Raised This Month: $12 Target: $400
 3% 

CheckCommandAccess fails check access


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
ZASTRELIS
Veteran Member
Join Date: Nov 2010
Location: Siberia, Irkutsk
Old 10-30-2020 , 13:09   CheckCommandAccess fails check access
Reply With Quote #1

PHP Code:
RegAdminCmd("sm_access_viewer"Command_AccessViewerADMFLAG_GENERIC|ADMFLAG_ROOT|ADMFLAG_CUSTOM6"Usage command sm_access_viewer"); 
PHP Code:
if(CheckCommandAccess(i"sm_access_viewer"ADMFLAG_CUSTOM6)) {
    ++
iPlayersNum[VIP];
    
iPlayersAccess[i][VIP] = 1;
}
if(
CheckCommandAccess(i"sm_access_viewer"ADMFLAG_ROOT)) {
    ++
iPlayersNum[ADMIN];
    
iPlayersAccess[i][ADMIN] = 1;
}
else if(
CheckCommandAccess(i"sm_access_viewer"ADMFLAG_GENERIC)) {
    ++
iPlayersNum[MODER];
    
iPlayersAccess[i][MODER] = 1;

CheckCommandAccess ADMFLAG_GENERIC always false for client with `abjkt` flags

Last edited by ZASTRELIS; 10-30-2020 at 13:10.
ZASTRELIS is offline
SSheriFF
AlliedModders Donor
Join Date: May 2020
Location: Israel
Old 10-30-2020 , 14:03   Re: CheckCommandAccess fails check access
Reply With Quote #2

Quote:
Originally Posted by ZASTRELIS View Post
PHP Code:
RegAdminCmd("sm_access_viewer"Command_AccessViewerADMFLAG_GENERIC|ADMFLAG_ROOT|ADMFLAG_CUSTOM6"Usage command sm_access_viewer"); 
PHP Code:
if(CheckCommandAccess(i"sm_access_viewer"ADMFLAG_CUSTOM6)) {
    ++
iPlayersNum[VIP];
    
iPlayersAccess[i][VIP] = 1;
}
if(
CheckCommandAccess(i"sm_access_viewer"ADMFLAG_ROOT)) {
    ++
iPlayersNum[ADMIN];
    
iPlayersAccess[i][ADMIN] = 1;
}
else if(
CheckCommandAccess(i"sm_access_viewer"ADMFLAG_GENERIC)) {
    ++
iPlayersNum[MODER];
    
iPlayersAccess[i][MODER] = 1;

CheckCommandAccess ADMFLAG_GENERIC always false for client with `abjkt` flags
try
PHP Code:
if(CheckCommandAccess(i"sm_access_viewer"ADMFLAG_CUSTOM6true)) {
    ++
iPlayersNum[VIP];
    
iPlayersAccess[i][VIP] = 1;
}
else if(
CheckCommandAccess(i"sm_access_viewer"ADMFLAG_ROOTtrue)) {
    ++
iPlayersNum[ADMIN];
    
iPlayersAccess[i][ADMIN] = 1;
}
else if(
CheckCommandAccess(i"sm_access_viewer"ADMFLAG_GENERICtrue)) {
    ++
iPlayersNum[MODER];
    
iPlayersAccess[i][MODER] = 1;

__________________
Taking small private requests (Free) and big private requests (Paid).
Contact me via Discord: WilDick#1524

My Plugins:
SSheriFF is offline
Marttt
Veteran Member
Join Date: Jan 2019
Location: Brazil
Old 10-30-2020 , 16:39   Re: CheckCommandAccess fails check access
Reply With Quote #3

What is your Sourcemod version?
__________________
Marttt is offline
Bacardi
Veteran Member
Join Date: Jan 2010
Location: mom's basement
Old 10-30-2020 , 17:22   Re: CheckCommandAccess fails check access
Reply With Quote #4

You maybe want start use admin groups, not need hassle with flags.


Example:
Code:
enum
{
	NONE = 0,
	ADMIN,
	MODER,
	VIP,
	totalgroups
}

int PlayersNum[totalgroups];

public void OnPluginStart()
{
	RegConsoleCmd("sm_test", test);
}

public Action test(int client, int args)
{

	for(int a = 0; a < sizeof(PlayersNum); a++)
	{
		PlayersNum[a] = 0;
	}

	PrintToServer("\n");
	
	for(int i = 1; i <= MaxClients; i++)
	{
		// skip
		if(!IsClientInGame(i) || !IsClientAuthorized(i)) continue;

		// Check order from highest to low, ADMIN -> MODER -> VIP


		if(CheckCommandAccess(i, "access_ADMIN", ADMFLAG_ROOT, true)) // true = will not look admin flags from command called 'access_ADMIN'
		{
			PrintToServer("%N have 'access_ADMIN'", i);
			PlayersNum[ADMIN]++;
			continue;
		}

		if(CheckCommandAccess(i, "access_MODER", ADMFLAG_ROOT, true))
		{
			PrintToServer("%N have 'access_MODER'", i);
			PlayersNum[MODER]++;
			continue;
		}

		if(CheckCommandAccess(i, "access_VIP", ADMFLAG_ROOT, true))
		{
			PrintToServer("%N have 'access_VIP'", i);
			PlayersNum[VIP]++;
			continue;
		}

		PlayersNum[NONE]++;
	}



	PrintToServer("PlayersNum[NONE]	= %i",	PlayersNum[NONE]);
	PrintToServer("PlayersNum[ADMIN]	= %i", PlayersNum[ADMIN]);
	PrintToServer("PlayersNum[MODER]	= %i", PlayersNum[MODER]);
	PrintToServer("PlayersNum[VIP]		= %i", 	PlayersNum[VIP]);


	return Plugin_Handled;
}

admin_groups.cfg
Code:
Groups
{
	/**
	 * Allowed properties for a group:
	 *
	 *   "flags"           - Flag string.
	 *   "immunity"        - Immunity level number, or a group name.
	 *						 If the group name is a number, prepend it with an 
	 *						 '@' symbol similar to admins_simple.ini.  Users 
	 *						 will only inherit the level number if it's higher 
	 *						 than their current value.
	 */
	"Default"
	{
		"immunity"		"1"
	}
	
	"Full Admins"
	{
		/**
		 * You can override commands and command groups here.
		 * Specify a command name or group and either "allow" or "deny"
		 * Examples:
		 * 		":CSDM"			"allow"
		 *		"csdm_enable"	"deny"
		 */
		 Overrides
		 {
		 }
		"flags"			"abcdefghijklmnopqrst"

		/* Largish number for lots of in-between values. */
		"immunity"		"99"
	}

	"Admin"
	{
		"flags" "abcdefghijklmn"
		
		"Overrides"
		{
			"access_ADMIN"	"allow"
		}
	}


	"Moderator"
	{
		"flags" "abc"
		
		"Overrides"
		{
			"access_MODER"	"allow"
		}
	}


	"VIP"
	{
		"flags" "op"
		
		"Overrides"
		{
			"access_VIP"	"allow"
		}
	}

}
admins.cfg
Code:
/**
* USE THIS SECTION TO DECLARE DETAILED ADMIN PROPERTIES.
*
* Each admin should have its own "Admin" section, followed by a name.
* The name does not have to be unique.
*
* Available properties: (Anything else is filtered as custom)
*      "auth"          - REQUIRED - Auth method to use.  Built-in methods are:
*                        "steam"  - Steam based authentication
*                        "name"   - Name based authentication
*                        "ip"    - IP based authentication
*                        Anything else is treated as custom.
*                     Note: Only one auth method is allowed per entry.
*
*      "identity"      - REQUIRED - Identification string, for example, a steamid or name.
*                     Note: Only one identity is allowed per entry.
*
*      "password"      - Optional password to require.
*      "group"         - Adds one group to the user's group table.
*      "flags"         - Adds one or more flags to the user's permissions.
*        "immunity"        - Sets the user's immunity level (0 = no immunity).
*                          Immunity can be any value.  Admins with higher 
*                          values cannot be targetted.  See sm_immunity_mode 
*                          to tweak the rules.  Default value is 0.
*
* Example:
	"BAILOPAN"
	{
		"auth"            "steam"
		"identity"        "STEAM_0:1:16"
		"flags"            "abcdef"
	}
*
*/
Admins
{
	"Bacardi"
	{
		"auth"        "steam"
		"identity"    "STEAM_1:1:14163588"
		"group"			"Admin"
	}

	"QWERTY"
	{
		"auth"        "steam"
		"identity"    "STEAM_1:1:14163586"
		"group"			"Moderator"
	}

	"Asdasd"
	{
		"auth"        "steam"
		"identity"    "STEAM_1:1:14163582"
		"group"			"VIP"
	}  
}

And my tip is:
- If you want avoid admin problems in future, do not give ROOT flag "z" to anyone.
Not even yourself.


ROOT flag have access to all, bypass admin immunity, everything. You not actually want that.
https://sm.alliedmods.net/new-api/admin/AdminFlag

What useful you can do with ROOT flag is, restrict some admin commands or admin check from different admin groups. Use admin_overrides.cfg
Bacardi is offline
asherkin
SourceMod Developer
Join Date: Aug 2009
Location: OnGameFrame()
Old 11-02-2020 , 03:45   Re: CheckCommandAccess fails check access
Reply With Quote #5

Each of your CheckCommandAccess calls needs a unique “command” string. They should also be passing true for “override_only”.

Requiring multiple flags (as with your RegAdminCmd) requires the client to have all those flags, not any of them.
__________________

Last edited by asherkin; 11-02-2020 at 03:46.
asherkin is offline
ZASTRELIS
Veteran Member
Join Date: Nov 2010
Location: Siberia, Irkutsk
Old 11-07-2020 , 21:43   Re: CheckCommandAccess fails check access
Reply With Quote #6

Quote:
Originally Posted by asherkin View Post
Each of your CheckCommandAccess calls needs a unique “command” string. They should also be passing true for “override_only”.

Requiring multiple flags (as with your RegAdminCmd) requires the client to have all those flags, not any of them.
Okay, because I thought that | in RegAdminCmd it's binary operation OR

Last edited by ZASTRELIS; 11-07-2020 at 21:43.
ZASTRELIS is offline
ZASTRELIS
Veteran Member
Join Date: Nov 2010
Location: Siberia, Irkutsk
Old 11-07-2020 , 21:46   Re: CheckCommandAccess fails check access
Reply With Quote #7

Quote:
Originally Posted by SSheriFF View Post
try
PHP Code:
if(CheckCommandAccess(i"sm_access_viewer"ADMFLAG_CUSTOM6true)) {
    ++
iPlayersNum[VIP];
    
iPlayersAccess[i][VIP] = 1;
}
else if(
CheckCommandAccess(i"sm_access_viewer"ADMFLAG_ROOTtrue)) {
    ++
iPlayersNum[ADMIN];
    
iPlayersAccess[i][ADMIN] = 1;
}
else if(
CheckCommandAccess(i"sm_access_viewer"ADMFLAG_GENERICtrue)) {
    ++
iPlayersNum[MODER];
    
iPlayersAccess[i][MODER] = 1;

Admins can be vips, and moderators can be as vip players too..
ZASTRELIS is offline
ZASTRELIS
Veteran Member
Join Date: Nov 2010
Location: Siberia, Irkutsk
Old 11-08-2020 , 01:10   Re: CheckCommandAccess fails check access
Reply With Quote #8

Quote:
Originally Posted by Bacardi View Post
You maybe want start use admin groups, not need hassle with flags
Was tried, and it works. Thanks..

Code:
if(CheckCommandAccess(i, "access_ADMIN", ADMFLAG_ROOT, true))
I'm not fully understood why ADMFLAG_ROOT everytime for different access level

Last edited by ZASTRELIS; 11-08-2020 at 01:11.
ZASTRELIS is offline
Bacardi
Veteran Member
Join Date: Jan 2010
Location: mom's basement
Old 11-08-2020 , 07:06   Re: CheckCommandAccess fails check access
Reply With Quote #9

Quote:
Originally Posted by ZASTRELIS View Post
Was tried, and it works. Thanks..

Code:
if(CheckCommandAccess(i, "access_ADMIN", ADMFLAG_ROOT, true))
I'm not fully understood why ADMFLAG_ROOT everytime for different access level
Like I said in previous post:
- Don't give to person admin flag "z", or otherwise he get all admin flags (abcdefghijklmnopqrst)
- Use "z" flag as restrict commands and access, example from admin_overrides.cfg, "sm_ban" "z"
- Use admin group, to override specific command or access to group users. "sm_ban" "allow"
Bacardi is offline
ZASTRELIS
Veteran Member
Join Date: Nov 2010
Location: Siberia, Irkutsk
Old 11-09-2020 , 09:58   Re: CheckCommandAccess fails check access
Reply With Quote #10

Quote:
Originally Posted by Bacardi View Post
Like I said in previous post:
- Don't give to person admin flag "z", or otherwise he get all admin flags (abcdefghijklmnopqrst)
- Use "z" flag as restrict commands and access, example from admin_overrides.cfg, "sm_ban" "z"
- Use admin group, to override specific command or access to group users. "sm_ban" "allow"
As I can understood, can I using multiple access groups? Like this..
Code:
"Admin"
{
	"flags" "abcdefghijklmn"
	
	"Overrides"
	{
		"access_ADMIN"	"allow",
		"access_VIP"	"allow"
	}
}
Because that's what I need in my case..

Last edited by ZASTRELIS; 11-09-2020 at 14:12.
ZASTRELIS is offline
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 04:04.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode