permission);
 }
 
 bool ChatHandler::HasLowerSecurity(Player* target, uint64 guid, bool strong)
@@ -431,7 +450,7 @@ bool ChatHandler::ParseCommands(char const* text)
 
     std::string fullcmd = text;
 
-    if (m_session && AccountMgr::IsPlayerAccount(m_session->GetSecurity()) && !sWorld->getBoolConfig(CONFIG_ALLOW_PLAYER_COMMANDS))
+    if (m_session && !m_session->HasPermission(RBAC_PERM_PLAYER_COMMANDS))
        return false;
 
     /// chat case (.command or !command format)
-- 
cgit v1.2.3