rbac::RBACData Class Reference

#include "RBAC.h"

Public Member Functions
	RBACData (uint32 id, std::string const &name, int32 realmId, uint8 secLevel=255)
std::string const &	GetName () const
	Gets the Name of the Object.
uint32	GetId () const
	Gets the Id of the Object.
HasPermission
Checks if certain action is allowed Returns grant or deny action
bool	HasPermission (uint32 permission) const
RBACPermissionContainer const &	GetPermissions () const
	Returns all the granted permissions (after computation)
RBACPermissionContainer const &	GetGrantedPermissions () const
	Returns all the granted permissions.
RBACPermissionContainer const &	GetDeniedPermissions () const
	Returns all the denied permissions.
GrantPermission
Grants a permission Parameters permissionId permission to be granted realmId realm affected Returns Success or failure (with reason) to grant the permission
RBACCommandResult	GrantPermission (uint32 permissionId, int32 realmId=0)
DenyPermission
Denies a permission Parameters permissionId permission to be denied realmId realm affected Returns Success or failure (with reason) to deny the permission
RBACCommandResult	DenyPermission (uint32 permissionId, int32 realmId=0)

Private Member Functions
CalculateNewPermissions
Calculates new permissions Calculates new permissions after some change The calculation is done Granted - Denied: Granted permissions: through linked permissions and directly assigned Denied permissions: through linked permissions and directly assigned
void	CalculateNewPermissions ()
int32	GetRealmId () const
bool	HasGrantedPermission (uint32 permissionId) const
	Checks if a permission is granted.
bool	HasDeniedPermission (uint32 permissionId) const
	Checks if a permission is denied.
void	AddGrantedPermission (uint32 permissionId)
	Adds a new granted permission.
void	RemoveGrantedPermission (uint32 permissionId)
	Removes a granted permission.
void	AddDeniedPermission (uint32 permissionId)
	Adds a new denied permission.
void	RemoveDeniedPermission (uint32 permissionId)
	Removes a denied permission.
void	AddPermissions (RBACPermissionContainer const &permsFrom, RBACPermissionContainer &permsTo)
	Adds a list of permissions to another list.
void	RemovePermissions (RBACPermissionContainer &permsFrom, RBACPermissionContainer const &permsToRemove)
	Removes a list of permissions from another list.

ExpandPermissions
Adds the list of linked permissions to the original list Parameters permissions The list of permissions to expand
uint32	_id
std::string	_name
	‍Account id
int32	_realmId
	‍Account name
uint8	_secLevel
	‍RealmId Affected
RBACPermissionContainer	_grantedPerms
	‍Account SecurityLevel
RBACPermissionContainer	_deniedPerms
	‍Granted permissions
RBACPermissionContainer	_globalPerms
	‍Denied permissions
void	ExpandPermissions (RBACPermissionContainer &permissions)

RevokePermission
Removes a permission Parameters permissionId permission to be removed realmId realm affected Returns Success or failure (with reason) to remove the permission
RBACCommandResult	RevokePermission (uint32 permissionId, int32 realmId=0)
void	LoadFromDB ()
	Loads all permissions assigned to current account.
QueryCallback	LoadFromDBAsync ()
void	LoadFromDBCallback (PreparedQueryResult result)
void	SetSecurityLevel (uint8 id)
	Sets security level.
uint8	GetSecurityLevel () const
	Returns the security level assigned.
void	RecalculatePermissions ()
	For unit testing - forces permission recalculation without database.
void	SetSecurityLevelForTest (uint8 id)
	For unit testing - sets security level without database reload.
void	SavePermission (uint32 role, bool granted, int32 realm)
	Saves a permission to DB, Granted or Denied.
void	ClearData ()
	Clears roles, groups and permissions - Used for reload.

Detailed Description

Constructor & Destructor Documentation

RBACData()

rbac::RBACData::RBACData ( uint32  id, std::string const &  name, int32  realmId, uint8  secLevel = 255  )

inline

                                                                                   :
        _id(id), _name(name), _realmId(realmId), _secLevel(secLevel),
        _grantedPerms(), _deniedPerms(), _globalPerms() { }

Member Function Documentation

AddDeniedPermission()

void rbac::RBACData::AddDeniedPermission ( uint32  permissionId )

inlineprivate

Adds a new denied permission.

    {
        _deniedPerms.insert(permissionId);
    }

Referenced by DenyPermission().

AddGrantedPermission()

void rbac::RBACData::AddGrantedPermission ( uint32  permissionId )

inlineprivate

Adds a new granted permission.

    {
        _grantedPerms.insert(permissionId);
    }

Referenced by GrantPermission().

AddPermissions()

void rbac::RBACData::AddPermissions ( RBACPermissionContainer const &  permsFrom, RBACPermissionContainer &  permsTo  )

private

Adds a list of permissions to another list.

{
    for (uint32 permission : permsFrom)
        permsTo.insert(permission);
}

CalculateNewPermissions()

void rbac::RBACData::CalculateNewPermissions ( )

private

{
    LOG_TRACE("rbac", "RBACData::CalculateNewPermissions [Id: {} Name: {}]", GetId(), GetName());
 
    // Get the list of granted permissions
    _globalPerms = GetGrantedPermissions();
    ExpandPermissions(_globalPerms);
    RBACPermissionContainer revoked = GetDeniedPermissions();
    ExpandPermissions(revoked);
    RemovePermissions(_globalPerms, revoked);
}

References _globalPerms, ExpandPermissions(), GetDeniedPermissions(), GetGrantedPermissions(), GetId(), GetName(), LOG_TRACE, and RemovePermissions().

Referenced by DenyPermission(), GrantPermission(), LoadFromDBCallback(), and RevokePermission().

ClearData()

void rbac::RBACData::ClearData ( )

private

Clears roles, groups and permissions - Used for reload.

{
    _grantedPerms.clear();
    _deniedPerms.clear();
    _globalPerms.clear();
}

References _deniedPerms, _globalPerms, and _grantedPerms.

Referenced by LoadFromDB(), and LoadFromDBAsync().

DenyPermission()

RBACCommandResult rbac::RBACData::DenyPermission	(	uint32	permissionId,
		int32	realmId = 0
	)

{
    // Check if permission Id exists
    RBACPermission const* perm = sAccountMgr->GetRBACPermission(permissionId);
    if (!perm)
    {
        LOG_TRACE("rbac", "RBACData::DenyPermission [Id: {} Name: {}] (Permission {}, RealmId {}). Permission does not exists",
                       GetId(), GetName(), permissionId, realmId);
        return RBAC_ID_DOES_NOT_EXISTS;
    }
 
    // Check if already added in granted list
    if (HasGrantedPermission(permissionId))
    {
        LOG_TRACE("rbac", "RBACData::DenyPermission [Id: {} Name: {}] (Permission {}, RealmId {}). Permission in grant list",
                       GetId(), GetName(), permissionId, realmId);
        return RBAC_IN_GRANTED_LIST;
    }
 
    // Already added?
    if (HasDeniedPermission(permissionId))
    {
        LOG_TRACE("rbac", "RBACData::DenyPermission [Id: {} Name: {}] (Permission {}, RealmId {}). Permission already denied",
                       GetId(), GetName(), permissionId, realmId);
        return RBAC_CANT_ADD_ALREADY_ADDED;
    }
 
    AddDeniedPermission(permissionId);
 
    // Do not save to db when loading data from DB (realmId = 0)
    if (realmId)
    {
        LOG_TRACE("rbac", "RBACData::DenyPermission [Id: {} Name: {}] (Permission {}, RealmId {}). Ok and DB updated",
                       GetId(), GetName(), permissionId, realmId);
        SavePermission(permissionId, false, realmId);
        CalculateNewPermissions();
    }
    else
        LOG_TRACE("rbac", "RBACData::DenyPermission [Id: {} Name: {}] (Permission {}, RealmId {}). Ok",
                       GetId(), GetName(), permissionId, realmId);
 
    return RBAC_OK;
}

References AddDeniedPermission(), CalculateNewPermissions(), GetId(), GetName(), HasDeniedPermission(), HasGrantedPermission(), LOG_TRACE, rbac::RBAC_CANT_ADD_ALREADY_ADDED, rbac::RBAC_ID_DOES_NOT_EXISTS, rbac::RBAC_IN_GRANTED_LIST, rbac::RBAC_OK, sAccountMgr, and SavePermission().

Referenced by rbac_commandscript::HandleRBACPermDenyCommand(), and LoadFromDBCallback().

ExpandPermissions()

void rbac::RBACData::ExpandPermissions ( RBACPermissionContainer &  permissions )

private

{
    RBACPermissionContainer toCheck = permissions;
    permissions.clear();
 
    while (!toCheck.empty())
    {
        // remove the permission from original list
        uint32 permissionId = *toCheck.begin();
        toCheck.erase(toCheck.begin());
 
        RBACPermission const* permission = sAccountMgr->GetRBACPermission(permissionId);
        if (!permission)
            continue;
 
        // insert into the final list (expanded list)
        permissions.insert(permissionId);
 
        // add all linked permissions (that are not already expanded) to the list of permissions to be checked
        RBACPermissionContainer const& linkedPerms = permission->GetLinkedPermissions();
        for (uint32 linkedPerm : linkedPerms)
            if (permissions.find(linkedPerm) == permissions.end())
                toCheck.insert(linkedPerm);
    }
 
    LOG_DEBUG("rbac", "RBACData::ExpandPermissions: Expanded: {}", GetDebugPermissionString(permissions));
}

References rbac::GetDebugPermissionString(), rbac::RBACPermission::GetLinkedPermissions(), LOG_DEBUG, and sAccountMgr.

Referenced by CalculateNewPermissions().

GetDeniedPermissions()

RBACPermissionContainer const & rbac::RBACData::GetDeniedPermissions ( ) const

inline

Returns all the denied permissions.

{ return _deniedPerms; }

Referenced by CalculateNewPermissions(), and rbac_commandscript::HandleRBACPermListCommand().

GetGrantedPermissions()

RBACPermissionContainer const & rbac::RBACData::GetGrantedPermissions ( ) const

inline

Returns all the granted permissions.

{ return _grantedPerms; }

Referenced by CalculateNewPermissions(), and rbac_commandscript::HandleRBACPermListCommand().

GetId()

uint32 rbac::RBACData::GetId ( ) const

inline

Gets the Id of the Object.

{ return _id; }

Referenced by CalculateNewPermissions(), DenyPermission(), GrantPermission(), rbac_commandscript::HandleRBACPermListCommand(), WorldSession::HasPermission(), WorldSession::InvalidateRBACData(), LoadFromDB(), LoadFromDBAsync(), RevokePermission(), and SavePermission().

GetName()

std::string const & rbac::RBACData::GetName ( ) const

inline

Gets the Name of the Object.

{ return _name; }

Referenced by CalculateNewPermissions(), DenyPermission(), GrantPermission(), rbac_commandscript::HandleRBACPermListCommand(), WorldSession::HasPermission(), WorldSession::InvalidateRBACData(), LoadFromDB(), LoadFromDBAsync(), and RevokePermission().

GetPermissions()

RBACPermissionContainer const & rbac::RBACData::GetPermissions ( ) const

inline

Returns all the granted permissions (after computation)

{ return _globalPerms; }

GetRealmId()

int32 rbac::RBACData::GetRealmId ( ) const

inlineprivate

{ return _realmId; }

Referenced by LoadFromDB(), and LoadFromDBAsync().

GetSecurityLevel()

uint8 rbac::RBACData::GetSecurityLevel ( ) const

inline

Returns the security level assigned.

{ return _secLevel; }

Referenced by rbac_commandscript::HandleRBACPermListCommand().

GrantPermission()

RBACCommandResult rbac::RBACData::GrantPermission	(	uint32	permissionId,
		int32	realmId = 0
	)

{
    // Check if permission Id exists
    RBACPermission const* perm = sAccountMgr->GetRBACPermission(permissionId);
    if (!perm)
    {
        LOG_TRACE("rbac", "RBACData::GrantPermission [Id: {} Name: {}] (Permission {}, RealmId {}). Permission does not exists",
                       GetId(), GetName(), permissionId, realmId);
        return RBAC_ID_DOES_NOT_EXISTS;
    }
 
    // Check if already added in denied list
    if (HasDeniedPermission(permissionId))
    {
        LOG_TRACE("rbac", "RBACData::GrantPermission [Id: {} Name: {}] (Permission {}, RealmId {}). Permission in deny list",
                       GetId(), GetName(), permissionId, realmId);
        return RBAC_IN_DENIED_LIST;
    }
 
    // Already added?
    if (HasGrantedPermission(permissionId))
    {
        LOG_TRACE("rbac", "RBACData::GrantPermission [Id: {} Name: {}] (Permission {}, RealmId {}). Permission already granted",
                       GetId(), GetName(), permissionId, realmId);
        return RBAC_CANT_ADD_ALREADY_ADDED;
    }
 
    AddGrantedPermission(permissionId);
 
    // Do not save to db when loading data from DB (realmId = 0)
    if (realmId)
    {
        LOG_TRACE("rbac", "RBACData::GrantPermission [Id: {} Name: {}] (Permission {}, RealmId {}). Ok and DB updated",
                       GetId(), GetName(), permissionId, realmId);
        SavePermission(permissionId, true, realmId);
        CalculateNewPermissions();
    }
    else
        LOG_TRACE("rbac", "RBACData::GrantPermission [Id: {} Name: {}] (Permission {}, RealmId {}). Ok",
                       GetId(), GetName(), permissionId, realmId);
 
    return RBAC_OK;
}

References AddGrantedPermission(), CalculateNewPermissions(), GetId(), GetName(), HasDeniedPermission(), HasGrantedPermission(), LOG_TRACE, rbac::RBAC_CANT_ADD_ALREADY_ADDED, rbac::RBAC_ID_DOES_NOT_EXISTS, rbac::RBAC_IN_DENIED_LIST, rbac::RBAC_OK, sAccountMgr, and SavePermission().

Referenced by rbac_commandscript::HandleRBACPermGrantCommand(), and LoadFromDBCallback().

HasDeniedPermission()

bool rbac::RBACData::HasDeniedPermission ( uint32  permissionId ) const

inlineprivate

Checks if a permission is denied.

    {
        return _deniedPerms.find(permissionId) != _deniedPerms.end();
    }

Referenced by DenyPermission(), GrantPermission(), and RevokePermission().

HasGrantedPermission()

bool rbac::RBACData::HasGrantedPermission ( uint32  permissionId ) const

inlineprivate

Checks if a permission is granted.

    {
        return _grantedPerms.find(permissionId) != _grantedPerms.end();
    }

Referenced by DenyPermission(), GrantPermission(), and RevokePermission().

HasPermission()

bool rbac::RBACData::HasPermission ( uint32  permission ) const

inline

    {
        return _globalPerms.find(permission) != _globalPerms.end();
    }

Referenced by WorldSession::HasPermission().

LoadFromDB()

void rbac::RBACData::LoadFromDB

(

)

Loads all permissions assigned to current account.

{
    ClearData();
 
    LOG_DEBUG("rbac", "RBACData::LoadFromDB [Id: {} Name: {}]: Loading permissions", GetId(), GetName());
    // Load account permissions (granted and denied) that affect current realm
    LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_RBAC_ACCOUNT_PERMISSIONS);
    stmt->SetData(0, GetId());
    stmt->SetData(1, GetRealmId());
 
    LoadFromDBCallback(LoginDatabase.Query(stmt));
}

References ClearData(), GetId(), GetName(), GetRealmId(), LoadFromDBCallback(), LOG_DEBUG, LOGIN_SEL_RBAC_ACCOUNT_PERMISSIONS, LoginDatabase, and PreparedStatementBase::SetData().

Referenced by WorldSession::LoadPermissions().

LoadFromDBAsync()

QueryCallback rbac::RBACData::LoadFromDBAsync

(

)

{
    ClearData();
 
    LOG_DEBUG("rbac", "RBACData::LoadFromDB [Id: {} Name: {}]: Loading permissions", GetId(), GetName());
    // Load account permissions (granted and denied) that affect current realm
    LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_SEL_RBAC_ACCOUNT_PERMISSIONS);
    stmt->SetData(0, GetId());
    stmt->SetData(1, GetRealmId());
 
    return LoginDatabase.AsyncQuery(stmt);
}

References ClearData(), GetId(), GetName(), GetRealmId(), LOG_DEBUG, LOGIN_SEL_RBAC_ACCOUNT_PERMISSIONS, LoginDatabase, and PreparedStatementBase::SetData().

Referenced by WorldSession::LoadPermissionsAsync().

LoadFromDBCallback()

void rbac::RBACData::LoadFromDBCallback

(

PreparedQueryResult

result

)

{
    if (result)
    {
        do
        {
            Field* fields = result->Fetch();
            if (fields[1].Get<bool>())
                GrantPermission(fields[0].Get<uint32>());
            else
                DenyPermission(fields[0].Get<uint32>());
        } while (result->NextRow());
    }
 
    // Add default permissions
    RBACPermissionContainer const& permissions = sAccountMgr->GetRBACDefaultPermissions(_secLevel);
    for (uint32 permission : permissions)
        GrantPermission(permission);
 
    // Force calculation of permissions
    CalculateNewPermissions();
}

References _secLevel, CalculateNewPermissions(), DenyPermission(), GrantPermission(), and sAccountMgr.

Referenced by WorldSession::InitRBACDataForTest(), and LoadFromDB().

RecalculatePermissions()

void rbac::RBACData::RecalculatePermissions ( )

inline

For unit testing - forces permission recalculation without database.

{ CalculateNewPermissions(); }

RemoveDeniedPermission()

void rbac::RBACData::RemoveDeniedPermission ( uint32  permissionId )

inlineprivate

Removes a denied permission.

    {
        _deniedPerms.erase(permissionId);
    }

Referenced by RevokePermission().

RemoveGrantedPermission()

void rbac::RBACData::RemoveGrantedPermission ( uint32  permissionId )

inlineprivate

Removes a granted permission.

    {
        _grantedPerms.erase(permissionId);
    }

Referenced by RevokePermission().

RemovePermissions()

void rbac::RBACData::RemovePermissions ( RBACPermissionContainer &  permsFrom, RBACPermissionContainer const &  permsToRemove  )

private

Removes a list of permissions from another list.

{
    for (uint32 permission: permsToRemove)
        permsFrom.erase(permission);
}

Referenced by CalculateNewPermissions().

RevokePermission()

RBACCommandResult rbac::RBACData::RevokePermission	(	uint32	permissionId,
		int32	realmId = 0
	)

{
    // Check if it's present in any list
    if (!HasGrantedPermission(permissionId) && !HasDeniedPermission(permissionId))
    {
        LOG_TRACE("rbac", "RBACData::RevokePermission [Id: {} Name: {}] (Permission {}, RealmId {}). Not granted or revoked",
                       GetId(), GetName(), permissionId, realmId);
        return RBAC_CANT_REVOKE_NOT_IN_LIST;
    }
 
    RemoveGrantedPermission(permissionId);
    RemoveDeniedPermission(permissionId);
 
    // Do not save to db when loading data from DB (realmId = 0)
    if (realmId)
    {
        LOG_TRACE("rbac", "RBACData::RevokePermission [Id: {} Name: {}] (Permission {}, RealmId {}). Ok and DB updated",
                       GetId(), GetName(), permissionId, realmId);
        LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_DEL_RBAC_ACCOUNT_PERMISSION);
        stmt->SetData(0, GetId());
        stmt->SetData(1, permissionId);
        stmt->SetData(2, realmId);
        LoginDatabase.Execute(stmt);
 
        CalculateNewPermissions();
    }
    else
        LOG_TRACE("rbac", "RBACData::RevokePermission [Id: {} Name: {}] (Permission {}, RealmId {}). Ok",
                       GetId(), GetName(), permissionId, realmId);
 
    return RBAC_OK;
}

References CalculateNewPermissions(), GetId(), GetName(), HasDeniedPermission(), HasGrantedPermission(), LOG_TRACE, LOGIN_DEL_RBAC_ACCOUNT_PERMISSION, LoginDatabase, rbac::RBAC_CANT_REVOKE_NOT_IN_LIST, rbac::RBAC_OK, RemoveDeniedPermission(), RemoveGrantedPermission(), and PreparedStatementBase::SetData().

Referenced by rbac_commandscript::HandleRBACPermRevokeCommand().

SavePermission()

void rbac::RBACData::SavePermission ( uint32  role, bool  granted, int32  realm  )

private

Saves a permission to DB, Granted or Denied.

{
    LoginDatabasePreparedStatement* stmt = LoginDatabase.GetPreparedStatement(LOGIN_INS_RBAC_ACCOUNT_PERMISSION);
    stmt->SetData(0, GetId());
    stmt->SetData(1, permission);
    stmt->SetData(2, granted);
    stmt->SetData(3, realmId);
    LoginDatabase.Execute(stmt);
}

References GetId(), LOGIN_INS_RBAC_ACCOUNT_PERMISSION, LoginDatabase, and PreparedStatementBase::SetData().

Referenced by DenyPermission(), and GrantPermission().

SetSecurityLevel()

void rbac::RBACData::SetSecurityLevel ( uint8  id )

inline

Sets security level.

    {
        _secLevel = id;
        LoadFromDB();
    }

SetSecurityLevelForTest()

void rbac::RBACData::SetSecurityLevelForTest ( uint8  id )

inline

For unit testing - sets security level without database reload.

{ _secLevel = id; }

Member Data Documentation

_deniedPerms

RBACPermissionContainer rbac::RBACData::_deniedPerms

private

‍Granted permissions

Referenced by ClearData().

_globalPerms

RBACPermissionContainer rbac::RBACData::_globalPerms

private

‍Denied permissions

Referenced by CalculateNewPermissions(), and ClearData().

_grantedPerms

RBACPermissionContainer rbac::RBACData::_grantedPerms

private

‍Account SecurityLevel

Referenced by ClearData().

_id

uint32 rbac::RBACData::_id

private

_name

std::string rbac::RBACData::_name

private

‍Account id

_realmId

int32 rbac::RBACData::_realmId

private

‍Account name

_secLevel

uint8 rbac::RBACData::_secLevel

private

‍RealmId Affected

Referenced by LoadFromDBCallback().

---

The documentation for this class was generated from the following files:

• azerothcore-wotlk/src/server/game/Accounts/RBAC.h
• azerothcore-wotlk/src/server/game/Accounts/RBAC.cpp