Lua C modules now require ACL access

For each resource that wants to use a C module, a right needs to be
added in the following format:
<right name="module.<name>" access="true"></right>

For example,
<right name="module.lfs" access="true"></right>

A * wildcard works to grant a resource access to all modules.

Author: darkdreamingdan

Server/mods/deathmatch/logic/CAccessControlListManager.cpp

@@ -144,6 +144,10 @@ bool CAccessControlListManager::Load ( void )
                             {
                                 pRight = pACL->AddRight ( &szRightName[8], CAccessControlListRight::RIGHT_TYPE_GENERAL, bAccess );
                             }
+                            else if ( StringBeginsWith ( szRightName, "module." ) )
+                            {
+                                pRight = pACL->AddRight ( &szRightName[7], CAccessControlListRight::RIGHT_TYPE_MODULE, bAccess );
+                            }
                             else continue;
 
                             // Set all the extra attributes
@@ -552,6 +556,11 @@ const char* CAccessControlListManager::ExtractRightName ( const char* szRightNam
         eType = CAccessControlListRight::RIGHT_TYPE_GENERAL;
         return szRightName + 8;
     }
+    else if ( StringBeginsWith( szRightName, "module." ) )
+    {
+        eType = CAccessControlListRight::RIGHT_TYPE_MODULE;
+        return szRightName + 7;
+    }
 
     // Failed
     return NULL;

Server/mods/deathmatch/logic/CAccessControlListRight.h

@@ -25,7 +25,8 @@ class CAccessControlListRight
         RIGHT_TYPE_COMMAND,
         RIGHT_TYPE_FUNCTION,
         RIGHT_TYPE_RESOURCE,
-        RIGHT_TYPE_GENERAL
+        RIGHT_TYPE_GENERAL,
+        RIGHT_TYPE_MODULE
     };
 
 public:

Server/mods/deathmatch/logic/lua/CLuaFunctionParseHelpers.cpp

@@ -240,6 +240,7 @@ IMPLEMENT_ENUM_BEGIN( CAccessControlListRight::ERightType )
     ADD_ENUM ( CAccessControlListRight::RIGHT_TYPE_FUNCTION,     "function" )
     ADD_ENUM ( CAccessControlListRight::RIGHT_TYPE_RESOURCE,     "resource" )
     ADD_ENUM ( CAccessControlListRight::RIGHT_TYPE_GENERAL,      "general" )
+    ADD_ENUM ( CAccessControlListRight::RIGHT_TYPE_MODULE,       "module" )
 IMPLEMENT_ENUM_END( "right-type" )
 
 IMPLEMENT_ENUM_BEGIN( CElement::EElementType )

Server/mods/deathmatch/logic/lua/CLuaMain.cpp

@@ -864,6 +864,24 @@ bool CLuaMain::LoadClib(lua_State* L, SString strName, SString &strError )
         return false;
     }
 
+    // Check ACL permissions
+    if ( !g_pGame->GetACLManager()->CanObjectUseRight(m_pResource->GetName().c_str(),
+            CAccessControlListGroupObject::OBJECT_TYPE_RESOURCE,
+            "*",
+            CAccessControlListRight::RIGHT_TYPE_MODULE,
+            false) &&
+         !g_pGame->GetACLManager()->CanObjectUseRight(m_pResource->GetName().c_str(),
+            CAccessControlListGroupObject::OBJECT_TYPE_RESOURCE,
+            strName.c_str(),
+            CAccessControlListRight::RIGHT_TYPE_MODULE,
+            false)
+        )
+    {
+        strError += "error loading module " + strName + " from file " + strPath +
+            ":\n\t ACL access denied.  Grant \"module." + strName + "\" right to resource " + m_pResource->GetName();
+        return false;
+    }
+
     if (!luaL_loader_C(L, strName.c_str(), strPath.c_str()) || lua_type(L, -1) == LUA_TNIL)
     {
         strError += "error loading module " + strName + " from file " + strPath +