feature: add player.[serverID] principal to player contexts

citizenfx · Apr 19, 2020 · fd3fae9 · fd3fae9
1 parent 39eabb6
commit fd3fae9
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 9 deletions.
diff --git a/code/client/citicore/se/Security.cpp b/code/client/citicore/se/Security.cpp
@@ -280,10 +280,19 @@ extern "C" se::Context* seGetCurrentContext()
 				}
 				else
 				{
-					console::Printf("security", "Access type needs to be 'allow' or 'deny'.");
+					console::Printf("security", "Access type needs to be 'allow' or 'deny'.\n");
 					return;
 				}
 
+				for (auto& principalRef : se::g_principalStack)
+				{
+					if (principalRef.get().GetIdentifier() == principal)
+					{
+						console::Printf("security", "Changing ones own access is not permitted.\n");
+						return;
+					}
+				}
+
 				seGetCurrentContext()->AddAccessControlEntry(se::Principal{ principal }, se::Object{ object }, type);
 			});
 
@@ -306,10 +315,19 @@ extern "C" se::Context* seGetCurrentContext()
 				}
 				else
 				{
-					console::Printf("security", "Access type needs to be 'allow' or 'deny'.");
+					console::Printf("security", "Access type needs to be 'allow' or 'deny'.\n");
 					return;
 				}
 
+				for (auto& principalRef : se::g_principalStack)
+				{
+					if (principalRef.get().GetIdentifier() == principal)
+					{
+						console::Printf("security", "Changing ones own access is not permitted.\n");
+						return;
+					}
+				}
+
 				seGetCurrentContext()->RemoveAccessControlEntry(se::Principal{ principal }, se::Object{ object }, type);
 			});
 

diff --git a/code/components/citizen-server-impl/include/Client.h b/code/components/citizen-server-impl/include/Client.h
@@ -231,6 +231,8 @@ namespace fx
 			{
 				m_principals.emplace_back(se::Principal{ fmt::sprintf("identifier.%s", identifier) });
 			}
+
+			m_principals.emplace_back(se::Principal{ fmt::sprintf("player.%d", m_netId) });
 		}
 
 	private:

diff --git a/code/components/citizen-server-impl/src/Client.cpp b/code/components/citizen-server-impl/src/Client.cpp
@@ -28,6 +28,8 @@ namespace fx
 		m_netId = netId;
 
 		OnAssignNetId();
+
+		UpdateCachedPrincipalValues();
 	}
 
 	void Client::SetTcpEndPoint(const std::string& value)

diff --git a/code/components/citizen-server-impl/src/PlayerScriptFunctions.cpp b/code/components/citizen-server-impl/src/PlayerScriptFunctions.cpp
@@ -104,13 +104,7 @@ static void CreatePlayerCommands()
 		const char* object = context.CheckArgument<const char*>(1);
 
 		se::ScopedPrincipalReset reset;
-
-		std::vector<std::unique_ptr<se::ScopedPrincipal>> principals;
-
-		for (auto& identifier : client->GetIdentifiers())
-		{
-			principals.emplace_back(std::make_unique<se::ScopedPrincipal>(se::Principal{ fmt::sprintf("identifier.%s", identifier) }));
-		}
+		auto principalScope = client->EnterPrincipalScope();
 
 		return seCheckPrivilege(object);
 	}));