From ea2fe0217d497063d4b7a169ee81287e2b849702 Mon Sep 17 00:00:00 2001 From: Spp Date: Sun, 29 Sep 2013 13:08:46 +0200 Subject: Core/RBAC: Simplify RBAC implementation - Drop groups (roles than can have inherited roles) and roles (set of permissions) - Permissions can now have inherited permissions (those act as roles) RBAC DB structure is now limited to four tables - rbac_permissions: Contains permissions and roles - rbac_linked_permissions: Contains the relation between permissions and linked permissions (those permissions that have linked permissions are called roles) - rbac_default_permissions: Contains the list of permissions to be granted to each security level [Added to maintain compatibility in an easy way] - rbac_account_permissions: Contains the list of permissions granted or denied for a particular account. NOTE: IF YOU ARE USING CUSTOM PERMISSIONS, ROLES OR GROUPS CHECK THE SQL BEFORE APPLYING... --- src/server/game/Accounts/AccountMgr.cpp | 141 ++----- src/server/game/Accounts/AccountMgr.h | 14 +- src/server/game/Accounts/RBAC.cpp | 388 ++++-------------- src/server/game/Accounts/RBAC.h | 319 +++++---------- src/server/game/Miscellaneous/Language.h | 45 +-- src/server/scripts/Commands/cs_rbac.cpp | 449 ++------------------- .../Database/Implementation/LoginDatabase.cpp | 8 - .../shared/Database/Implementation/LoginDatabase.h | 6 - 8 files changed, 267 insertions(+), 1103 deletions(-) (limited to 'src') diff --git a/src/server/game/Accounts/AccountMgr.cpp b/src/server/game/Accounts/AccountMgr.cpp index 7fd27f76247..cd700839934 100644 --- a/src/server/game/Accounts/AccountMgr.cpp +++ b/src/server/game/Accounts/AccountMgr.cpp @@ -415,102 +415,69 @@ void AccountMgr::LoadRBAC() } while (result->NextRow()); - TC_LOG_DEBUG(LOG_FILTER_RBAC, "AccountMgr::LoadRBAC: Loading roles"); - result = LoginDatabase.Query("SELECT id, name FROM rbac_roles"); + TC_LOG_DEBUG(LOG_FILTER_RBAC, "AccountMgr::LoadRBAC: Loading linked permissions"); + result = LoginDatabase.Query("SELECT id, linkedId FROM rbac_linked_permissions ORDER BY id ASC"); if (!result) { - TC_LOG_INFO(LOG_FILTER_SERVER_LOADING, ">> Loaded 0 account role definitions. DB table `rbac_roles` is empty."); + TC_LOG_INFO(LOG_FILTER_SERVER_LOADING, ">> Loaded 0 linked permissions. DB table `rbac_linked_permissions` is empty."); return; } - do - { - Field* field = result->Fetch(); - uint32 id = field[0].GetUInt32(); - _roles[id] = new rbac::RBACRole(id, field[1].GetString()); - ++count2; - } - while (result->NextRow()); - - TC_LOG_DEBUG(LOG_FILTER_RBAC, "AccountMgr::LoadRBAC: Loading role permissions"); - result = LoginDatabase.Query("SELECT roleId, permissionId FROM rbac_role_permissions"); - if (!result) - { - TC_LOG_INFO(LOG_FILTER_SERVER_LOADING, ">> Loaded 0 account role-permission definitions. DB table `rbac_role_permissions` is empty."); - return; - } - - do - { - Field* field = result->Fetch(); - uint32 id = field[0].GetUInt32(); - rbac::RBACRole* role = _roles[id]; - role->GrantPermission(field[1].GetUInt32()); - } - while (result->NextRow()); - - TC_LOG_DEBUG(LOG_FILTER_RBAC, "AccountMgr::LoadRBAC: Loading groups"); - result = LoginDatabase.Query("SELECT id, name FROM rbac_groups"); - if (!result) - { - TC_LOG_INFO(LOG_FILTER_SERVER_LOADING, ">> Loaded 0 account group definitions. DB table `rbac_groups` is empty."); - return; - } + uint32 permissionId = 0; + rbac::RBACPermission* permission = NULL; do { Field* field = result->Fetch(); - uint32 id = field[0].GetUInt32(); - _groups[id] = new rbac::RBACGroup(id, field[1].GetString()); - ++count3; - } - while (result->NextRow()); - - TC_LOG_DEBUG(LOG_FILTER_RBAC, "AccountMgr::LoadRBAC: Loading group roles"); - result = LoginDatabase.Query("SELECT groupId, roleId FROM rbac_group_roles"); - if (!result) - { - TC_LOG_INFO(LOG_FILTER_SERVER_LOADING, ">> Loaded 0 account group-role definitions. DB table `rbac_group_roles` is empty."); - return; - } + uint32 newId = field[0].GetUInt32(); + if (permissionId != newId) + { + permissionId = newId; + permission = _permissions[newId]; + } - do - { - Field* field = result->Fetch(); - uint32 id = field[0].GetUInt32(); - rbac::RBACGroup* group = _groups[id]; - group->GrantRole(field[1].GetUInt32()); + uint32 linkedPermissionId = field[1].GetUInt32(); + if (linkedPermissionId == permissionId) + { + TC_LOG_ERROR(LOG_FILTER_SQL, "RBAC Permission %u has itself as linked permission. Ignored", permissionId); + continue; + } + permission->AddLinkedPermission(linkedPermissionId); + ++count2; } while (result->NextRow()); - TC_LOG_DEBUG(LOG_FILTER_RBAC, "AccountMgr::LoadRBAC: Loading security level groups"); - result = LoginDatabase.Query("SELECT secId, groupId FROM rbac_security_level_groups ORDER by secId ASC"); + TC_LOG_DEBUG(LOG_FILTER_RBAC, "AccountMgr::LoadRBAC: Loading default permissions"); + result = LoginDatabase.Query("SELECT secId, permissionId FROM rbac_default_permissions ORDER BY secId ASC"); if (!result) { - TC_LOG_INFO(LOG_FILTER_SERVER_LOADING, ">> Loaded 0 account default groups for security levels definitions. DB table `rbac_security_level_groups` is empty."); + TC_LOG_INFO(LOG_FILTER_SERVER_LOADING, ">> Loaded 0 default permission definitions. DB table `rbac_default_permissions` is empty."); return; } - uint8 lastSecId = 255; - rbac::RBACGroupContainer* groups = NULL; + uint8 secId = 255; + rbac::RBACPermissionContainer* permissions; do { Field* field = result->Fetch(); - uint8 secId = field[0].GetUInt8(); - - if (lastSecId != secId) - groups = &_defaultSecGroups[secId]; - - groups->insert(field[1].GetUInt32()); + uint32 newId = field[0].GetUInt32(); + if (secId != newId) + { + secId = newId; + permissions = &_defaultPermissions[secId]; + } + + permissions->insert(field[1].GetUInt32()); + ++count3; } while (result->NextRow()); - TC_LOG_INFO(LOG_FILTER_SERVER_LOADING, ">> Loaded %u permission definitions, %u role definitions and %u group definitions in %u ms", count1, count2, count3, GetMSTimeDiffToNow(oldMSTime)); + TC_LOG_INFO(LOG_FILTER_SERVER_LOADING, ">> Loaded %u permission definitions, %u linked permissions and %u default permissions in %u ms", count1, count2, count3, GetMSTimeDiffToNow(oldMSTime)); } void AccountMgr::UpdateAccountAccess(rbac::RBACData* rbac, uint32 accountId, uint8 securityLevel, int32 realmId) { - if (rbac) + if (rbac && securityLevel == rbac->GetSecurityLevel()) rbac->SetSecurityLevel(securityLevel); // Delete old security level from DB @@ -539,29 +506,9 @@ void AccountMgr::UpdateAccountAccess(rbac::RBACData* rbac, uint32 accountId, uin } } -rbac::RBACGroup const* AccountMgr::GetRBACGroup(uint32 groupId) const -{ - TC_LOG_TRACE(LOG_FILTER_RBAC, "AccountMgr::GetRBACGroup: groupId: %u", groupId); - rbac::RBACGroupsContainer::const_iterator it = _groups.find(groupId); - if (it != _groups.end()) - return it->second; - - return NULL; -} - -rbac::RBACRole const* AccountMgr::GetRBACRole(uint32 roleId) const -{ - TC_LOG_TRACE(LOG_FILTER_RBAC, "AccountMgr::GetRBACRole: roleId: %u", roleId); - rbac::RBACRolesContainer::const_iterator it = _roles.find(roleId); - if (it != _roles.end()) - return it->second; - - return NULL; -} - rbac::RBACPermission const* AccountMgr::GetRBACPermission(uint32 permissionId) const { - TC_LOG_TRACE(LOG_FILTER_RBAC, "AccountMgr::GetRBACPermission: roleId: %u", permissionId); + TC_LOG_TRACE(LOG_FILTER_RBAC, "AccountMgr::GetRBACPermission: %u", permissionId); rbac::RBACPermissionsContainer::const_iterator it = _permissions.find(permissionId); if (it != _permissions.end()) return it->second; @@ -591,14 +538,12 @@ void AccountMgr::ClearRBAC() for (rbac::RBACPermissionsContainer::iterator itr = _permissions.begin(); itr != _permissions.end(); ++itr) delete itr->second; - for (rbac::RBACRolesContainer::iterator itr = _roles.begin(); itr != _roles.end(); ++itr) - delete itr->second; - - for (rbac::RBACGroupsContainer::iterator itr = _groups.begin(); itr != _groups.end(); ++itr) - delete itr->second; - _permissions.clear(); - _roles.clear(); - _groups.clear(); - _defaultSecGroups.clear(); + _defaultPermissions.clear(); +} + +rbac::RBACPermissionContainer const& AccountMgr::GetRBACDefaultPermissions(uint8 secLevel) +{ + TC_LOG_TRACE(LOG_FILTER_RBAC, "AccountMgr::GetRBACDefaultPermissions: secLevel %u - size: %u", secLevel, _defaultPermissions[secLevel].size()); + return _defaultPermissions[secLevel]; } diff --git a/src/server/game/Accounts/AccountMgr.h b/src/server/game/Accounts/AccountMgr.h index 8b2e77d3e9b..24bea5c15a9 100644 --- a/src/server/game/Accounts/AccountMgr.h +++ b/src/server/game/Accounts/AccountMgr.h @@ -46,9 +46,7 @@ enum PasswordChangeSecurity namespace rbac { typedef std::map RBACPermissionsContainer; -typedef std::map RBACRolesContainer; -typedef std::map RBACGroupsContainer; -typedef std::map RBACDefaultSecurityGroupContainer; +typedef std::map RBACDefaultPermissionsContainer; } class AccountMgr @@ -86,21 +84,15 @@ class AccountMgr void UpdateAccountAccess(rbac::RBACData* rbac, uint32 accountId, uint8 securityLevel, int32 realmId); void LoadRBAC(); - rbac::RBACGroup const* GetRBACGroup(uint32 group) const; - rbac::RBACRole const* GetRBACRole(uint32 role) const; rbac::RBACPermission const* GetRBACPermission(uint32 permission) const; - rbac::RBACGroupsContainer const& GetRBACGroupList() const { return _groups; } - rbac::RBACRolesContainer const& GetRBACRoleList() const { return _roles; } rbac::RBACPermissionsContainer const& GetRBACPermissionList() const { return _permissions; } - rbac::RBACGroupContainer const& GetRBACDefaultGroups(uint8 secLevel) { return _defaultSecGroups[secLevel]; } + rbac::RBACPermissionContainer const& GetRBACDefaultPermissions(uint8 secLevel); private: void ClearRBAC(); rbac::RBACPermissionsContainer _permissions; - rbac::RBACRolesContainer _roles; - rbac::RBACGroupsContainer _groups; - rbac::RBACDefaultSecurityGroupContainer _defaultSecGroups; + rbac::RBACDefaultPermissionsContainer _defaultPermissions; }; #define sAccountMgr ACE_Singleton::instance() diff --git a/src/server/game/Accounts/RBAC.cpp b/src/server/game/Accounts/RBAC.cpp index d8333ce74d8..8cd70721976 100644 --- a/src/server/game/Accounts/RBAC.cpp +++ b/src/server/game/Accounts/RBAC.cpp @@ -23,238 +23,20 @@ namespace rbac { -void RBACRole::GrantPermission(uint32 permissionId) +std::string GetDebugPermissionString(RBACPermissionContainer const& perms) { - if (permissionId < RBAC_PERM_MAX) + std::string str = ""; + if (!perms.empty()) { - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACRole::GrantPermission (Role %u, Permission %u). Ok", GetId(), permissionId); - _perms.set(permissionId); - } - else - TC_LOG_ERROR(LOG_FILTER_RBAC, "RBACRole::GrantPermission (Role %u, Permission %u). Permission not lower than %u", - GetId(), permissionId, RBAC_PERM_MAX); -} - -void RBACRole::RevokePermission(uint32 permissionId) -{ - if (permissionId < RBAC_PERM_MAX) - { - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACRole::RevokePermission (Role %u, Permission %u). Ok", GetId(), permissionId); - _perms.reset(permissionId); - } - else - TC_LOG_ERROR(LOG_FILTER_RBAC, "RBACRole::RevokePermission (Role %u, Permission %u). Permission not lower than %u", - GetId(), permissionId, RBAC_PERM_MAX); -} - -void RBACGroup::GrantRole(uint32 roleId) -{ - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACRole::GrantPermission (Role %u, Permission %u). Ok", GetId(), roleId); - _roles.insert(roleId); -} - -void RBACGroup::RevokeRole(uint32 roleId) -{ - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACRole::GrantPermission (Role %u, Permission %u). Ok", GetId(), roleId); - _roles.erase(roleId); -} - -RBACCommandResult RBACData::AddGroup(uint32 groupId, int32 realmId /* = 0 */) -{ - // Check if group Id exists - RBACGroup const* group = sAccountMgr->GetRBACGroup(groupId); - if (!group) - { - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::AddGroup [Id: %u Name: %s] (Group %u, RealmId %d). Group does not exists", - GetId(), GetName().c_str(), groupId, realmId); - return RBAC_ID_DOES_NOT_EXISTS; - } - - // Already added? - std::pair::iterator, bool> ret = _groups.insert(groupId); - if (!ret.second) - { - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::AddGroup [Id: %u Name: %s] (Group %u, RealmId %d). Group Already added", - GetId(), GetName().c_str(), groupId, realmId); - return RBAC_CANT_ADD_ALREADY_ADDED; - } - - // Do not save to db when loading data from DB (realmId = 0) - if (realmId) - { - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::AddGroup [Id: %u Name: %s] (Group %u, RealmId %d). Added and DB updated", - GetId(), GetName().c_str(), groupId, realmId); - PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_RBAC_ACCOUNT_GROUP); - stmt->setUInt32(0, GetId()); - stmt->setUInt32(1, groupId); - stmt->setInt32(2, realmId); - LoginDatabase.Execute(stmt); - - CalculateNewPermissions(); - } - else - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::AddGroup [Id: %u Name: %s] (Group %u, RealmId %d). Added", - GetId(), GetName().c_str(), groupId, realmId); - - return RBAC_OK; -} - -RBACCommandResult RBACData::RemoveGroup(uint32 groupId, int32 realmId /* = 0 */) -{ - // could remove it? - if (!_groups.erase(groupId)) - { - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::RemoveGroup [Id: %u Name: %s] (Group %u, RealmId %d). Group not in list", - GetId(), GetName().c_str(), groupId, realmId); - return RBAC_CANT_REVOKE_NOT_IN_LIST; - } - - // Do not save to db when loading data from DB (realmId = 0) - if (realmId) - { - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::RemoveGroup [Id: %u Name: %s] (Group %u, RealmId %d). Removed and DB updated", - GetId(), GetName().c_str(), groupId, realmId); - PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_RBAC_ACCOUNT_GROUP); - stmt->setUInt32(0, GetId()); - stmt->setUInt32(1, groupId); - stmt->setInt32(2, realmId); - LoginDatabase.Execute(stmt); - - CalculateNewPermissions(); - } - else - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::RemoveGroup [Id: %u Name: %s] (Group %u, RealmId %d). Removed", - GetId(), GetName().c_str(), groupId, realmId); - - return RBAC_OK; -} - -RBACCommandResult RBACData::GrantRole(uint32 roleId, int32 realmId /* = 0*/) -{ - // Check if role Id exists - RBACRole const* role = sAccountMgr->GetRBACRole(roleId); - if (!role) - { - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::GrantRole [Id: %u Name: %s] (Role %u, RealmId %d). Role does not exists", - GetId(), GetName().c_str(), roleId, realmId); - return RBAC_ID_DOES_NOT_EXISTS; - } - - // Check if already added in denied list - if (_deniedRoles.find(roleId) != _deniedRoles.end()) - { - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::GrantRole [Id: %u Name: %s] (Role %u, RealmId %d). Role in deny list", - GetId(), GetName().c_str(), roleId, realmId); - return RBAC_IN_DENIED_LIST; - } - - // Already added? - std::pair::iterator, bool> ret = _grantedRoles.insert(roleId); - if (!ret.second) - { - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::GrantRole [Id: %u Name: %s] (Role %u, RealmId %d). Role already granted", - GetId(), GetName().c_str(), roleId, realmId); - return RBAC_CANT_ADD_ALREADY_ADDED; - } - - // Do not save to db when loading data from DB (realmId = 0) - if (realmId) - { - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::GrantRole [Id: %u Name: %s] (Role %u, RealmId %d). Ok and DB updated", - GetId(), GetName().c_str(), roleId, realmId); - SaveRole(roleId, true, realmId); - CalculateNewPermissions(); - } - else - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::GrantRole [Id: %u Name: %s] (Role %u, RealmId %d). Ok", - GetId(), GetName().c_str(), roleId, realmId); - - return RBAC_OK; -} - -RBACCommandResult RBACData::DenyRole(uint32 roleId, int32 realmId /* = 0*/) -{ - // Check if role Id exists - RBACRole const* role = sAccountMgr->GetRBACRole(roleId); - if (!role) - { - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::DenyRole [Id: %u Name: %s] (Role %u, RealmId %d). Role does not exists", - GetId(), GetName().c_str(), roleId, realmId); - return RBAC_ID_DOES_NOT_EXISTS; - } - - // Check if already added in granted list - if (_grantedRoles.find(roleId) != _grantedRoles.end()) - { - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::DenyRole [Id: %u Name: %s] (Role %u, RealmId %d). Role in grant list", - GetId(), GetName().c_str(), roleId, realmId); - return RBAC_IN_GRANTED_LIST; - } - - // Already added? - std::pair::iterator, bool> ret = _deniedRoles.insert(roleId); - if (!ret.second) - { - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::DenyRole [Id: %u Name: %s] (Role %u, RealmId %d). Role already denied", - GetId(), GetName().c_str(), roleId, realmId); - return RBAC_CANT_ADD_ALREADY_ADDED; + std::ostringstream o; + RBACPermissionContainer::const_iterator itr = perms.begin(); + o << (*itr); + for (++itr; itr != perms.end(); ++itr) + o << ", " << uint32(*itr); + str = o.str(); } - // Do not save to db when loading data from DB (realmId = 0) - if (realmId) - { - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::DenyRole [Id: %u Name: %s] (Role %u, RealmId %d). Ok and DB updated", - GetId(), GetName().c_str(), roleId, realmId); - SaveRole(roleId, false, realmId); - CalculateNewPermissions(); - } - else - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::DenyRole [Id: %u Name: %s] (Role %u, RealmId %d). Ok", - GetId(), GetName().c_str(), roleId, realmId); - - return RBAC_OK; -} - -void RBACData::SaveRole(uint32 roleId, bool granted, int32 realmId) -{ - PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_RBAC_ACCOUNT_ROLE); - stmt->setUInt32(0, GetId()); - stmt->setUInt32(1, roleId); - stmt->setBool(2, granted); - stmt->setInt32(3, realmId); - LoginDatabase.Execute(stmt); -} - -RBACCommandResult RBACData::RevokeRole(uint32 roleId, int32 realmId /* = 0*/) -{ - uint8 revoked = _grantedRoles.erase(roleId) + _deniedRoles.erase(roleId); - - // could remove it? - if (!revoked) - { - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::RevokeRole [Id: %u Name: %s] (Role %u, RealmId %d). Not granted or revoked", - GetId(), GetName().c_str(), roleId, realmId); - return RBAC_CANT_REVOKE_NOT_IN_LIST; - } - - // Do not save to db when loading data from DB (realmId = 0) - if (realmId) - { - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::RevokeRole [Id: %u Name: %s] (Role %u, RealmId %d). Ok and DB updated", - GetId(), GetName().c_str(), roleId, realmId); - PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_RBAC_ACCOUNT_ROLE); - stmt->setUInt32(0, GetId()); - stmt->setUInt32(1, roleId); - stmt->setInt32(2, realmId); - LoginDatabase.Execute(stmt); - - CalculateNewPermissions(); - } - else - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::RevokeRole [Id: %u Name: %s] (Role %u, RealmId %d). Ok", - GetId(), GetName().c_str(), roleId, realmId); - - return RBAC_OK; + return str; } RBACCommandResult RBACData::GrantPermission(uint32 permissionId, int32 realmId /* = 0*/) @@ -269,7 +51,7 @@ RBACCommandResult RBACData::GrantPermission(uint32 permissionId, int32 realmId / } // Check if already added in denied list - if (_deniedPerms.test(permissionId)) + if (HasDeniedPermission(permissionId)) { TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::GrantPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Permission in deny list", GetId(), GetName().c_str(), permissionId, realmId); @@ -277,14 +59,14 @@ RBACCommandResult RBACData::GrantPermission(uint32 permissionId, int32 realmId / } // Already added? - if (_grantedPerms.test(permissionId)) + if (HasGrantedPermission(permissionId)) { TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::GrantPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Permission already granted", GetId(), GetName().c_str(), permissionId, realmId); return RBAC_CANT_ADD_ALREADY_ADDED; } - _grantedPerms.set(permissionId); + AddGrantedPermission(permissionId); // Do not save to db when loading data from DB (realmId = 0) if (realmId) @@ -313,7 +95,7 @@ RBACCommandResult RBACData::DenyPermission(uint32 permissionId, int32 realmId /* } // Check if already added in granted list - if (_grantedPerms.test(permissionId)) + if (HasGrantedPermission(permissionId)) { TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::DenyPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Permission in grant list", GetId(), GetName().c_str(), permissionId, realmId); @@ -321,14 +103,14 @@ RBACCommandResult RBACData::DenyPermission(uint32 permissionId, int32 realmId /* } // Already added? - if (_deniedPerms.test(permissionId)) + if (HasDeniedPermission(permissionId)) { TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::DenyPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Permission already denied", GetId(), GetName().c_str(), permissionId, realmId); return RBAC_CANT_ADD_ALREADY_ADDED; } - _deniedPerms.set(permissionId); + AddDeniedPermission(permissionId); // Do not save to db when loading data from DB (realmId = 0) if (realmId) @@ -358,15 +140,15 @@ void RBACData::SavePermission(uint32 permission, bool granted, int32 realmId) RBACCommandResult RBACData::RevokePermission(uint32 permissionId, int32 realmId /* = 0*/) { // Check if it's present in any list - if (!_grantedPerms.test(permissionId) && !_deniedPerms.test(permissionId)) + if (!HasGrantedPermission(permissionId) && !HasDeniedPermission(permissionId)) { TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::RevokePermission [Id: %u Name: %s] (Permission %u, RealmId %d). Not granted or revoked", GetId(), GetName().c_str(), permissionId, realmId); return RBAC_CANT_REVOKE_NOT_IN_LIST; } - _grantedPerms.reset(permissionId); - _deniedPerms.reset(permissionId); + RemoveGrantedPermission(permissionId); + RemoveDeniedPermission(permissionId); // Do not save to db when loading data from DB (realmId = 0) if (realmId) @@ -392,52 +174,13 @@ void RBACData::LoadFromDB() { ClearData(); - TC_LOG_INFO(LOG_FILTER_RBAC, "RBACData::LoadFromDB [Id: %u Name: %s]", GetId(), GetName().c_str()); - TC_LOG_DEBUG(LOG_FILTER_RBAC, "RBACData::LoadFromDB [Id: %u Name: %s]: Loading groups", GetId(), GetName().c_str()); - - // Load account group that affect current realm - PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_RBAC_ACCOUNT_GROUPS); - stmt->setUInt32(0, GetId()); - stmt->setInt32(1, GetRealmId()); - PreparedQueryResult result = LoginDatabase.Query(stmt); - - if (result) - { - do - { - Field* fields = result->Fetch(); - AddGroup(fields[0].GetUInt32()); - } - while (result->NextRow()); - } - - TC_LOG_DEBUG(LOG_FILTER_RBAC, "RBACData::LoadFromDB [Id: %u Name: %s]: Loading roles", GetId(), GetName().c_str()); - // Load account roles (granted and denied) that affect current realm - stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_RBAC_ACCOUNT_ROLES); - stmt->setUInt32(0, GetId()); - stmt->setInt32(1, GetRealmId()); - result = LoginDatabase.Query(stmt); - - if (result) - { - do - { - Field* fields = result->Fetch(); - if (fields[1].GetBool()) - GrantRole(fields[0].GetUInt32()); - else - DenyRole(fields[0].GetUInt32()); - } - while (result->NextRow()); - } - TC_LOG_DEBUG(LOG_FILTER_RBAC, "RBACData::LoadFromDB [Id: %u Name: %s]: Loading permissions", GetId(), GetName().c_str()); // Load account permissions (granted and denied) that affect current realm - stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_RBAC_ACCOUNT_PERMISSIONS); + PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_RBAC_ACCOUNT_PERMISSIONS); stmt->setUInt32(0, GetId()); stmt->setInt32(1, GetRealmId()); - result = LoginDatabase.Query(stmt); + PreparedQueryResult result = LoginDatabase.Query(stmt); if (result) { do @@ -451,61 +194,72 @@ void RBACData::LoadFromDB() while (result->NextRow()); } - TC_LOG_DEBUG(LOG_FILTER_RBAC, "RBACData::LoadFromDB [Id: %u Name: %s]: Adding default groups", GetId(), GetName().c_str()); - // Add default groups - RBACGroupContainer const& groups = sAccountMgr->GetRBACDefaultGroups(GetSecurityLevel()); - for (RBACGroupContainer::const_iterator itr = groups.begin(); itr != groups.end(); ++itr) - AddGroup(*itr); + // Add default permissions + RBACPermissionContainer const& permissions = sAccountMgr->GetRBACDefaultPermissions(_secLevel); + for (RBACPermissionContainer::const_iterator itr = permissions.begin(); itr != permissions.end(); ++itr) + GrantPermission(*itr); - TC_LOG_DEBUG(LOG_FILTER_RBAC, "RBACData::LoadFromDB [Id: %u Name: %s]: Calculating global permissions", GetId(), GetName().c_str()); - // Force calculation of permissions, it wasn't performed at load time - // while adding groups, roles and permissions + // Force calculation of permissions CalculateNewPermissions(); } void RBACData::CalculateNewPermissions() { - TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::LoadFromDB [Id: %u Name: %s]: Calculating global permissions", GetId(), GetName().c_str()); - // Get the list of directly granted roles - RBACRoleContainer tempGrantedRoles = GetGrantedRoles(); - - // Add those roles inherited from groups - for (RBACGroupContainer::const_iterator itGroup = _groups.begin(); itGroup != _groups.end(); ++itGroup) - { - RBACGroup const* group = sAccountMgr->GetRBACGroup(*itGroup); - if (!group) // Should never happen due to foreign keys in DB - continue; - - RBACRoleContainer const& roles = group->GetRoles(); - for (RBACRoleContainer::const_iterator it = roles.begin(); it != roles.end(); ++it) - tempGrantedRoles.insert(*it); - } + TC_LOG_TRACE(LOG_FILTER_RBAC, "RBACData::CalculateNewPermissions [Id: %u Name: %s]", GetId(), GetName().c_str()); // Get the list of granted permissions _globalPerms = GetGrantedPermissions(); + ExpandPermissions(_globalPerms); + RBACPermissionContainer revoked = GetDeniedPermissions(); + ExpandPermissions(revoked); + RemovePermissions(_globalPerms, revoked); +} - // Add those permissions inherited from roles granted - for (RBACRoleContainer::const_iterator it = tempGrantedRoles.begin(); it != tempGrantedRoles.end(); ++it) - if (RBACRole const* role = sAccountMgr->GetRBACRole(*it)) - _globalPerms |= role->GetPermissions(); +void RBACData::AddPermissions(RBACPermissionContainer const& permsFrom, RBACPermissionContainer& permsTo) +{ + for (RBACPermissionContainer::const_iterator itr = permsFrom.begin(); itr != permsFrom.end(); ++itr) + permsTo.insert(*itr); +} + +void RBACData::RemovePermissions(RBACPermissionContainer const& permsFrom, RBACPermissionContainer& permsTo) +{ + for (RBACPermissionContainer::const_iterator itr = permsFrom.begin(); itr != permsFrom.end(); ++itr) + permsTo.erase(*itr); +} - // Remove denied permissions from the list - _globalPerms &= ~GetDeniedPermissions(); +void RBACData::ExpandPermissions(RBACPermissionContainer& permissions) +{ + RBACPermissionContainer toCheck = permissions; + permissions.clear(); + + while (!toCheck.empty()) + { + // remove the permission from original list + uint32 permissionId = *toCheck.begin(); + toCheck.erase(toCheck.begin()); + + RBACPermission const* permission = sAccountMgr->GetRBACPermission(permissionId); + if (!permission) + continue; + + // insert into the final list (expanded list) + permissions.insert(permissionId); + + // add all linked permissions (that are not already expanded) to the list of permissions to be checked + RBACPermissionContainer const& linkedPerms = permission->GetLinkedPermissions(); + for (RBACPermissionContainer::const_iterator itr = linkedPerms.begin(); itr != linkedPerms.end(); ++itr) + if (permissions.find(*itr) == permissions.end()) + toCheck.insert(*itr); + } - // Remove those permissions inherited from denied roles - for (RBACRoleContainer::const_iterator it = _deniedRoles.begin(); it != _deniedRoles.end(); ++it) - if (RBACRole const* role = sAccountMgr->GetRBACRole(*it)) - _globalPerms &= ~role->GetPermissions(); + TC_LOG_DEBUG(LOG_FILTER_RBAC, "RBACData::ExpandPermissions: Expanded: %s", GetDebugPermissionString(permissions).c_str()); } void RBACData::ClearData() { - _groups.clear(); - _grantedRoles.clear(); - _deniedRoles.clear(); - _grantedPerms.reset(); - _deniedPerms.reset(); - _globalPerms.reset(); + _grantedPerms.clear(); + _deniedPerms.clear(); + _globalPerms.clear(); } } diff --git a/src/server/game/Accounts/RBAC.h b/src/server/game/Accounts/RBAC.h index 039492d6a6e..e12e6835cb8 100644 --- a/src/server/game/Accounts/RBAC.h +++ b/src/server/game/Accounts/RBAC.h @@ -42,7 +42,6 @@ #include "Define.h" #include -#include #include #include @@ -101,25 +100,26 @@ enum RBACPermissions RBAC_PERM_COMMANDS_PINFO_CHECK_PERSONAL_DATA = 48, RBAC_PERM_EMAIL_CONFIRM_FOR_PASS_CHANGE = 49, RBAC_PERM_MAY_CHECK_OWN_EMAIL = 50, - // Leave some space for core permissions + // Free space for core permissions (till 149) + // Roles (Permissions with delegated permissions) use 199 and descending RBAC_PERM_COMMAND_RBAC = 200, RBAC_PERM_COMMAND_RBAC_ACC = 201, - RBAC_PERM_COMMAND_RBAC_ACC_GROUP = 202, - RBAC_PERM_COMMAND_RBAC_ACC_GROUP_ADD = 203, - RBAC_PERM_COMMAND_RBAC_ACC_GROUP_DEL = 204, - RBAC_PERM_COMMAND_RBAC_ACC_ROLE = 205, - RBAC_PERM_COMMAND_RBAC_ACC_ROLE_GRANT = 206, - RBAC_PERM_COMMAND_RBAC_ACC_ROLE_DENY = 207, - RBAC_PERM_COMMAND_RBAC_ACC_ROLE_REVOKE = 208, - RBAC_PERM_COMMAND_RBAC_ACC_PERM = 209, - RBAC_PERM_COMMAND_RBAC_ACC_PERM_GRANT = 210, - RBAC_PERM_COMMAND_RBAC_ACC_PERM_DENY = 211, - RBAC_PERM_COMMAND_RBAC_ACC_PERM_REVOKE = 212, - RBAC_PERM_COMMAND_RBAC_LIST = 213, - RBAC_PERM_COMMAND_RBAC_LIST_GROUPS = 214, - RBAC_PERM_COMMAND_RBAC_LIST_ROLES = 215, - RBAC_PERM_COMMAND_RBAC_LIST_PERMS = 216, + RBAC_PERM_COMMAND_RBAC_ACC_PERM_LIST = 202, + RBAC_PERM_COMMAND_RBAC_ACC_PERM_GRANT = 203, + RBAC_PERM_COMMAND_RBAC_ACC_PERM_DENY = 204, + RBAC_PERM_COMMAND_RBAC_ACC_PERM_REVOKE = 205, + RBAC_PERM_COMMAND_RBAC_LIST = 206, + // 207 - reuse + // 208 - reuse + // 209 - reuse + // 210 - reuse + // 211 - reuse + // 212 - reuse + // 213 - reuse + // 214 - reuse + // 215 - reuse + // 216 - reuse RBAC_PERM_COMMAND_ACCOUNT = 217, RBAC_PERM_COMMAND_ACCOUNT_ADDON = 218, RBAC_PERM_COMMAND_ACCOUNT_CREATE = 219, @@ -678,8 +678,6 @@ enum RBACPermissions RBAC_PERM_COMMAND_WP_UNLOAD = 772, RBAC_PERM_COMMAND_WP_RELOAD = 773, RBAC_PERM_COMMAND_WP_SHOW = 774, - RBAC_PERM_COMMAND_MODIFY_CURRENCY = 775, // only 4.3.4 - RBAC_PERM_COMMAND_DEBUG_PHASE = 776, // Only 4.3.4 // custom permissions 1000+ RBAC_PERM_MAX @@ -695,93 +693,53 @@ enum RBACCommandResult RBAC_ID_DOES_NOT_EXISTS }; -typedef std::bitset RBACPermissionContainer; -typedef std::set RBACRoleContainer; -typedef std::set RBACGroupContainer; +typedef std::set RBACPermissionContainer; -class RBACObject +class RBACPermission { public: - RBACObject(uint32 id = 0, std::string const& name = ""): + RBACPermission(uint32 id = 0, std::string const& name = ""): _id(id), _name(name) { } - virtual ~RBACObject() { } - /// Gets the Name of the Object std::string const& GetName() const { return _name; } /// Gets the Id of the Object uint32 GetId() const { return _id; } + /// Gets the Permissions linked to this permission + RBACPermissionContainer const& GetLinkedPermissions() const { return _perms; } + /// Adds a new linked Permission + void AddLinkedPermission(uint32 id) { _perms.insert(id); } + /// Removes a linked Permission + void RemoveLinkedPermission(uint32 id) { _perms.erase(id); } + private: uint32 _id; ///> id of the object std::string _name; ///> name of the object -}; - -/// Permission: Defines an autorization to perform certain operation -class RBACPermission: public RBACObject -{ - public: - RBACPermission(uint32 id = 0, std::string const& name = ""): - RBACObject(id, name) { } -}; - -/// Set of Permissions -class RBACRole: public RBACObject -{ - public: - RBACRole(uint32 id = 0, std::string const& name = ""): - RBACObject(id, name) { } - - /// Gets the Permissions assigned to this role - RBACPermissionContainer const& GetPermissions() const { return _perms; } - /// Grants a Permission (Adds) - void GrantPermission(uint32 id); - /// Revokes a Permission (Removes) - void RevokePermission(uint32 id); - - private: RBACPermissionContainer _perms; ///> Set of permissions }; -/// Set of Roles -class RBACGroup: public RBACObject -{ - public: - RBACGroup(uint32 id = 0, std::string const& name = ""): - RBACObject(id, name) { } - - /// Gets the Roles assigned to this group - RBACRoleContainer const& GetRoles() const { return _roles; } - /// Grants a Role (Adds) - void GrantRole(uint32 role); - /// Revokes a Role (Removes) - void RevokeRole(uint32 role); - - private: - RBACRoleContainer _roles; ///> Set of Roles -}; - /** * @name RBACData * @brief Contains all needed information about the acccount * * This class contains all the data needed to calculate the account permissions. - * RBACDAta is formed by group permissions and user permissions through: - * - Granted Groups, which contains roles, which contains permissions: Set of granted permissions - * - Granted Roles, which contains permissions: Set of granted permissions - * - Denied Roles, which contains permissions: Set of denied permissions - * - Granted Permissions - * - Denied Permissions + * RBACDAta is formed by granted and denied permissions and all the inherited permissions * * Calculation of current Permissions: Granted permissions - Denied permissions - * - Granted permissions: through groups, through roles and directly assigned - * - Denied permissions: through roles and directly assigned + * - Granted permissions: through linked permissions and directly assigned + * - Denied permissions: through linked permissions and directly assigned */ -class RBACData: public RBACObject +class RBACData { public: - RBACData(uint32 id, std::string const& name, int32 realmId, uint8 secLevel = 0): - RBACObject(id, name), _realmId(realmId), _secLevel(secLevel) { } + RBACData(uint32 id, std::string const& name, int32 realmId, uint8 secLevel = 255): + _id(id), _name(name), _realmId(realmId), _secLevel(secLevel) { } + + /// Gets the Name of the Object + std::string const& GetName() const { return _name; } + /// Gets the Id of the Object + uint32 GetId() const { return _id; } /** * @name HasPermission @@ -799,7 +757,10 @@ class RBACData: public RBACObject * } * @endcode */ - bool HasPermission(uint32 permission) const { return _globalPerms.test(permission); } + bool HasPermission(uint32 permission) const + { + return _globalPerms.find(permission) != _globalPerms.end(); + } // Functions enabled to be used by command system /// Returns all the granted permissions (after computation) @@ -808,130 +769,6 @@ class RBACData: public RBACObject RBACPermissionContainer const& GetGrantedPermissions() const { return _grantedPerms; } /// Returns all the denied permissions RBACPermissionContainer const& GetDeniedPermissions() const { return _deniedPerms; } - /// Returns all the granted roles - RBACRoleContainer const& GetGrantedRoles() const { return _grantedRoles; } - /// Returns all the denied roles - RBACRoleContainer const& GetDeniedRoles() const { return _deniedRoles; } - /// Returns all the granted groups - RBACGroupContainer const& GetGroups() const { return _groups; } - - /** - * @name AddGroup - * @brief Adds new group - * - * Add a new group to the account. If realm is 0 or the group can not be added - * No save to db action will be performed. - * - * Fails if group Id does not exists or group already present - * - * @param groupId group to be added - * @param realmId realm affected - * - * @return Success or failure (with reason) to add the group - * - * Example Usage: - * @code - * // previously defined "RBACData* rbac" with proper initialization - * uint32 groupId = 2; - * if (rbac->AddGroup(groupId) == RBAC_OK) - * TC_LOG_DEBUG(LOG_FILTER_PLAYER, "Group %u succesfully added", groupId); - * @endcode - */ - RBACCommandResult AddGroup(uint32 groupId, int32 realmId = 0); - - /** - * @name RemoveGroup - * @brief Removes a group - * - * Removes a group from the account. If realm is 0 or the group can not be removed - * No save to db action will be performed. Any delete operation will always affect - * "all realms (-1)" in addition to the realm specified - * - * Fails if group not present - * - * @param groupId group to be removed - * @param realmId realm affected - * - * @return Success or failure (with reason) to remove the group - * - * Example Usage: - * // previously defined "RBACData* rbac" with proper initialization - * uint32 groupId = 2; - * if (rbac->RemoveGroup(groupId) == RBAC_OK) - * TC_LOG_DEBUG(LOG_FILTER_PLAYER, "Group %u succesfully removed", groupId); - * @endcode - */ - RBACCommandResult RemoveGroup(uint32 groupId, int32 realmId = 0); - - /** - * @name GrantRole - * @brief Grants a role - * - * Grants a role to the account. If realm is 0 or the role can not be added - * No save to db action will be performed. - * - * Fails if role Id does not exists or role already granted or denied - * - * @param roleId role to be granted - * @param realmId realm affected - * - * @return Success or failure (with reason) to grant the role - * - * Example Usage: - * // previously defined "RBACData* rbac" with proper initialization - * uint32 roleId = 2; - * if (rbac->GrantRole(roleId) == RBAC_IN_DENIED_LIST) - * TC_LOG_DEBUG(LOG_FILTER_PLAYER, "Failed to grant role %u, already denied", roleId); - * @endcode - */ - RBACCommandResult GrantRole(uint32 roleId, int32 realmId = 0); - - /** - * @name DenyRole - * @brief Denies a role - * - * Denied a role to the account. If realm is 0 or the role can not be added - * No save to db action will be performed. - * - * Fails if role Id does not exists or role already granted or denied - * - * @param roleId role to be denied - * @param realmId realm affected - * - * @return Success or failure (with reason) to deny the role - * - * Example Usage: - * // previously defined "RBACData* rbac" with proper initialization - * uint32 roleId = 2; - * if (rbac->DenyRole(roleId) == RBAC_ID_DOES_NOT_EXISTS) - * TC_LOG_DEBUG(LOG_FILTER_PLAYER, "Role Id %u does not exists", roleId); - * @endcode - */ - RBACCommandResult DenyRole(uint32 roleId, int32 realmId = 0); - - /** - * @name RevokeRole - * @brief Removes a role - * - * Removes a role from the account. If realm is 0 or the role can not be removed - * No save to db action will be performed. Any delete operation will always affect - * "all realms (-1)" in addition to the realm specified - * - * Fails if role not present - * - * @param roleId role to be removed - * @param realmId realm affected - * - * @return Success or failure (with reason) to remove the role - * - * Example Usage: - * // previously defined "RBACData* rbac" with proper initialization - * uint32 roleId = 2; - * if (rbac->RevokeRole(roleId) == RBAC_OK) - * TC_LOG_DEBUG(LOG_FILTER_PLAYER, "Role %u succesfully removed", roleId); - * @endcode - */ - RBACCommandResult RevokeRole(uint32 roleId, int32 realmId = 0); /** * @name GrantRole @@ -1003,7 +840,7 @@ class RBACData: public RBACObject */ RBACCommandResult RevokePermission(uint32 permissionId, int32 realmId = 0); - /// Loads all permissions, groups and roles assigned to current account + /// Loads all permissions assigned to current account void LoadFromDB(); /// Sets security level @@ -1016,8 +853,6 @@ class RBACData: public RBACObject /// Returns the security level assigned uint8 GetSecurityLevel() const { return _secLevel; } private: - /// Saves a role to DB, Granted or Denied - void SaveRole(uint32 role, bool granted, int32 realm); /// Saves a permission to DB, Granted or Denied void SavePermission(uint32 role, bool granted, int32 realm); /// Clears roles, groups and permissions - Used for reload @@ -1027,20 +862,76 @@ class RBACData: public RBACObject * @name CalculateNewPermissions * @brief Calculates new permissions * - * Calculates new permissions after some change in groups, roles or permissions. + * Calculates new permissions after some change * The calculation is done Granted - Denied: - * - Granted permissions: through groups, through roles and directly assigned - * - Denied permissions: through roles and directly assigned + * - Granted permissions: through linked permissions and directly assigned + * - Denied permissions: through linked permissions and directly assigned */ void CalculateNewPermissions(); int32 GetRealmId() { return _realmId; } + // Auxiliar private functions - defined to allow to maintain same code even + // if internal structure changes. + + /// Checks if a permission is granted + bool HasGrantedPermission(uint32 permissionId) const + { + return _grantedPerms.find(permissionId) != _grantedPerms.end(); + } + + /// Checks if a permission is denied + bool HasDeniedPermission(uint32 permissionId) const + { + return _deniedPerms.find(permissionId) != _deniedPerms.end(); + } + + /// Adds a new granted permission + void AddGrantedPermission(uint32 permissionId) + { + _grantedPerms.insert(permissionId); + } + + /// Removes a granted permission + void RemoveGrantedPermission(uint32 permissionId) + { + _grantedPerms.erase(permissionId); + } + + /// Adds a new denied permission + void AddDeniedPermission(uint32 permissionId) + { + _deniedPerms.insert(permissionId); + } + + /// Removes a denied permission + void RemoveDeniedPermission(uint32 permissionId) + { + _deniedPerms.erase(permissionId); + } + + /// Adds a list of permissions to another list + void AddPermissions(RBACPermissionContainer const& permsFrom, RBACPermissionContainer& permsTo); + + /// Removes a list of permissions to another list + void RemovePermissions(RBACPermissionContainer const& permsFrom, RBACPermissionContainer& permsTo); + + /** + * @name ExpandPermissions + * @brief Adds the list of linked permissions to the original list + * + * Given a list of permissions, gets all the inherited permissions + * @param permissions The list of permissions to expand + * + * @return new list of permissions containing original permissions and + * all other pemissions that are linked to the original ones + */ + void ExpandPermissions(RBACPermissionContainer& permissions); + + uint32 _id; ///> Account id + std::string _name; ///> Account name int32 _realmId; ///> RealmId Affected uint8 _secLevel; ///> Account SecurityLevel - RBACGroupContainer _groups; ///> Granted groups - RBACRoleContainer _grantedRoles; ///> Granted roles - RBACRoleContainer _deniedRoles; ///> Denied roles RBACPermissionContainer _grantedPerms; ///> Granted permissions RBACPermissionContainer _deniedPerms; ///> Denied permissions RBACPermissionContainer _globalPerms; ///> Calculated permissions diff --git a/src/server/game/Miscellaneous/Language.h b/src/server/game/Miscellaneous/Language.h index ce280a11fc3..c50db983845 100644 --- a/src/server/game/Miscellaneous/Language.h +++ b/src/server/game/Miscellaneous/Language.h @@ -88,37 +88,24 @@ enum TrinityStrings LANG_IMPROPER_VALUE = 62, LANG_RBAC_WRONG_PARAMETER_ID = 63, LANG_RBAC_WRONG_PARAMETER_REALM = 64, - LANG_RBAC_GROUP_IN_LIST = 65, - LANG_RBAC_GROUP_NOT_IN_LIST = 66, - LANG_RBAC_GROUP_ADDED = 67, - LANG_RBAC_GROUP_REMOVED = 68, - LANG_RBAC_GROUP_LIST_HEADER = 69, + LANG_RBAC_LIST_HEADER_GRANTED = 65, + LANG_RBAC_LIST_HEADER_DENIED = 66, + LANG_RBAC_LIST_HEADER_BY_SEC_LEVEL = 67, + LANG_RBAC_LIST_PERMISSIONS_HEADER = 68, + LANG_RBAC_LIST_PERMS_LINKED_HEADER = 69, LANG_RBAC_LIST_EMPTY = 70, LANG_RBAC_LIST_ELEMENT = 71, - LANG_RBAC_ROLE_GRANTED_IN_LIST = 72, - LANG_RBAC_ROLE_GRANTED_IN_DENIED_LIST = 73, - LANG_RBAC_ROLE_GRANTED = 74, - LANG_RBAC_ROLE_DENIED_IN_LIST = 75, - LANG_RBAC_ROLE_DENIED_IN_GRANTED_LIST = 76, - LANG_RBAC_ROLE_DENIED = 77, - LANG_RBAC_ROLE_REVOKED = 78, - LANG_RBAC_ROLE_REVOKED_NOT_IN_LIST = 79, - LANG_RBAC_ROLE_LIST_HEADER_GRANTED = 80, - LANG_RBAC_ROLE_LIST_HEADER_DENIED = 81, - LANG_RBAC_PERM_GRANTED_IN_LIST = 82, - LANG_RBAC_PERM_GRANTED_IN_DENIED_LIST = 83, - LANG_RBAC_PERM_GRANTED = 84, - LANG_RBAC_PERM_DENIED_IN_LIST = 85, - LANG_RBAC_PERM_DENIED_IN_GRANTED_LIST = 86, - LANG_RBAC_PERM_DENIED = 87, - LANG_RBAC_PERM_REVOKED = 88, - LANG_RBAC_PERM_REVOKED_NOT_IN_LIST = 89, - LANG_RBAC_PERM_LIST_HEADER_GRANTED = 90, - LANG_RBAC_PERM_LIST_HEADER_DENIED = 91, - LANG_RBAC_PERM_LIST_GLOBAL = 92, - LANG_RBAC_LIST_GROUPS_HEADER = 93, - LANG_RBAC_LIST_ROLES_HEADER = 94, - LANG_RBAC_LIST_PERMISSIONS_HEADER = 95, + LANG_RBAC_PERM_GRANTED_IN_LIST = 72, + LANG_RBAC_PERM_GRANTED_IN_DENIED_LIST = 73, + LANG_RBAC_PERM_GRANTED = 74, + LANG_RBAC_PERM_DENIED_IN_LIST = 75, + LANG_RBAC_PERM_DENIED_IN_GRANTED_LIST = 76, + LANG_RBAC_PERM_DENIED = 77, + LANG_RBAC_PERM_REVOKED = 78, + LANG_RBAC_PERM_REVOKED_NOT_IN_LIST = 79, + // Free 80 - 95 + + LANG_GUILD_RENAME_ALREADY_EXISTS = 96, LANG_GUILD_RENAME_DONE = 97, LANG_RENAME_PLAYER_ALREADY_EXISTS = 98, diff --git a/src/server/scripts/Commands/cs_rbac.cpp b/src/server/scripts/Commands/cs_rbac.cpp index a3084f1926d..7101c0d67cd 100644 --- a/src/server/scripts/Commands/cs_rbac.cpp +++ b/src/server/scripts/Commands/cs_rbac.cpp @@ -51,53 +51,19 @@ public: ChatCommand* GetCommands() const { - static ChatCommand rbacGroupsCommandTable[] = - { - { "add", rbac::RBAC_PERM_COMMAND_RBAC_ACC_GROUP_ADD, true, &HandleRBACGroupAddCommand, "", NULL }, - { "remove", rbac::RBAC_PERM_COMMAND_RBAC_ACC_GROUP_DEL, true, &HandleRBACGroupRemoveCommand, "", NULL }, - { "", rbac::RBAC_PERM_COMMAND_RBAC_ACC_GROUP, true, &HandleRBACGroupListCommand, "", NULL }, - { NULL, 0, false, NULL, "", NULL } - }; - - static ChatCommand rbacRolesCommandTable[] = - { - { "grant", rbac::RBAC_PERM_COMMAND_RBAC_ACC_ROLE_GRANT, true, &HandleRBACRoleGrantCommand, "", NULL }, - { "deny", rbac::RBAC_PERM_COMMAND_RBAC_ACC_ROLE_DENY, true, &HandleRBACRoleDenyCommand, "", NULL }, - { "revoke", rbac::RBAC_PERM_COMMAND_RBAC_ACC_ROLE_REVOKE, true, &HandleRBACRoleRevokeCommand, "", NULL }, - { "", rbac::RBAC_PERM_COMMAND_RBAC_ACC_ROLE, true, &HandleRBACRoleListCommand, "", NULL }, - { NULL, 0, false, NULL, "", NULL } - }; - - static ChatCommand rbacPermsCommandTable[] = + static ChatCommand rbacAccountCommandTable[] = { + { "list", rbac::RBAC_PERM_COMMAND_RBAC_ACC_PERM_LIST, true, &HandleRBACPermListCommand, "", NULL }, { "grant", rbac::RBAC_PERM_COMMAND_RBAC_ACC_PERM_GRANT, true, &HandleRBACPermGrantCommand, "", NULL }, { "deny", rbac::RBAC_PERM_COMMAND_RBAC_ACC_PERM_DENY, true, &HandleRBACPermDenyCommand, "", NULL }, { "revoke", rbac::RBAC_PERM_COMMAND_RBAC_ACC_PERM_REVOKE, true, &HandleRBACPermRevokeCommand, "", NULL }, - { "", rbac::RBAC_PERM_COMMAND_RBAC_ACC_PERM, true, &HandleRBACPermListCommand, "", NULL }, - { NULL, 0, false, NULL, "", NULL } - }; - - static ChatCommand rbacListCommandTable[] = - { - { "groups", rbac::RBAC_PERM_COMMAND_RBAC_LIST_GROUPS, true, &HandleRBACListGroupsCommand, "", NULL }, - { "roles", rbac::RBAC_PERM_COMMAND_RBAC_LIST_ROLES, true, &HandleRBACListRolesCommand, "", NULL }, - { "permissions", rbac::RBAC_PERM_COMMAND_RBAC_LIST_PERMS, true, &HandleRBACListPermissionsCommand, "", NULL }, - { NULL, 0, false, NULL, "", NULL } - }; - - static ChatCommand rbacAccountCommandTable[] = - { - { "group", rbac::RBAC_PERM_COMMAND_RBAC_ACC_GROUP, true, NULL, "", rbacGroupsCommandTable }, - { "role", rbac::RBAC_PERM_COMMAND_RBAC_ACC_ROLE, true, NULL, "", rbacRolesCommandTable }, - { "permission", rbac::RBAC_PERM_COMMAND_RBAC_ACC_PERM, true, NULL, "", rbacPermsCommandTable }, - { "", rbac::RBAC_PERM_COMMAND_RBAC_ACC, true, &HandleRBACAccountPermissionCommand, "", NULL }, { NULL, 0, false, NULL, "", NULL } }; static ChatCommand rbacCommandTable[] = { { "account", rbac::RBAC_PERM_COMMAND_RBAC_ACC, true, NULL, "", rbacAccountCommandTable }, - { "list", rbac::RBAC_PERM_COMMAND_RBAC_LIST, true, NULL, "", rbacListCommandTable }, + { "list", rbac::RBAC_PERM_COMMAND_RBAC_LIST, true, &HandleRBACListPermissionsCommand, "", NULL }, { NULL, 0, false, NULL, "", NULL } }; @@ -194,7 +160,7 @@ public: if (!rdata) { - data->rbac = new rbac::RBACData(accountId, accountName, realmID); + data->rbac = new rbac::RBACData(accountId, accountName, realmID, AccountMgr::GetSecurity(accountId, realmID)); data->rbac->LoadFromDB(); data->needDelete = true; } @@ -206,258 +172,6 @@ public: return data; } - static bool HandleRBACGroupAddCommand(ChatHandler* handler, char const* args) - { - RBACCommandData* command = ReadParams(handler, args); - - if (!command) - { - handler->SetSentErrorMessage(true); - return false; - } - - rbac::RBACCommandResult result = command->rbac->AddGroup(command->id, command->realmId); - rbac::RBACGroup const* group = sAccountMgr->GetRBACGroup(command->id); - - switch (result) - { - case rbac::RBAC_CANT_ADD_ALREADY_ADDED: - handler->PSendSysMessage(LANG_RBAC_GROUP_IN_LIST, command->id, group->GetName().c_str(), - command->realmId, command->rbac->GetId(), command->rbac->GetName().c_str()); - break; - case rbac::RBAC_OK: - handler->PSendSysMessage(LANG_RBAC_GROUP_ADDED, command->id, group->GetName().c_str(), - command->realmId, command->rbac->GetId(), command->rbac->GetName().c_str()); - break; - case rbac::RBAC_ID_DOES_NOT_EXISTS: - handler->PSendSysMessage(LANG_RBAC_WRONG_PARAMETER_ID, command->id); - break; - default: - break; - } - - delete command; - - return true; - } - - static bool HandleRBACGroupRemoveCommand(ChatHandler* handler, char const* args) - { - RBACCommandData* command = ReadParams(handler, args); - - if (!command) - { - handler->SetSentErrorMessage(true); - return false; - } - - rbac::RBACCommandResult result = command->rbac->RemoveGroup(command->id, command->realmId); - rbac::RBACGroup const* group = sAccountMgr->GetRBACGroup(command->id); - - switch (result) - { - case rbac::RBAC_CANT_REVOKE_NOT_IN_LIST: - handler->PSendSysMessage(LANG_RBAC_GROUP_NOT_IN_LIST, command->id, group->GetName().c_str(), - command->realmId, command->rbac->GetId(), command->rbac->GetName().c_str()); - break; - case rbac::RBAC_OK: - handler->PSendSysMessage(LANG_RBAC_GROUP_REMOVED, command->id, group->GetName().c_str(), - command->realmId, command->rbac->GetId(), command->rbac->GetName().c_str()); - break; - case rbac::RBAC_ID_DOES_NOT_EXISTS: - handler->PSendSysMessage(LANG_RBAC_WRONG_PARAMETER_ID, command->id); - break; - default: - break; - } - - delete command; - - return true; - } - - static bool HandleRBACGroupListCommand(ChatHandler* handler, char const* args) - { - RBACCommandData* command = ReadParams(handler, args, false); - - if (!command) - { - handler->SetSentErrorMessage(true); - return false; - } - - handler->PSendSysMessage(LANG_RBAC_GROUP_LIST_HEADER, command->rbac->GetId(), command->rbac->GetName().c_str()); - rbac::RBACGroupContainer const& groups = command->rbac->GetGroups(); - if (groups.empty()) - handler->PSendSysMessage("%s", handler->GetTrinityString(LANG_RBAC_LIST_EMPTY)); - else - { - for (rbac::RBACGroupContainer::const_iterator it = groups.begin(); it != groups.end(); ++it) - { - rbac::RBACGroup const* group = sAccountMgr->GetRBACGroup(*it); - handler->PSendSysMessage(LANG_RBAC_LIST_ELEMENT, group->GetId(), group->GetName().c_str()); - } - } - - delete command; - - return true; - } - - static bool HandleRBACRoleGrantCommand(ChatHandler* handler, char const* args) - { - RBACCommandData* command = ReadParams(handler, args); - - if (!command) - { - handler->SetSentErrorMessage(true); - return false; - } - - rbac::RBACCommandResult result = command->rbac->GrantRole(command->id, command->realmId); - rbac::RBACRole const* role = sAccountMgr->GetRBACRole(command->id); - - switch (result) - { - case rbac::RBAC_CANT_ADD_ALREADY_ADDED: - handler->PSendSysMessage(LANG_RBAC_ROLE_GRANTED_IN_LIST, command->id, role->GetName().c_str(), - command->realmId, command->rbac->GetId(), command->rbac->GetName().c_str()); - break; - case rbac::RBAC_IN_DENIED_LIST: - handler->PSendSysMessage(LANG_RBAC_ROLE_GRANTED_IN_DENIED_LIST, command->id, role->GetName().c_str(), - command->realmId, command->rbac->GetId(), command->rbac->GetName().c_str()); - break; - case rbac::RBAC_OK: - handler->PSendSysMessage(LANG_RBAC_ROLE_GRANTED, command->id, role->GetName().c_str(), - command->realmId, command->rbac->GetId(), command->rbac->GetName().c_str()); - break; - case rbac::RBAC_ID_DOES_NOT_EXISTS: - handler->PSendSysMessage(LANG_RBAC_WRONG_PARAMETER_ID, command->id); - break; - default: - break; - } - - delete command; - - return true; - } - - static bool HandleRBACRoleDenyCommand(ChatHandler* handler, char const* args) - { - RBACCommandData* command = ReadParams(handler, args); - - if (!command) - { - handler->SetSentErrorMessage(true); - return false; - } - - rbac::RBACCommandResult result = command->rbac->DenyRole(command->id, command->realmId); - rbac::RBACRole const* role = sAccountMgr->GetRBACRole(command->id); - - switch (result) - { - case rbac::RBAC_CANT_ADD_ALREADY_ADDED: - handler->PSendSysMessage(LANG_RBAC_ROLE_DENIED_IN_LIST, command->id, role->GetName().c_str(), - command->realmId, command->rbac->GetId(), command->rbac->GetName().c_str()); - break; - case rbac::RBAC_IN_GRANTED_LIST: - handler->PSendSysMessage(LANG_RBAC_ROLE_DENIED_IN_GRANTED_LIST, command->id, role->GetName().c_str(), - command->realmId, command->rbac->GetId(), command->rbac->GetName().c_str()); - break; - case rbac::RBAC_OK: - handler->PSendSysMessage(LANG_RBAC_ROLE_DENIED, command->id, role->GetName().c_str(), - command->realmId, command->rbac->GetId(), command->rbac->GetName().c_str()); - break; - case rbac::RBAC_ID_DOES_NOT_EXISTS: - handler->PSendSysMessage(LANG_RBAC_WRONG_PARAMETER_ID, command->id); - break; - default: - break; - } - - delete command; - - return true; - } - - static bool HandleRBACRoleRevokeCommand(ChatHandler* handler, char const* args) - { - RBACCommandData* command = ReadParams(handler, args); - - if (!command) - { - handler->SetSentErrorMessage(true); - return false; - } - - rbac::RBACCommandResult result = command->rbac->RevokeRole(command->id, command->realmId); - rbac::RBACRole const* role = sAccountMgr->GetRBACRole(command->id); - - switch (result) - { - case rbac::RBAC_CANT_REVOKE_NOT_IN_LIST: - handler->PSendSysMessage(LANG_RBAC_ROLE_REVOKED_NOT_IN_LIST, command->id, role->GetName().c_str(), - command->realmId, command->rbac->GetId(), command->rbac->GetName().c_str()); - break; - case rbac::RBAC_OK: - handler->PSendSysMessage(LANG_RBAC_ROLE_REVOKED, command->id, role->GetName().c_str(), - command->realmId, command->rbac->GetId(), command->rbac->GetName().c_str()); - break; - case rbac::RBAC_ID_DOES_NOT_EXISTS: - handler->PSendSysMessage(LANG_RBAC_WRONG_PARAMETER_ID, command->id); - break; - default: - break; - } - - delete command; - - return true; - } - - static bool HandleRBACRoleListCommand(ChatHandler* handler, char const* args) - { - RBACCommandData* command = ReadParams(handler, args, false); - - if (!command) - { - handler->SetSentErrorMessage(true); - return false; - } - - handler->PSendSysMessage(LANG_RBAC_ROLE_LIST_HEADER_GRANTED, command->rbac->GetId(), command->rbac->GetName().c_str()); - rbac::RBACGroupContainer const& granted = command->rbac->GetGrantedRoles(); - if (granted.empty()) - handler->PSendSysMessage("%s", handler->GetTrinityString(LANG_RBAC_LIST_EMPTY)); - else - { - for (rbac::RBACRoleContainer::const_iterator it = granted.begin(); it != granted.end(); ++it) - { - rbac::RBACRole const* role = sAccountMgr->GetRBACRole(*it); - handler->PSendSysMessage(LANG_RBAC_LIST_ELEMENT, role->GetId(), role->GetName().c_str()); - } - } - - handler->PSendSysMessage(LANG_RBAC_ROLE_LIST_HEADER_DENIED, command->rbac->GetId(), command->rbac->GetName().c_str()); - rbac::RBACGroupContainer const& denied = command->rbac->GetDeniedRoles(); - if (denied.empty()) - handler->PSendSysMessage("%s", handler->GetTrinityString(LANG_RBAC_LIST_EMPTY)); - else - { - for (rbac::RBACRoleContainer::const_iterator it = denied.begin(); it != denied.end(); ++it) - { - rbac::RBACRole const* role = sAccountMgr->GetRBACRole(*it); - handler->PSendSysMessage(LANG_RBAC_LIST_ELEMENT, role->GetId(), role->GetName().c_str()); - } - } - - delete command; - - return true; - } - static bool HandleRBACPermGrantCommand(ChatHandler* handler, char const* args) { RBACCommandData* command = ReadParams(handler, args); @@ -581,155 +295,45 @@ public: return false; } - handler->PSendSysMessage(LANG_RBAC_PERM_LIST_HEADER_GRANTED, command->rbac->GetId(), command->rbac->GetName().c_str()); + handler->PSendSysMessage(LANG_RBAC_LIST_HEADER_GRANTED, command->rbac->GetId(), command->rbac->GetName().c_str()); rbac::RBACPermissionContainer const& granted = command->rbac->GetGrantedPermissions(); - if (!granted.any()) + if (granted.empty()) handler->PSendSysMessage("%s", handler->GetTrinityString(LANG_RBAC_LIST_EMPTY)); else { - for (uint32 i = 0; i < rbac::RBAC_PERM_MAX; ++i) - if (granted.test(i)) - { - rbac::RBACPermission const* permission = sAccountMgr->GetRBACPermission(i); - handler->PSendSysMessage(LANG_RBAC_LIST_ELEMENT, permission->GetId(), permission->GetName().c_str()); - } + for (rbac::RBACPermissionContainer::const_iterator itr = granted.begin(); itr != granted.end(); ++itr) + { + rbac::RBACPermission const* permission = sAccountMgr->GetRBACPermission(*itr); + handler->PSendSysMessage(LANG_RBAC_LIST_ELEMENT, permission->GetId(), permission->GetName().c_str()); + } } - handler->PSendSysMessage(LANG_RBAC_PERM_LIST_HEADER_DENIED, command->rbac->GetId(), command->rbac->GetName().c_str()); + handler->PSendSysMessage(LANG_RBAC_LIST_HEADER_DENIED, command->rbac->GetId(), command->rbac->GetName().c_str()); rbac::RBACPermissionContainer const& denied = command->rbac->GetDeniedPermissions(); - if (!denied.any()) - handler->PSendSysMessage("%s", handler->GetTrinityString(LANG_RBAC_LIST_EMPTY)); - else - { - for (uint32 i = 0; i < rbac::RBAC_PERM_MAX; ++i) - if (denied.test(i)) - { - rbac::RBACPermission const* permission = sAccountMgr->GetRBACPermission(i); - handler->PSendSysMessage(LANG_RBAC_LIST_ELEMENT, permission->GetId(), permission->GetName().c_str()); - } - } - - delete command; - - return true; - } - - static bool HandleRBACAccountPermissionCommand(ChatHandler* handler, char const* args) - { - RBACCommandData* command = ReadParams(handler, args, false); - - if (!command) - { - handler->SetSentErrorMessage(true); - return false; - } - - handler->PSendSysMessage(LANG_RBAC_PERM_LIST_GLOBAL, command->rbac->GetId(), command->rbac->GetName().c_str()); - rbac::RBACPermissionContainer const& permissions = command->rbac->GetPermissions(); - if (!permissions.any()) + if (denied.empty()) handler->PSendSysMessage("%s", handler->GetTrinityString(LANG_RBAC_LIST_EMPTY)); else { - for (uint32 i = 0; i < rbac::RBAC_PERM_MAX; ++i) - if (permissions.test(i)) - { - rbac::RBACPermission const* permission = sAccountMgr->GetRBACPermission(i); - handler->PSendSysMessage(LANG_RBAC_LIST_ELEMENT, permission->GetId(), permission->GetName().c_str()); - } - } - - delete command; - - return true; - } - - static bool HandleRBACListGroupsCommand(ChatHandler* handler, char const* args) - { - uint32 id = 0; - if (char* param1 = strtok((char*)args, " ")) - id = atoi(param1); - - if (!id) - { - rbac::RBACGroupsContainer const& groups = sAccountMgr->GetRBACGroupList(); - handler->PSendSysMessage("%s", handler->GetTrinityString(LANG_RBAC_LIST_GROUPS_HEADER)); - for (rbac::RBACGroupsContainer::const_iterator it = groups.begin(); it != groups.end(); ++it) + for (rbac::RBACPermissionContainer::const_iterator itr = denied.begin(); itr != denied.end(); ++itr) { - rbac::RBACGroup const* group = it->second; - handler->PSendSysMessage(LANG_RBAC_LIST_ELEMENT, group->GetId(), group->GetName().c_str()); + rbac::RBACPermission const* permission = sAccountMgr->GetRBACPermission(*itr); + handler->PSendSysMessage(LANG_RBAC_LIST_ELEMENT, permission->GetId(), permission->GetName().c_str()); } } + handler->PSendSysMessage(LANG_RBAC_LIST_HEADER_DENIED, command->rbac->GetId(), command->rbac->GetName().c_str()); + rbac::RBACPermissionContainer const& default = sAccountMgr->GetRBACDefaultPermissions(command->rbac->GetSecurityLevel()); + if (default.empty()) + handler->PSendSysMessage("%s", handler->GetTrinityString(LANG_RBAC_LIST_EMPTY)); else { - rbac::RBACGroup const* group = sAccountMgr->GetRBACGroup(id); - if (!group) - { - handler->PSendSysMessage(LANG_RBAC_WRONG_PARAMETER_ID, id); - handler->SetSentErrorMessage(true); - return false; - } - - handler->PSendSysMessage("%s", handler->GetTrinityString(LANG_RBAC_LIST_GROUPS_HEADER)); - handler->PSendSysMessage(LANG_RBAC_LIST_ELEMENT, group->GetId(), group->GetName().c_str()); - handler->PSendSysMessage("%s", handler->GetTrinityString(LANG_RBAC_LIST_ROLES_HEADER)); - rbac::RBACRoleContainer const& roles = group->GetRoles(); - if (roles.empty()) - handler->PSendSysMessage("%s", handler->GetTrinityString(LANG_RBAC_LIST_EMPTY)); - else - { - for (rbac::RBACRoleContainer::const_iterator it = roles.begin(); it != roles.end(); ++it) - { - rbac::RBACRole const* role = sAccountMgr->GetRBACRole(*it); - handler->PSendSysMessage(LANG_RBAC_LIST_ELEMENT, role->GetId(), role->GetName().c_str()); - } - } - } - - return true; - } - - static bool HandleRBACListRolesCommand(ChatHandler* handler, char const* args) - { - uint32 id = 0; - if (char* param1 = strtok((char*)args, " ")) - id = atoi(param1); - - if (!id) - { - rbac::RBACRolesContainer const& roles = sAccountMgr->GetRBACRoleList(); - handler->PSendSysMessage("%s", handler->GetTrinityString(LANG_RBAC_LIST_ROLES_HEADER)); - for (rbac::RBACRolesContainer::const_iterator it = roles.begin(); it != roles.end(); ++it) + for (rbac::RBACPermissionContainer::const_iterator itr = default.begin(); itr != default.end(); ++itr) { - rbac::RBACRole const* role = it->second; - handler->PSendSysMessage(LANG_RBAC_LIST_ELEMENT, role->GetId(), role->GetName().c_str()); + rbac::RBACPermission const* permission = sAccountMgr->GetRBACPermission(*itr); + handler->PSendSysMessage(LANG_RBAC_LIST_ELEMENT, permission->GetId(), permission->GetName().c_str()); } } - else - { - rbac::RBACRole const* role = sAccountMgr->GetRBACRole(id); - if (!role) - { - handler->PSendSysMessage(LANG_RBAC_WRONG_PARAMETER_ID, id); - handler->SetSentErrorMessage(true); - return false; - } - handler->PSendSysMessage("%s", handler->GetTrinityString(LANG_RBAC_LIST_ROLES_HEADER)); - handler->PSendSysMessage(LANG_RBAC_LIST_ELEMENT, role->GetId(), role->GetName().c_str()); - handler->PSendSysMessage("%s", handler->GetTrinityString(LANG_RBAC_LIST_PERMISSIONS_HEADER)); - rbac::RBACPermissionContainer const& permissions = role->GetPermissions(); - if (!permissions.any()) - handler->PSendSysMessage("%s", handler->GetTrinityString(LANG_RBAC_LIST_EMPTY)); - else - { - for (uint32 i = 0; i < rbac::RBAC_PERM_MAX; ++i) - if (permissions.test(i)) - { - rbac::RBACPermission const* permission = sAccountMgr->GetRBACPermission(i); - handler->PSendSysMessage(LANG_RBAC_LIST_ELEMENT, permission->GetId(), permission->GetName().c_str()); - } - } - } + delete command; return true; } @@ -762,6 +366,11 @@ public: handler->PSendSysMessage("%s", handler->GetTrinityString(LANG_RBAC_LIST_PERMISSIONS_HEADER)); handler->PSendSysMessage(LANG_RBAC_LIST_ELEMENT, permission->GetId(), permission->GetName().c_str()); + handler->PSendSysMessage("%s", handler->GetTrinityString(LANG_RBAC_LIST_PERMS_LINKED_HEADER)); + rbac::RBACPermissionContainer const& permissions = permission->GetLinkedPermissions(); + for (rbac::RBACPermissionContainer::const_iterator it = permissions.begin(); it != permissions.end(); ++it) + if (rbac::RBACPermission const* permission = sAccountMgr->GetRBACPermission(*it)) + handler->PSendSysMessage(LANG_RBAC_LIST_ELEMENT, permission->GetId(), permission->GetName().c_str()); } return true; diff --git a/src/server/shared/Database/Implementation/LoginDatabase.cpp b/src/server/shared/Database/Implementation/LoginDatabase.cpp index 6e01e8f515a..cfb5eecc5f1 100644 --- a/src/server/shared/Database/Implementation/LoginDatabase.cpp +++ b/src/server/shared/Database/Implementation/LoginDatabase.cpp @@ -98,14 +98,6 @@ void LoginDatabaseConnection::DoPrepareStatements() PrepareStatement(LOGIN_SEL_ACCOUNT_ACCESS_BY_ID, "SELECT gmlevel, RealmID FROM account_access WHERE id = ? and (RealmID = ? OR RealmID = -1) ORDER BY gmlevel desc", CONNECTION_SYNCH); - PrepareStatement(LOGIN_SEL_RBAC_ACCOUNT_GROUPS, "SELECT groupId FROM rbac_account_groups WHERE accountId = ? AND (realmId = ? OR realmId = -1) GROUP BY groupId", CONNECTION_SYNCH); - PrepareStatement(LOGIN_INS_RBAC_ACCOUNT_GROUP, "INSERT INTO rbac_account_groups (accountId, groupId, realmId) VALUES (?, ?, ?)", CONNECTION_ASYNC); - PrepareStatement(LOGIN_DEL_RBAC_ACCOUNT_GROUP, "DELETE FROM rbac_account_groups WHERE accountId = ? AND groupId = ? AND (realmId = ? OR realmId = -1)", CONNECTION_ASYNC); - - PrepareStatement(LOGIN_SEL_RBAC_ACCOUNT_ROLES, "SELECT roleId, granted FROM rbac_account_roles WHERE accountId = ? AND (realmId = ? OR realmId = -1) ORDER BY roleId, realmId", CONNECTION_SYNCH); - PrepareStatement(LOGIN_INS_RBAC_ACCOUNT_ROLE, "INSERT INTO rbac_account_roles (accountId, roleId, granted, realmId) VALUES (?, ?, ?, ?) ON DUPLICATE KEY UPDATE granted = VALUES(granted)", CONNECTION_ASYNC); - PrepareStatement(LOGIN_DEL_RBAC_ACCOUNT_ROLE, "DELETE FROM rbac_account_roles WHERE accountId = ? AND roleId = ? AND (realmId = ? OR realmId = -1)", CONNECTION_ASYNC); - PrepareStatement(LOGIN_SEL_RBAC_ACCOUNT_PERMISSIONS, "SELECT permissionId, granted FROM rbac_account_permissions WHERE accountId = ? AND (realmId = ? OR realmId = -1) ORDER BY permissionId, realmId", CONNECTION_SYNCH); PrepareStatement(LOGIN_INS_RBAC_ACCOUNT_PERMISSION, "INSERT INTO rbac_account_permissions (accountId, permissionId, granted, realmId) VALUES (?, ?, ?, ?) ON DUPLICATE KEY UPDATE granted = VALUES(granted)", CONNECTION_ASYNC); PrepareStatement(LOGIN_DEL_RBAC_ACCOUNT_PERMISSION, "DELETE FROM rbac_account_permissions WHERE accountId = ? AND permissionId = ? AND (realmId = ? OR realmId = -1)", CONNECTION_ASYNC); diff --git a/src/server/shared/Database/Implementation/LoginDatabase.h b/src/server/shared/Database/Implementation/LoginDatabase.h index 47fa48c6ada..abb1e1c7b13 100644 --- a/src/server/shared/Database/Implementation/LoginDatabase.h +++ b/src/server/shared/Database/Implementation/LoginDatabase.h @@ -117,12 +117,6 @@ enum LoginDatabaseStatements LOGIN_GET_EMAIL_BY_ID, LOGIN_SEL_ACCOUNT_ACCESS_BY_ID, - LOGIN_SEL_RBAC_ACCOUNT_GROUPS, - LOGIN_INS_RBAC_ACCOUNT_GROUP, - LOGIN_DEL_RBAC_ACCOUNT_GROUP, - LOGIN_SEL_RBAC_ACCOUNT_ROLES, - LOGIN_INS_RBAC_ACCOUNT_ROLE, - LOGIN_DEL_RBAC_ACCOUNT_ROLE, LOGIN_SEL_RBAC_ACCOUNT_PERMISSIONS, LOGIN_INS_RBAC_ACCOUNT_PERMISSION, LOGIN_DEL_RBAC_ACCOUNT_PERMISSION, -- cgit v1.2.3