Implemented basic ACL functionality (issue #69)

This commit is contained in:
Timo Smit 2017-01-13 18:59:14 +01:00
parent 958b2de6f9
commit 8977ba41cb
4 changed files with 155 additions and 12 deletions

View file

@ -3,6 +3,13 @@ CREATE TABLE IF NOT EXISTS `level` (
`name` TEXT NOT NULL `name` TEXT NOT NULL
); );
CREATE TABLE `level_role` (
`level_id` INTEGER NOT NULL,
`role` TEXT NOT NULL,
PRIMARY KEY (`level_id`, `role`),
CONSTRAINT `role_level` FOREIGN KEY (`level_id`) REFERENCES `level` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
);
CREATE TABLE IF NOT EXISTS `player` ( CREATE TABLE IF NOT EXISTS `player` (
`id` INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, `id` INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
`guid` TEXT NOT NULL UNIQUE, `guid` TEXT NOT NULL UNIQUE,
@ -100,5 +107,94 @@ CREATE INDEX IF NOT EXISTS `record_player_idx` ON `record` (`player_id`);
INSERT INTO `level` (`id`, `name`) VALUES (0, 'Guest'); INSERT INTO `level` (`id`, `name`) VALUES (0, 'Guest');
INSERT INTO `level` (`id`, `name`) VALUES (5, 'Admin'); INSERT INTO `level` (`id`, `name`) VALUES (5, 'Admin');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (0, 'admintest');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (0, 'help');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (0, 'time');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (0, 'greeting');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (0, 'listmaps');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (0, 'listsprees');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (0, 'listrules');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (0, 'adminchat');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'admintest');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'help');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'time');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'greeting');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'listplayers');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'listteams');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'listmaps');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'listsprees');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'listrules');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'listhistory');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'listwarns');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'listbans');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'listaliases');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'listlevels');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'liststats');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'finger');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'adminchat');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'put');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'dropweapons');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'rename');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'freeze');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'disorient');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'burn');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'slap');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'gib');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'throw');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'glow');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'pants');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'pop');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'warn');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'mute');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'voicemute');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'kick');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'ban');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'spec999');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'balance');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'lockplayers');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'lockteam');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'shuffle');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'swap');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'pause');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'nextmap');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'restart');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'botadmin');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'enablevote');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'cancelvote');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'passvote');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'news');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'uptime');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'setlevel');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'readconfig');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'noinactivity');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'novote');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'nocensor');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'nobalance');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'novotelimit');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'noreason');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'perma');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'teamcmds');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'silentcmds');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'spy');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'incognito');
INSERT INTO `level_role`(`level_id`, `role`) VALUES (5, 'immune');
INSERT INTO `player` (`id`, `guid`, `ip`, `level`) VALUES (1, 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', '127.0.0.1', 5); INSERT INTO `player` (`id`, `guid`, `ip`, `level`) VALUES (1, 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', '127.0.0.1', 5);
INSERT INTO `alias` (`id`, `player_id`, `alias`, `cleanalias`, `lastused`, `used`) VALUES (1, 1, 'console', 'console', 0, 0); INSERT INTO `alias` (`id`, `player_id`, `alias`, `cleanalias`, `lastused`, `used`) VALUES (1, 1, 'console', 'console', 0, 0);

View file

@ -23,27 +23,41 @@ local players = require "luascripts.wolfadmin.players.players"
local events = require "luascripts.wolfadmin.util.events" local events = require "luascripts.wolfadmin.util.events"
local files = require "luascripts.wolfadmin.util.files" local files = require "luascripts.wolfadmin.util.files"
local tables = require "luascripts.wolfadmin.util.tables"
local acl = {} local acl = {}
function acl.readpermissions() local data = {}
function acl.readPermissions()
-- read level permissions into a cache file (can be loaded at mod start) -- read level permissions into a cache file (can be loaded at mod start)
-- should probably cache current players' permissions as well, then -- should probably cache current players' permissions as well, then
-- read in new players' permissions as they join the server -- read in new players' permissions as they join the server
local roles = db.getLevelRoles()
for _, role in ipairs(roles) do
if not data[role["level_id"]] then
data[role["level_id"]] = {}
end end
function acl.clearcache() table.insert(data[role["level_id"]], role["role"])
end
end
events.handle("onGameInit", acl.readPermissions)
function acl.clearCache()
-- clear cache whenever database is updated, or do this manually -- clear cache whenever database is updated, or do this manually
end end
function acl.isallowed(clientId, permission) function acl.isallowed(clientId, permission)
-- stub function, reads from cache local level = acl.getlevel(clientId)
if permission == auth.PERM_IMMUNE or permission == "!" then if data[level] ~= nil and tables.contains(data[level], permission) then
return 0 return 1
end end
return 1 return 0
end end
function acl.getlevel(clientId) function acl.getlevel(clientId)
@ -53,7 +67,7 @@ function acl.getlevel(clientId)
end end
function acl.getlevelname(levelId) function acl.getlevelname(levelId)
local level = db.getlevel(levelId) local level = db.getLevel(levelId)
return level["name"] return level["name"]
end end

View file

@ -69,7 +69,7 @@ function commandSetLevel(clientId, cmdArguments)
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dsetlevel: ^9sorry, but your intended victim has a higher admin level than you do.\";") et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dsetlevel: ^9sorry, but your intended victim has a higher admin level than you do.\";")
return true return true
elseif not db.getlevel(tonumber(cmdArguments[2])) then elseif not db.getLevel(tonumber(cmdArguments[2])) then
et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dsetlevel: ^9this admin level does not exist.\";") et.trap_SendConsoleCommand(et.EXEC_APPEND, "csay "..clientId.." \"^dsetlevel: ^9this admin level does not exist.\";")
return true return true

View file

@ -57,15 +57,31 @@ function sqlite3.getplayer(guid)
end end
-- levels -- levels
function sqlite3.addlevel(id, name) function sqlite3.addLevel(id, name)
cur = assert(con:execute("INSERT INTO `level` (`id`, `name`) VALUES ('"..tonumber(id).."', '"..util.escape(name).."')")) cur = assert(con:execute("INSERT INTO `level` (`id`, `name`) VALUES ('"..tonumber(id).."', '"..util.escape(name).."')"))
end end
function sqlite3.updatelevel(id, name) function sqlite3.updateLevel(id, name)
cur = assert(con:execute("UPDATE `level` SET `name`='"..util.escape(name).."' WHERE `id`='"..tonumber(id).."'")) cur = assert(con:execute("UPDATE `level` SET `name`='"..util.escape(name).."' WHERE `id`='"..tonumber(id).."'"))
end end
function sqlite3.getlevel(id) function sqlite3.getLevels()
cur = assert(con:execute("SELECT * FROM `level`"))
local levels = {}
local row = cur:fetch({}, "a")
while row do
table.insert(levels, tables.copy(row))
row = cur:fetch(row, "a")
end
cur:close()
return levels
end
function sqlite3.getLevel(id)
cur = assert(con:execute("SELECT * FROM `level` WHERE `id`='"..tonumber(id).."'")) cur = assert(con:execute("SELECT * FROM `level` WHERE `id`='"..tonumber(id).."'"))
local level = cur:fetch({}, "a") local level = cur:fetch({}, "a")
@ -74,6 +90,23 @@ function sqlite3.getlevel(id)
return level return level
end end
-- acl
function sqlite3.getLevelRoles()
cur = assert(con:execute("SELECT * FROM `level_role`"))
local roles = {}
local row = cur:fetch({}, "a")
while row do
table.insert(roles, tables.copy(row))
row = cur:fetch(row, "a")
end
cur:close()
return roles
end
-- aliases -- aliases
function sqlite3.addalias(playerid, alias, lastused) function sqlite3.addalias(playerid, alias, lastused)
cur = assert(con:execute("INSERT INTO `alias` (`player_id`, `alias`, `cleanalias`, `lastused`, `used`) VALUES ("..tonumber(playerid)..", '"..util.escape(alias).."', '"..util.escape(util.removeColors(alias)).."', "..tonumber(lastused)..", 1)")) cur = assert(con:execute("INSERT INTO `alias` (`player_id`, `alias`, `cleanalias`, `lastused`, `used`) VALUES ("..tonumber(playerid)..", '"..util.escape(alias).."', '"..util.escape(util.removeColors(alias)).."', "..tonumber(lastused)..", 1)"))