Skip to content
This repository has been archived by the owner on Jun 19, 2020. It is now read-only.

Rewrite permissions plugin in C++ #39

Open
vexyl opened this issue May 12, 2018 · 5 comments
Open

Rewrite permissions plugin in C++ #39

vexyl opened this issue May 12, 2018 · 5 comments
Assignees
@vexyl
Labels
enhancement New feature or request

Comments

@vexyl
Copy link
Owner

vexyl commented May 12, 2018

The permission system should be a core part of the server and should be rewritten in C++.
@vexyl vexyl added the enhancement New feature or request label May 12, 2018
@vexyl vexyl self-assigned this May 12, 2018
@vexyl
Copy link
Owner Author

vexyl commented Jul 30, 2018
edited
Loading

Also, plugin writers should be able to use permissions and groups easily. They should be able to create permissions and groups on the fly under some common name of the plugin writer's choosing (use std::map).

Worlds should be able to create its own permissions and groups easily using the above idea. E.g., worlds could have a group called admin (with world permissions visit,build,modify) that can build even when the owner sets a build limitation.

Pseudo code:

Server.RequirePermission("essentials.world")
world.RequirePermission("build")

Server.RequirePermission = 
    MakePermission("server", permissionName)

world.RequirePermission =
    MakePermission("world_" + world.GetName(), permissionName)

@vexyl
Copy link
Owner Author

vexyl commented Jul 30, 2018

Example of how the permission configuration files could look:

---permissions.ini---
[vexyl]
permissions=permissions
groups=admin,server
primary_group=admin

---groups.ini---
[admin]
color=&c
permissions=essentials.kick,essentials.ban
inherits=builder
canPlaceBedrock=true

[server]
color=&e
permssions=essentials.server
inherits=guest

[builder]
color=&b
permissions=essentials.cuobid
inherits=guest

[guest]
color=&9
permissions=build,talk,interact

@GiantCrocodile
Copy link
Contributor

The permission system should be:

  • able to log any permission violation (user x tries to do an action which requires permission y but the user doesn't have permission y) to a file
  • not being in Lua plugins nor the Client classes
  • prevent permission names conflicts by not allowing duplicates (could be achieved by prefixing every permission with the plugin name and check if a plugin registers same name twice)
  • prevents usage of blocks listed in a bad blocktype enum (like TNT, bedrock, etc.) without correct permission

@GiantCrocodile
Copy link
Contributor

  • have a placeable blocks option that has a list of blocks (not one option for each block)
  • having the permission system handle all permission checks (including checks for placeable blocks)
  • groups should be written in C++ too
  • operators should be optionally disabled
  • log all permission changes

@GiantCrocodile
Copy link
Contributor

We need two kinds of security layers for the permission system:

  1. first layer is checking if a plugin is allowed in general to call a specific function of the Core
  2. second layer checks if an user has the correct permission to call the plugins command which calls then a Core's function (which is protected by Layer 1)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@vexyl vexyl

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vexyl @GiantCrocodile