RBACCommandResult RBACData::RevokePermission(uint32 permissionId, int32 realmId /* = 0*/) { // Check if it's present in any list if (!HasGrantedPermission(permissionId) && !HasDeniedPermission(permissionId)) { SF_LOG_TRACE("rbac", "RBACData::RevokePermission [Id: %u Name: %s] (Permission %u, RealmId %d). Not granted or revoked", GetId(), GetName().c_str(), permissionId, realmId); return RBAC_CANT_REVOKE_NOT_IN_LIST; } RemoveGrantedPermission(permissionId); RemoveDeniedPermission(permissionId); // Do not save to db when loading data from DB (realmId = 0) if (realmId) { SF_LOG_TRACE("rbac", "RBACData::RevokePermission [Id: %u Name: %s] (Permission %u, RealmId %d). Ok and DB updated", GetId(), GetName().c_str(), permissionId, realmId); PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_RBAC_ACCOUNT_PERMISSION); stmt->setUInt32(0, GetId()); stmt->setUInt32(1, permissionId); stmt->setInt32(2, realmId); LoginDatabase.Execute(stmt); CalculateNewPermissions(); } else SF_LOG_TRACE("rbac", "RBACData::RevokePermission [Id: %u Name: %s] (Permission %u, RealmId %d). Ok", GetId(), GetName().c_str(), permissionId, realmId); return RBAC_OK; }
rbac::RBACPermission const* AccountMgr::GetRBACPermission(uint32 permissionId) const { SF_LOG_TRACE("rbac", "AccountMgr::GetRBACPermission: %u", permissionId); rbac::RBACPermissionsContainer::const_iterator it = _permissions.find(permissionId); if (it != _permissions.end()) return it->second; return NULL; }
RBACCommandResult RBACData::DenyPermission(uint32 permissionId, int32 realmId /* = 0*/) { // Check if permission Id exists RBACPermission const* perm = sAccountMgr->GetRBACPermission(permissionId); if (!perm) { SF_LOG_TRACE("rbac", "RBACData::DenyPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Permission does not exists", GetId(), GetName().c_str(), permissionId, realmId); return RBAC_ID_DOES_NOT_EXISTS; } // Check if already added in granted list if (HasGrantedPermission(permissionId)) { SF_LOG_TRACE("rbac", "RBACData::DenyPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Permission in grant list", GetId(), GetName().c_str(), permissionId, realmId); return RBAC_IN_GRANTED_LIST; } // Already added? if (HasDeniedPermission(permissionId)) { SF_LOG_TRACE("rbac", "RBACData::DenyPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Permission already denied", GetId(), GetName().c_str(), permissionId, realmId); return RBAC_CANT_ADD_ALREADY_ADDED; } AddDeniedPermission(permissionId); // Do not save to db when loading data from DB (realmId = 0) if (realmId) { SF_LOG_TRACE("rbac", "RBACData::DenyPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Ok and DB updated", GetId(), GetName().c_str(), permissionId, realmId); SavePermission(permissionId, false, realmId); CalculateNewPermissions(); } else SF_LOG_TRACE("rbac", "RBACData::DenyPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Ok", GetId(), GetName().c_str(), permissionId, realmId); return RBAC_OK; }
void RBACData::CalculateNewPermissions() { SF_LOG_TRACE("rbac", "RBACData::CalculateNewPermissions [Id: %u Name: %s]", GetId(), GetName().c_str()); // Get the list of granted permissions _globalPerms = GetGrantedPermissions(); ExpandPermissions(_globalPerms); RBACPermissionContainer revoked = GetDeniedPermissions(); ExpandPermissions(revoked); RemovePermissions(_globalPerms, revoked); }
rbac::RBACPermissionContainer const& AccountMgr::GetRBACDefaultPermissions(uint8 secLevel) { SF_LOG_TRACE("rbac", "AccountMgr::GetRBACDefaultPermissions: secLevel %u - size: %u", secLevel, uint32(_defaultPermissions[secLevel].size())); return _defaultPermissions[secLevel]; }