cyberpresidentvanellope/S.P.L.U.R.T-Station-13
1
0
Fork 0
mirror of https://github.com/SPLURT-Station/S.P.L.U.R.T-Station-13.git synced 2025-12-09 16:07:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

event permissions

Browse Source
This commit is contained in:
silicons
2020-10-07 14:43:53 -07:00
parent 89cfde9c34
commit 8e83dcd697
11 changed files with 44 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
code/__DEFINES/admin.dm
View File

@@ -35,8 +35,9 @@
#define R_SPAWN (1<<12) #define R_SPAWN (1<<12)
#define R_AUTOLOGIN (1<<13) #define R_AUTOLOGIN (1<<13)
#define R_DBRANKS (1<<14) #define R_DBRANKS (1<<14)
#define R_SENSITIVE (1<<15)
#define R_DEFAULT R_AUTOLOGIN #define R_DEFAULT R_AUTOLOGIN | R_SENSITIVE
#define R_EVERYTHING ALL //the sum of all other rank permissions, used for +EVERYTHING #define R_EVERYTHING ALL //the sum of all other rank permissions, used for +EVERYTHING

2
code/__HELPERS/type2type.dm
View File

@@ -225,6 +225,8 @@
. += "[seperator]AUTOLOGIN" . += "[seperator]AUTOLOGIN"
if(rights & R_DBRANKS) if(rights & R_DBRANKS)
. += "[seperator]DBRANKS" . += "[seperator]DBRANKS"
if(rights & R_SENSITIVE)
. += "[seperator]SENSITIVE"
if(!.) if(!.)
. = "NONE" . = "NONE"
return . return .

3
code/_globalvars/bitfields.dm
View File

@@ -67,7 +67,8 @@ GLOBAL_LIST_INIT(bitfields, list(
"SOUNDS" = R_SOUNDS, "SOUNDS" = R_SOUNDS,
"SPAWN" = R_SPAWN, "SPAWN" = R_SPAWN,
"AUTOLOGIN" = R_AUTOLOGIN, "AUTOLOGIN" = R_AUTOLOGIN,
"DBRANKS" = R_DBRANKS "DBRANKS" = R_DBRANKS,
"SENSITIVE" = R_SENSITIVE
), ),
"interaction_flags_atom" = list( "interaction_flags_atom" = list(
"INTERACT_ATOM_REQUIRES_ANCHORED" = INTERACT_ATOM_REQUIRES_ANCHORED, "INTERACT_ATOM_REQUIRES_ANCHORED" = INTERACT_ATOM_REQUIRES_ANCHORED,

7
code/modules/admin/admin_ranks.dm
View File

@@ -44,6 +44,11 @@ GLOBAL_PROTECT(protected_ranks)
/datum/admin_rank/vv_edit_var(var_name, var_value) /datum/admin_rank/vv_edit_var(var_name, var_value)
return FALSE return FALSE
/datum/admin_rank/CanProcCall(procname)
. = ..()
if(!check_rights(R_SENSITIVE))
return FALSE
/proc/admin_keyword_to_flag(word, previous_rights=0) /proc/admin_keyword_to_flag(word, previous_rights=0)
var/flag = 0 var/flag = 0
switch(ckey(word)) switch(ckey(word))
@@ -79,6 +84,8 @@ GLOBAL_PROTECT(protected_ranks)
flag = R_AUTOLOGIN flag = R_AUTOLOGIN
if("dbranks") if("dbranks")
flag = R_DBRANKS flag = R_DBRANKS
if("sensitive")
flag = R_SENSITIVE
if("@","prev") if("@","prev")
flag = previous_rights flag = previous_rights
return flag return flag

5
code/modules/admin/holder2.dm
View File

@@ -28,6 +28,11 @@ GLOBAL_PROTECT(href_token)
var/deadmined var/deadmined
/datum/admins/CanProcCall(procname)
. = ..()
if(!check_rights(R_SENSITIVE))
return FALSE
/datum/admins/New(datum/admin_rank/R, ckey, force_active = FALSE, protected) /datum/admins/New(datum/admin_rank/R, ckey, force_active = FALSE, protected)
if(IsAdminAdvancedProcCall()) if(IsAdminAdvancedProcCall())
var/msg = " has tried to elevate permissions!" var/msg = " has tried to elevate permissions!"

2
code/modules/admin/sql_message_system.dm
View File

@@ -299,6 +299,8 @@
qdel(query_find_message_secret) qdel(query_find_message_secret)
/proc/browse_messages(type, target_ckey, index, linkless = FALSE, filter, agegate = FALSE) /proc/browse_messages(type, target_ckey, index, linkless = FALSE, filter, agegate = FALSE)
if(!check_rights(R_SENSITIVE))
return
if(!SSdbcore.Connect()) if(!SSdbcore.Connect())
to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>") to_chat(usr, "<span class='danger'>Failed to establish database connection.</span>")
return return

2
code/modules/admin/verbs/getlogs.dm
View File

@@ -14,6 +14,8 @@
browseserverlogs("[GLOB.log_directory]/") browseserverlogs("[GLOB.log_directory]/")
/client/proc/browseserverlogs(path = "data/logs/") /client/proc/browseserverlogs(path = "data/logs/")
if(!check_rights(R_SENSITIVE))
return
path = browse_files(path) path = browse_files(path)
if(!path) if(!path)
return return

14
code/modules/client/client_procs.dm
View File

@@ -917,8 +917,22 @@ GLOBAL_LIST_INIT(blacklisted_builds, list(
if(NAMEOF(src, view)) if(NAMEOF(src, view))
change_view(var_value) change_view(var_value)
return TRUE return TRUE
if(NAMEOF(src, computer_id))
return FALSE
if(NAMEOF(src, address))
return FALSE
. = ..() . = ..()
/client/vv_get_var(var_name)
. = ..()
switch(var_name)
if(NAMEOF(src, computer_id))
if(!check_rights(R_SENSITIVE, FALSE))
return "SENSITIVE"
if(NAMEOF(src, address))
if(!check_rights(R_SENSITIVE, FALSE))
return "SENSITIVE"
/client/proc/rescale_view(change, min, max) /client/proc/rescale_view(change, min, max)
var/viewscale = getviewsize(view) var/viewscale = getviewsize(view)
var/x = viewscale[1] var/x = viewscale[1]

6
code/modules/mob/mob.dm
View File

@@ -991,6 +991,12 @@ GLOBAL_VAR_INIT(exploit_warn_spam_prevention, 0)
switch(var_name) switch(var_name)
if("logging") if("logging")
return debug_variable(var_name, logging, 0, src, FALSE) return debug_variable(var_name, logging, 0, src, FALSE)
if(NAMEOF(src, lastKnownIP))
if(!check_rights(R_SENSITIVE, FALSE))
return "SENSITIVE"
if(NAMEOF(src, computer_id))
if(!check_rights(R_SENSITIVE, FALSE))
return "SENSITIVE"
. = ..() . = ..()
/mob/vv_auto_rename(new_name) /mob/vv_auto_rename(new_name)

2
code/modules/power/singularity/investigate.dm
View File

@@ -1,4 +1,4 @@
/area/engine/engineering/poweralert(state, source) /area/engine/engineering/poweralert(state, source)
if (state != poweralm) if (state != poweralm)
investigate_log("has a power alarm!", INVESTIGATE_SINGULO) investigate_log("has a power alarm!", INVESTIGATE_SINGULO)
..() ..()

1
config/admin_ranks.txt
View File

@@ -30,6 +30,7 @@
# +SPAWN (or +CREATE) = mob transformations, spawning of most atoms including mobs (high-risk atoms, e.g. blackholes, will require the +FUN flag too) # +SPAWN (or +CREATE) = mob transformations, spawning of most atoms including mobs (high-risk atoms, e.g. blackholes, will require the +FUN flag too)
# +AUTOLOGIN = admin gains powers upon connect. This defaults to on, you can use -AUTOLOGIN to make a role require using the readmin verb to gain powers. (this does not effect the admin's ability to walk past bans or other on-connect limitations like panic bunker or pop limit.) # +AUTOLOGIN = admin gains powers upon connect. This defaults to on, you can use -AUTOLOGIN to make a role require using the readmin verb to gain powers. (this does not effect the admin's ability to walk past bans or other on-connect limitations like panic bunker or pop limit.)
# +DBRANKS = when sql-based admin loading is enabled, allows for non-temporary changes in the permissions panel to be saved (requires DB) # +DBRANKS = when sql-based admin loading is enabled, allows for non-temporary changes in the permissions panel to be saved (requires DB)
# +SENSITIVE = Defaults to on, use - to remove it. Allows reading IPs, CIDs, grabbing logs, and proccalls to certain things like admin holders/clients/subsystems considered "sensitive".
# +EVERYTHING (or +HOST or +ALL) = Simply gives you everything without having to type every flag # +EVERYTHING (or +HOST or +ALL) = Simply gives you everything without having to type every flag
# END_KEYWORDS # END_KEYWORDS