RBACCommandResult RBACData::RevokePermission(uint32 permissionId, int32 realmId /* = 0*/)
{
// Check if it's present in any list
if (!HasGrantedPermission(permissionId) && !HasDeniedPermission(permissionId))
{
SF_LOG_TRACE("rbac", "RBACData::RevokePermission [Id: %u Name: %s] (Permission %u, RealmId %d). Not granted or revoked",
GetId(), GetName().c_str(), permissionId, realmId);
return RBAC_CANT_REVOKE_NOT_IN_LIST;
}
RemoveGrantedPermission(permissionId);
RemoveDeniedPermission(permissionId);
// Do not save to db when loading data from DB (realmId = 0)
if (realmId)
{
SF_LOG_TRACE("rbac", "RBACData::RevokePermission [Id: %u Name: %s] (Permission %u, RealmId %d). Ok and DB updated",
GetId(), GetName().c_str(), permissionId, realmId);
PreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_RBAC_ACCOUNT_PERMISSION);
stmt->setUInt32(0, GetId());
stmt->setUInt32(1, permissionId);
stmt->setInt32(2, realmId);
LoginDatabase.Execute(stmt);
CalculateNewPermissions();
}
else
SF_LOG_TRACE("rbac", "RBACData::RevokePermission [Id: %u Name: %s] (Permission %u, RealmId %d). Ok",
GetId(), GetName().c_str(), permissionId, realmId);
return RBAC_OK;
}
rbac::RBACPermission const* AccountMgr::GetRBACPermission(uint32 permissionId) const
{
SF_LOG_TRACE("rbac", "AccountMgr::GetRBACPermission: %u", permissionId);
rbac::RBACPermissionsContainer::const_iterator it = _permissions.find(permissionId);
if (it != _permissions.end())
return it->second;
return NULL;
}
RBACCommandResult RBACData::DenyPermission(uint32 permissionId, int32 realmId /* = 0*/)
{
// Check if permission Id exists
RBACPermission const* perm = sAccountMgr->GetRBACPermission(permissionId);
if (!perm)
{
SF_LOG_TRACE("rbac", "RBACData::DenyPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Permission does not exists",
GetId(), GetName().c_str(), permissionId, realmId);
return RBAC_ID_DOES_NOT_EXISTS;
}
// Check if already added in granted list
if (HasGrantedPermission(permissionId))
{
SF_LOG_TRACE("rbac", "RBACData::DenyPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Permission in grant list",
GetId(), GetName().c_str(), permissionId, realmId);
return RBAC_IN_GRANTED_LIST;
}
// Already added?
if (HasDeniedPermission(permissionId))
{
SF_LOG_TRACE("rbac", "RBACData::DenyPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Permission already denied",
GetId(), GetName().c_str(), permissionId, realmId);
return RBAC_CANT_ADD_ALREADY_ADDED;
}
AddDeniedPermission(permissionId);
// Do not save to db when loading data from DB (realmId = 0)
if (realmId)
{
SF_LOG_TRACE("rbac", "RBACData::DenyPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Ok and DB updated",
GetId(), GetName().c_str(), permissionId, realmId);
SavePermission(permissionId, false, realmId);
CalculateNewPermissions();
}
else
SF_LOG_TRACE("rbac", "RBACData::DenyPermission [Id: %u Name: %s] (Permission %u, RealmId %d). Ok",
GetId(), GetName().c_str(), permissionId, realmId);
return RBAC_OK;
}
void RBACData::CalculateNewPermissions()
{
SF_LOG_TRACE("rbac", "RBACData::CalculateNewPermissions [Id: %u Name: %s]", GetId(), GetName().c_str());
// Get the list of granted permissions
_globalPerms = GetGrantedPermissions();
ExpandPermissions(_globalPerms);
RBACPermissionContainer revoked = GetDeniedPermissions();
ExpandPermissions(revoked);
RemovePermissions(_globalPerms, revoked);
}
rbac::RBACPermissionContainer const& AccountMgr::GetRBACDefaultPermissions(uint8 secLevel)
{
SF_LOG_TRACE("rbac", "AccountMgr::GetRBACDefaultPermissions: secLevel %u - size: %u", secLevel, uint32(_defaultPermissions[secLevel].size()));
return _defaultPermissions[secLevel];
}
