int CLuaACLDefs::aclGroupAddObject ( lua_State* luaVM )
{
// Verify the arguents
if ( lua_type ( luaVM, 1 ) == LUA_TLIGHTUSERDATA &&
lua_type ( luaVM, 2 ) == LUA_TSTRING )
{
// Grab the arguments
CAccessControlListGroup* pGroup = lua_toaclgroup ( luaVM, 1 );
const char* szObject = lua_tostring ( luaVM, 2 );
// Verify the group and ACL
if ( pGroup )
{
// Figure out what type of object this is
const char* szObjectAfterDot = szObject;
CAccessControlListGroupObject::EObjectType eType;
if ( StringBeginsWith ( szObject, "resource." ) )
{
eType = CAccessControlListGroupObject::OBJECT_TYPE_RESOURCE;
szObjectAfterDot += 9;
}
else if ( StringBeginsWith ( szObject, "user." ) )
{
eType = CAccessControlListGroupObject::OBJECT_TYPE_USER;
szObjectAfterDot += 5;
}
else
{
lua_pushboolean ( luaVM, false );
return 1;
}
// Make sure it doesn't already exist
if ( !pGroup->FindObjectMatch ( szObjectAfterDot, eType ) )
{
// Set it
pGroup->AddObject ( szObjectAfterDot, eType );
CLogger::LogPrintf ( "ACL: %s: Object '%s' added to group '%s'\n", GetResourceName ( luaVM ), szObject, pGroup->GetGroupName () );
// Return success
lua_pushboolean ( luaVM, true );
return 1;
}
}
}
else
m_pScriptDebugging->LogBadType ( luaVM, "aclGroupAddObject" );
lua_pushboolean ( luaVM, false );
return 1;
}
int CLuaACLDefs::aclGroupAddObject ( lua_State* luaVM )
{
// bool aclGroupAddObject ( aclgroup theGroup, string theObjectName )
CAccessControlListGroup* pGroup; SString strObject;
CScriptArgReader argStream ( luaVM );
argStream.ReadUserData ( pGroup );
argStream.ReadString ( strObject );
if ( !argStream.HasErrors () )
{
// Figure out what type of object this is
const char* szObjectAfterDot = strObject;
CAccessControlListGroupObject::EObjectType eType;
if ( StringBeginsWith ( strObject, "resource." ) )
{
eType = CAccessControlListGroupObject::OBJECT_TYPE_RESOURCE;
szObjectAfterDot += 9;
}
else if ( StringBeginsWith ( strObject, "user." ) )
{
eType = CAccessControlListGroupObject::OBJECT_TYPE_USER;
szObjectAfterDot += 5;
}
else
{
lua_pushboolean ( luaVM, false );
return 1;
}
// Make sure it doesn't already exist
if ( !pGroup->FindObjectMatch ( szObjectAfterDot, eType ) )
{
// Set it
pGroup->AddObject ( szObjectAfterDot, eType );
CLogger::LogPrintf ( "ACL: %s: Object '%s' added to group '%s'\n", GetResourceName ( luaVM ), strObject.c_str (), pGroup->GetGroupName () );
// Return success
lua_pushboolean ( luaVM, true );
return 1;
}
}
else
m_pScriptDebugging->LogCustom ( luaVM, argStream.GetFullErrorMessage () );
lua_pushboolean ( luaVM, false );
return 1;
}
bool CAccessControlListManager::Load ( void )
{
// Eventually destroy the previously loaded xml
if ( m_pXML )
{
delete m_pXML;
}
// Load the XML
m_pXML = g_pServerInterface->GetXML ()->CreateXML ( GetFileName ().c_str () );
if ( !m_pXML )
{
CLogger::ErrorPrintf ( "Error loading Access Control List file\n" );
return false;
}
// Parse it
if ( !m_pXML->Parse () )
{
CLogger::ErrorPrintf ( "Error parsing Access Control List file\n" );
return false;
}
// Grab the XML root node
m_pRootNode = m_pXML->GetRootNode ();
if ( !m_pRootNode )
{
CLogger::ErrorPrintf ( "Missing root node ('ACL')\n" );
return false;
}
// Clear previous ACL stuff
ClearACLs ();
ClearGroups ();
// load the acl's
CXMLNode* pSubNode = NULL;
unsigned int uiSubNodesCount = m_pRootNode->GetSubNodeCount ();
for ( unsigned int i = 0 ; i < uiSubNodesCount ; i++ )
{
pSubNode = m_pRootNode->GetSubNode ( i );
if ( !pSubNode ) continue;
if ( pSubNode->GetTagName ().compare ( "acl" ) == 0 )
{
CXMLAttribute* pAttribute = pSubNode->GetAttributes ().Find ( "name" );
if ( pAttribute )
{
CAccessControlList* pACL = AddACL ( pAttribute->GetValue ().c_str () );
CXMLNode* pSubSubNode = NULL;
unsigned int uiSubSubNodesCount = pSubNode->GetSubNodeCount ();
for ( unsigned int j = 0 ; j < uiSubSubNodesCount ; j++ )
{
// If this subnode doesn't exist, return to the for loop and continue it
pSubSubNode = pSubNode->GetSubNode ( j );
if ( !pSubSubNode ) continue;
// Check that this subsub node is named "right"
if ( pSubSubNode->GetTagName ().compare ( "right" ) == 0 )
{
// Grab the name and the access attributes
CXMLAttribute* pNameAttribute = pSubSubNode->GetAttributes ().Find ( "name" );
CXMLAttribute* pAccessAttribute = pSubSubNode->GetAttributes ().Find ( "access" );
if ( pNameAttribute && pAccessAttribute )
{
// See if the access attribute is true or false
bool bAccess = false;
std::string strAccess = pAccessAttribute->GetValue ();
if ( stricmp ( strAccess.c_str (), "true" ) == 0 ||
stricmp ( strAccess.c_str (), "yes" ) == 0 ||
strcmp ( strAccess.c_str (), "1" ) == 0 )
{
bAccess = true;
}
// Grab the name of the 'right' name
const char *szRightName = pNameAttribute->GetValue ().c_str ();
// Create the rights control list
CAccessControlListRight* pRight = NULL;
if ( StringBeginsWith ( szRightName, "command." ) )
{
pRight = pACL->AddRight ( &szRightName[8], CAccessControlListRight::RIGHT_TYPE_COMMAND, bAccess );
}
else if ( StringBeginsWith ( szRightName, "function." ) )
{
pRight = pACL->AddRight ( &szRightName[9], CAccessControlListRight::RIGHT_TYPE_FUNCTION, bAccess );
}
else if ( StringBeginsWith ( szRightName, "resource." ) )
{
pRight = pACL->AddRight ( &szRightName[9], CAccessControlListRight::RIGHT_TYPE_RESOURCE, bAccess );
}
else if ( StringBeginsWith ( szRightName, "general." ) )
{
pRight = pACL->AddRight ( &szRightName[8], CAccessControlListRight::RIGHT_TYPE_GENERAL, bAccess );
}
else continue;
// Set all the extra attributes
for ( uint i = 0 ; i < pSubSubNode->GetAttributes ().Count () ; i++ )
{
CXMLAttribute* pAttribute = pSubSubNode->GetAttributes ().Get ( i );
pRight->SetAttributeValue ( pAttribute->GetName (), pAttribute->GetValue () );
}
}
}
}
}
}
}
// Load the groups
pSubNode = NULL;
uiSubNodesCount = m_pRootNode->GetSubNodeCount ();
for ( unsigned int i = 0 ; i < uiSubNodesCount ; i++ )
{
pSubNode = m_pRootNode->GetSubNode ( i );
if ( !pSubNode ) continue;
if ( pSubNode->GetTagName ().compare ( "group" ) == 0 )
{
CXMLAttribute* pAttribute = pSubNode->GetAttributes ().Find ( "name" );
if ( pAttribute )
{
CAccessControlListGroup* pGroup = AddGroup ( pAttribute->GetValue ().c_str () );
CXMLNode* pSubSubNode = NULL;
unsigned int uiSubSubNodesCount = pSubNode->GetSubNodeCount ();
for ( unsigned int j = 0 ; j < uiSubSubNodesCount ; j++ )
{
pSubSubNode = pSubNode->GetSubNode ( j );
if ( !pSubSubNode ) continue;
if ( pSubSubNode->GetTagName ().compare ( "object" ) == 0 )
{
CXMLAttribute* pSubAttribute = pSubSubNode->GetAttributes ().Find ( "name" );
if ( pSubAttribute )
{
const char *szAccountName = pSubAttribute->GetValue ().c_str ();
if ( StringBeginsWith ( szAccountName, "user." ) )
{
pGroup->AddObject ( &szAccountName[5], CAccessControlListGroupObject::OBJECT_TYPE_USER );
}
else if ( StringBeginsWith ( szAccountName, "resource." ) )
{
pGroup->AddObject ( &szAccountName[9], CAccessControlListGroupObject::OBJECT_TYPE_RESOURCE );
}
}
}
else if ( pSubSubNode->GetTagName ().compare ( "acl" ) == 0 )
{
CXMLAttribute* pSubAttribute = pSubSubNode->GetAttributes ().Find ( "name" );
if ( pSubAttribute )
{
CAccessControlList* pACL = GetACL ( pSubAttribute->GetValue ().c_str () );
if ( pACL )
{
pGroup->AddACL ( pACL );
}
}
}
}
}
}
}
m_bNeedsSave = false;
return true;
}
///////////////////////////////////////////////////////////////
//
// CResource::RefreshAutoPermissions
//
// Update group and acl used aclrequest items
//
///////////////////////////////////////////////////////////////
bool CResource::RefreshAutoPermissions ( CXMLNode* pNodeAclRequest )
{
// Ensure group and acl exist
CAccessControlListGroup* pAutoGroup = g_pGame->GetACLManager()->AddGroup ( GetAutoGroupName () );
pAutoGroup->AddACL ( GetAutoAcl () );
pAutoGroup->AddObject ( GetName ().c_str (), CAccessControlListGroupObject::OBJECT_TYPE_RESOURCE );
// Track unused right names
std::vector < CAclRightName > unusedRightNameMap;
std::vector < SAclRequest > unusedRequestList;
GetAclRequests ( unusedRequestList );
for ( uint i = 0 ; i < unusedRequestList.size () ; i++ )
unusedRightNameMap.push_back ( unusedRequestList[i].rightName );
// Track any pending requests
bool bHasPending = false;
for ( uint uiIndex = 0 ; true ; uiIndex++ )
{
CXMLNode* pNodeRight = pNodeAclRequest->FindSubNode ( "right", uiIndex );
if ( !pNodeRight )
break;
// Find existing
SAclRequest request ( CAclRightName ( pNodeRight->GetAttributeValue ( "name" ) ) );
if ( !FindAclRequest ( request ) )
{
// Add new request
request.bAccess = false;
request.bPending = true;
request.strWho = "";
request.strDate = "";
// Validate request
if ( !request.rightName.IsValid () || !StringToBool ( pNodeRight->GetAttributeValue ( "access" ) ) )
{
CLogger::ErrorPrintf ( "Invalid aclrequest line in %s (%s)\n", GetName ().c_str (), *request.rightName.GetFullName () );
return false;
}
CommitAclRequest ( request );
}
// This right is used
ListRemove ( unusedRightNameMap, request.rightName );
// Update flag
bHasPending |= request.bPending;
}
// Remove rights not requested
for ( std::vector < CAclRightName >::iterator iter = unusedRightNameMap.begin () ; iter != unusedRightNameMap.end () ; ++iter )
GetAutoAcl ()->RemoveRight ( iter->GetName (), iter->GetType () );
// If any rights are pending, print message
if ( bHasPending )
{
CLogger::LogPrintf ( "Resource '%s' requests some acl rights. Use the command 'aclrequest list %s'\n", GetName ().c_str (), GetName ().c_str () );
}
return bHasPending;
}
