int CLuaACLDefs::aclRemoveRight ( lua_State* luaVM )
{
// Verify the arguents
if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA &&
lua_type ( luaVM, 2 ) == LUA_TSTRING )
{
// Grab the argument strings
CAccessControlList* pACL = lua_toacl ( luaVM, 1 );
char* szRight = (char*) lua_tostring ( luaVM, 2 );
// Verify the ACL pointer
if ( pACL )
{
// Grab the type from the name passed
char* szRightAftedDot = szRight;
CAccessControlListRight::ERightType eType;
if ( StringBeginsWith ( szRight, "command." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_COMMAND;
szRightAftedDot += 8;
}
else if ( StringBeginsWith ( szRight, "function." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_FUNCTION;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( szRight, "resource." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_RESOURCE;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( szRight, "general." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_GENERAL;
szRightAftedDot += 8;
}
else
{
lua_pushboolean ( luaVM, false );
return 1;
}
// Try removing the right
CAccessControlListRight* pACLRight = pACL->GetRight ( szRightAftedDot, eType );
bool bAccess = pACLRight && pACLRight->GetRightAccess ();
if ( pACL->RemoveRight ( szRightAftedDot, eType ) )
{
CLogger::LogPrintf ( "ACL: %s: Right '%s' %s removed from ACL '%s'\n", GetResourceName ( luaVM ), szRight, bAccess ? "ALLOW" : "DISALLOW", pACL->GetName () );
// Return success
lua_pushboolean ( luaVM, true );
return 1;
}
}
}
else
m_pScriptDebugging->LogBadType ( luaVM, "aclRemoveRight" );
lua_pushboolean ( luaVM, false );
return 1;
}
int CLuaACLDefs::aclGetRight ( lua_State* luaVM )
{
// Verify the argument types
if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA &&
lua_type ( luaVM, 2 ) == LUA_TSTRING )
{
// Grab the arguments
CAccessControlList* pACL = lua_toacl ( luaVM, 1 );
char* szRight = (char*) lua_tostring ( luaVM, 2 );
// Verify the ACL pointer
if ( pACL )
{
// Grab the type from the name passed
char* szRightAftedDot = szRight;
CAccessControlListRight::ERightType eType;
if ( StringBeginsWith ( szRight, "command." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_COMMAND;
szRightAftedDot += 8;
}
else if ( StringBeginsWith ( szRight, "function." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_FUNCTION;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( szRight, "resource." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_RESOURCE;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( szRight, "general." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_GENERAL;
szRightAftedDot += 8;
}
else
{
lua_pushboolean ( luaVM, false );
return 1;
}
// Grab the right from the name and type
CAccessControlListRight* pACLRight = pACL->GetRight ( szRightAftedDot, eType );
if ( pACLRight )
{
lua_pushboolean ( luaVM, pACLRight->GetRightAccess () );
return 1;
}
}
}
else
m_pScriptDebugging->LogBadType ( luaVM, "aclGetRight" );
lua_pushboolean ( luaVM, false );
return 1;
}
int CLuaACLDefs::aclRemoveRight ( lua_State* luaVM )
{
// bool aclRemoveRight ( acl theAcl, string rightName )
CAccessControlList* pACL; SString strRight;
CScriptArgReader argStream ( luaVM );
argStream.ReadUserData ( pACL );
argStream.ReadString ( strRight );
if ( !argStream.HasErrors () )
{
// Grab the type from the name passed
const char* szRightAftedDot = strRight;
CAccessControlListRight::ERightType eType;
if ( StringBeginsWith ( strRight, "command." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_COMMAND;
szRightAftedDot += 8;
}
else if ( StringBeginsWith ( strRight, "function." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_FUNCTION;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( strRight, "resource." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_RESOURCE;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( strRight, "general." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_GENERAL;
szRightAftedDot += 8;
}
else
{
lua_pushboolean ( luaVM, false );
return 1;
}
// Try removing the right
CAccessControlListRight* pACLRight = pACL->GetRight ( szRightAftedDot, eType );
bool bAccess = pACLRight && pACLRight->GetRightAccess ();
if ( pACL->RemoveRight ( szRightAftedDot, eType ) )
{
CLogger::LogPrintf ( "ACL: %s: Right '%s' %s removed from ACL '%s'\n", GetResourceName ( luaVM ), strRight.c_str (), bAccess ? "ALLOW" : "DISALLOW", pACL->GetName () );
// Return success
lua_pushboolean ( luaVM, true );
return 1;
}
}
else
m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () );
lua_pushboolean ( luaVM, false );
return 1;
}
int CLuaACLDefs::aclGetRight ( lua_State* luaVM )
{
// bool aclGetRight ( acl theAcl, string rightName )
CAccessControlList* pACL; SString strRight;
CScriptArgReader argStream ( luaVM );
argStream.ReadUserData ( pACL );
argStream.ReadString ( strRight );
if ( !argStream.HasErrors () )
{
// Grab the type from the name passed
const char* szRightAftedDot = strRight;
CAccessControlListRight::ERightType eType;
if ( StringBeginsWith ( strRight, "command." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_COMMAND;
szRightAftedDot += 8;
}
else if ( StringBeginsWith ( strRight, "function." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_FUNCTION;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( strRight, "resource." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_RESOURCE;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( strRight, "general." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_GENERAL;
szRightAftedDot += 8;
}
else
{
lua_pushboolean ( luaVM, false );
return 1;
}
// Grab the right from the name and type
CAccessControlListRight* pACLRight = pACL->GetRight ( szRightAftedDot, eType );
if ( pACLRight )
{
lua_pushboolean ( luaVM, pACLRight->GetRightAccess () );
return 1;
}
}
else
m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () );
lua_pushboolean ( luaVM, false );
return 1;
}
bool CAccessControlListManager::InternalCanObjectUseRight ( const char* szObjectName,
CAccessControlListGroupObject::EObjectType eObjectType,
const char* szRightName,
CAccessControlListRight::ERightType eRightType,
bool bDefaultAccessRight )
{
// This is set to true if we were explicitly denied access by an ACL
bool bDenied = false;
// Look through the groups
list < CAccessControlListGroup* > ::iterator group = m_Groups.begin ();
for ( ; group != m_Groups.end (); group++ )
{
// Look for a group that has our user/resource in it
if ( (*group)->FindObjectMatch ( szObjectName, eObjectType ) )
{
// Look through its access lists for our 'right' name
list < CAccessControlList* > ::iterator acl = (*group)->IterBeginACL ();
for ( ; acl != (*group)->IterEndACL (); acl++ )
{
// Grab the right with this name
CAccessControlListRight* pRight = (*acl)->GetRight ( szRightName, eRightType );
if ( pRight )
{
// If he has access, return that he can use this object. Otherwize keep looking
// for an ACL that gives him permission to do so.
if ( pRight->GetRightAccess () )
{
return true;
}
else
{
bDenied = true;
}
}
}
}
}
// An ACL denied us access and no ACL gave us access. No access given.
if ( bDenied )
return false;
// Otherwize if nothing specified, return the default right
return bDefaultAccessRight;
}
int CLuaACLDefs::aclSetRight ( lua_State* luaVM )
{
// bool aclSetRight ( acl theAcl, string rightName, bool hasAccess )
CAccessControlList* pACL; SString strRight; bool bAccess;
CScriptArgReader argStream ( luaVM );
argStream.ReadUserData ( pACL );
argStream.ReadString ( strRight );
argStream.ReadBool ( bAccess );
if ( !argStream.HasErrors () )
{
// Grab the type from the name passed
const char* szRightAftedDot = strRight;
CAccessControlListRight::ERightType eType;
if ( StringBeginsWith ( strRight, "command." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_COMMAND;
szRightAftedDot += 8;
}
else if ( StringBeginsWith ( strRight, "function." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_FUNCTION;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( strRight, "resource." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_RESOURCE;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( strRight, "general." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_GENERAL;
szRightAftedDot += 8;
}
else
{
lua_pushboolean ( luaVM, false );
return 1;
}
// Grab the right from the name and type
CAccessControlListRight* pACLRight = pACL->GetRight ( szRightAftedDot, eType );
if ( pACLRight )
{
// Set the new access right
if ( pACLRight->GetRightAccess () != bAccess )
CLogger::LogPrintf ( "ACL: %s: Right '%s' changed to %s in ACL '%s'\n", GetResourceName ( luaVM ), strRight.c_str (), bAccess ? "ALLOW" : "DISALLOW", pACL->GetName () );
pACLRight->SetRightAccess ( bAccess );
lua_pushboolean ( luaVM, true );
return 1;
}
// Try to add it
pACLRight = pACL->AddRight ( szRightAftedDot, eType, bAccess );
if ( pACLRight )
{
// LOGLEVEL_LOW to stop spam from admin resource at new server startup
CLogger::LogPrintf ( LOGLEVEL_LOW, "ACL: %s: Right '%s' %s added in ACL '%s'\n", GetResourceName ( luaVM ), strRight.c_str (), bAccess ? "ALLOW" : "DISALLOW", pACL->GetName () );
lua_pushboolean ( luaVM, true );
return 1;
}
}
else
m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () );
lua_pushboolean ( luaVM, false );
return 1;
}
int CLuaACLDefs::aclSetRight ( lua_State* luaVM )
{
// Verify the argument types
if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA &&
lua_type ( luaVM, 2 ) == LUA_TSTRING &&
lua_type ( luaVM, 3 ) == LUA_TBOOLEAN )
{
// Grab the arguments
CAccessControlList* pACL = lua_toacl ( luaVM, 1 );
char* szRight = (char*) lua_tostring ( luaVM, 2 );
bool bAccess = lua_toboolean ( luaVM, 3 ) ?true:false;
// Verify the ACL pointer
if ( pACL )
{
// Grab the type from the name passed
char* szRightAftedDot = szRight;
CAccessControlListRight::ERightType eType;
if ( StringBeginsWith ( szRight, "command." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_COMMAND;
szRightAftedDot += 8;
}
else if ( StringBeginsWith ( szRight, "function." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_FUNCTION;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( szRight, "resource." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_RESOURCE;
szRightAftedDot += 9;
}
else if ( StringBeginsWith ( szRight, "general." ) )
{
eType = CAccessControlListRight::RIGHT_TYPE_GENERAL;
szRightAftedDot += 8;
}
else
{
lua_pushboolean ( luaVM, false );
return 1;
}
// Grab the right from the name and type
CAccessControlListRight* pACLRight = pACL->GetRight ( szRightAftedDot, eType );
if ( pACLRight )
{
// Set the new access right
if ( pACLRight->GetRightAccess () != bAccess )
CLogger::LogPrintf ( "ACL: %s: Right '%s' changed to %s in ACL '%s'\n", GetResourceName ( luaVM ), szRight, bAccess ? "ALLOW" : "DISALLOW", pACL->GetName () );
pACLRight->SetRightAccess ( bAccess );
lua_pushboolean ( luaVM, true );
return 1;
}
// Try to add it
pACLRight = pACL->AddRight ( szRightAftedDot, eType, bAccess );
if ( pACLRight )
{
// Return success
CLogger::LogPrintf ( "ACL: %s: Right '%s' %s added in ACL '%s'\n", GetResourceName ( luaVM ), szRight, bAccess ? "ALLOW" : "DISALLOW", pACL->GetName () );
lua_pushboolean ( luaVM, true );
return 1;
}
}
}
else
m_pScriptDebugging->LogBadType ( luaVM, "aclSetRight" );
lua_pushboolean ( luaVM, false );
return 1;
}