Added support for group based authentication.

cstrike/cfg/sourcemod/zombiereloaded/zombiereloaded.cfg

@@ -133,6 +133,15 @@ zr_config_path_weapons "configs/zr/weapons.txt"
 zr_config_path_hitgroups "configs/zr/hitgroups.txt"
 
 
+// ----------------------------------------------------------------------------
+// Permission settings
+// ----------------------------------------------------------------------------
+
+// Use group authentication instead of flags to access admin features. Generic admin flag is still required on some features.
+// -
+// Default: "0"
+zr_permissions_use_groups "0"
+
 // ----------------------------------------------------------------------------
 // Classes (core)
 // ----------------------------------------------------------------------------

src/zombiereloaded.sp

@@ -41,6 +41,7 @@
 #include "zr/zombiereloaded"
 #include "zr/translation"
 #include "zr/cvars"
+#include "zr/admintools"
 #include "zr/log"
 #include "zr/config"
 #include "zr/steamidcache"

src/zr/admintools.inc

@@ -0,0 +1,168 @@
+/*
+ * ============================================================================
+ *
+ *  Zombie:Reloaded
+ *
+ *  File:          admintools.inc
+ *  Type:          Core 
+ *  Description:   Functions for checking extended admin privileges.
+ *
+ *  Copyright (C) 2009  Greyscale, Richard Helgeby
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * ============================================================================
+ */
+
+/**
+ * @section Pre-defined group names for authenticating players.
+ */
+#define ZR_GROUP_ADMINS         "zr_admins"
+#define ZR_GROUP_MODERATORS     "zr_moderators"
+#define ZR_GROUP_CONFIGURATORS  "zr_configurators"
+/**
+ * @endsection
+ */
+
+/**
+ * List of operation types to specify the category of a admin operation.
+ */
+enum OperationTypes
+{
+    OperationType_Invalid = -1,     /** Invalid operation type. */
+    OperationType_Generic,          /** Generic events like infecting or teleporting players. */
+    OperationType_Configuration,    /** Changing settings. */
+}
+
+
+/**
+ * Returns whether a player is allowed to do a certain operation or not.
+ *
+ * @param client            The client index.
+ * @param operationType     The operation category.
+ * @return                  True if allowed, false otherwise.
+ */
+stock bool:ZRIsClientPrivileged(client, OperationTypes:operationType = OperationType_Generic)
+{
+    // Validate client index.
+    if (!ZRIsClientValid(client))
+    {
+        return false;
+    }
+    
+    // Check if group permissions is enabled.
+    new bool:groupauth = GetConVarBool(g_hCvarsList[CVAR_PERMISSIONS_USE_GROUPS]);
+    if (groupauth)
+    {
+        /**********************************
+         *                                *
+         *   GROUP BASED AUTHENTICATION   *
+         *                                *
+         **********************************/
+         
+        // Check if client is full admin.
+        if (ZRIsClientInGroup(client, ZR_GROUP_ADMINS))
+        {
+            return true;
+        }
+        
+        // Check operation type.
+        switch (operationType)
+        {
+            case OperationType_Generic:
+            {
+                return ZRIsClientInGroup(client, ZR_GROUP_MODERATORS);
+            }
+            case OperationType_Configuration:
+            {
+                return ZRIsClientInGroup(client, ZR_GROUP_CONFIGURATORS);
+            }
+        }
+        
+        // Invalid operation type.
+        return false;
+    }
+    else
+    {
+        /*********************************
+         *                               *
+         *   FLAG BASED AUTHENTICATION   *
+         *                               *
+         *********************************/
+        
+        new AdminFlag:flag;
+        
+        // Check operation type.
+        switch (operationType)
+        {
+            case OperationType_Generic:
+            {
+                flag = Admin_Generic;
+            }
+            case OperationType_Configuration:
+            {
+                flag = Admin_Config;
+            }
+            default:
+            {
+                // Invalid operation type.
+                return false;
+            }
+        }
+        
+        return GetAdminFlag(GetUserAdmin(client), flag);
+    }
+}
+
+/**
+ * Returns whether a player is in a spesific group or not.
+ *
+ * @param client        The client index.
+ * @param groupName     SourceMod group name to check.
+ * @return              True if in the group, false otherwise.
+ */
+stock bool:ZRIsClientInGroup(client, const String:groupName[])
+{
+    new AdminId:id = GetUserAdmin(client);
+    
+    // Validate id.
+    if (id == INVALID_ADMIN_ID)
+    {
+        return false;
+    }
+    
+    // Get number of groups.
+    new groupnum = GetAdminGroupCount(id);
+    decl String:groupname[64];
+    
+    // Validate number of groups.
+    if (groupnum > 0)
+    {
+        // Loop through each group.
+        for (new group = 0; group < groupnum; group++)
+        {
+            // Get group name.
+            GetAdminGroup(id, group, groupname, sizeof(groupname));
+            
+            // Compare names.
+            if (StrEqual(groupName, groupname, false))
+            {
+                return true;
+            }
+        }
+    }
+    
+    // No groups or no match.
+    return false;
+}

src/zr/cvars.inc

@@ -52,6 +52,7 @@ enum CvarsList
     Handle:CVAR_CONFIG_PATH_CLASSES,
     Handle:CVAR_CONFIG_PATH_WEAPONS,
     Handle:CVAR_CONFIG_PATH_HITGROUPS,
+    Handle:CVAR_PERMISSIONS_USE_GROUPS,
     Handle:CVAR_CLASSES_SPAWN,
     Handle:CVAR_CLASSES_RANDOM,
     Handle:CVAR_CLASSES_CHANGE_TIMELIMIT,
@@ -235,6 +236,12 @@ CvarsCreate()
     g_hCvarsList[CVAR_CONFIG_PATH_HITGROUPS]     =    CreateConVar("zr_config_path_hitgroups",      "configs/zr/hitgroups.txt",             "Path, relative to root sourcemod directory, to hitgroups config file.");
     
     
+    // ===========================
+    // Permission Settings
+    // ===========================
+    g_hCvarsList[CVAR_PERMISSIONS_USE_GROUPS]    =    CreateConVar("zr_permissions_use_groups",     "0",    "Use group authentication instead of flags to access admin features. Generic admin flag is still required on some features.");
+    
+    
     // ===========================
     // Classes (core)
     // ===========================

src/zr/playerclasses/classmenus.inc

@@ -409,15 +409,9 @@ public ClassMenuSelectHandle(Handle:menu, MenuAction:action, client, slot)
  * @return          True if displayed, false otherwise.
  */
 bool:ClassTeamSelect(client)
-{
-    // Validate client.
-    if (!ZRIsClientValid(client, false))
-    {
-        return false;
-    }
-    
+{    
     // Validate permissions.
-    if (!ZRIsClientAdmin(client, Admin_Config))
+    if (!ZRIsClientPrivileged(client, OperationType_Configuration))
     {
         return false;
     }

src/zr/zadmin.inc

@@ -64,7 +64,7 @@ public Action:ZAdminCommand(client, argc)
  */
 bool:ZAdminMenu(client)
 {
-    // If client isn't an admin, then stop.
+    // If client isn't an generic admin, then stop.
     if (!ZRIsClientAdmin(client))
     {
         TranslationPrintToChat(client, "Must be admin");
@@ -94,16 +94,18 @@ bool:ZAdminMenu(client)
     Format(ztele, sizeof(ztele), "%t", "ZAdmin main force ztele");
     
     // Get conditions for options.
-    new bool:hitgroupsenabled = GetConVarBool(g_hCvarsList[CVAR_HITGROUPS]);
+    new configdraw = MenuGetItemDraw(ZRIsClientPrivileged(client, OperationType_Configuration));
+    new moderatordraw = MenuGetItemDraw(ZRIsClientPrivileged(client, OperationType_Generic));
+    new bool:hitgroupsenabled = GetConVarBool(g_hCvarsList[CVAR_HITGROUPS]) && ZRIsClientPrivileged(client, OperationType_Configuration);
     
     // Add items to menu.
     SetMenuTitle(menu_zadmin, title);
-    AddMenuItem(menu_zadmin, "classmultipliers", classmultipliers);
-    AddMenuItem(menu_zadmin, "weapons", weapons);
+    AddMenuItem(menu_zadmin, "classmultipliers", classmultipliers, configdraw);
+    AddMenuItem(menu_zadmin, "weapons", weapons, configdraw);
     AddMenuItem(menu_zadmin, "hitgroups", hitgroups, MenuGetItemDraw(hitgroupsenabled));
-    AddMenuItem(menu_zadmin, "infect", infect);
-    AddMenuItem(menu_zadmin, "zspawn", zspawn);
-    AddMenuItem(menu_zadmin, "ztele", ztele);
+    AddMenuItem(menu_zadmin, "infect", infect, moderatordraw);
+    AddMenuItem(menu_zadmin, "zspawn", zspawn, moderatordraw);
+    AddMenuItem(menu_zadmin, "ztele", ztele, moderatordraw);
     
     // Set "Back" button.
     SetMenuExitBackButton(menu_zadmin, true);

src/zr/zombiereloaded.inc

@@ -235,7 +235,7 @@ stock bool:ZRTeamHasClients(team = -1)
 }
 
 /**
- * Returns whether a player is a generic admin or not.
+ * Returns whether a player is a admin or not.
  *
  * @param client    The client index.
  * @param flag      Optional. Flag to check. Default is generic admin flag.
@@ -249,7 +249,7 @@ stock bool:ZRIsClientAdmin(client, AdminFlag:flag = Admin_Generic)
         return false;
     }
     
-    // If client doesn't have the Admin_Generic flag, then stop.
+    // If client doesn't have the specified flag, then stop.
     if (!GetAdminFlag(GetUserAdmin(client), flag))
     {
         return false;