Permission System #23
Description
Related to #9
Semoxy Permission System
Usage
The permission system is added to let the admin user restrict the abilities that other users have. This could be useful when you only want to let people start the server when it crashed or other things.
Structure
There are dot-notated permission nodes that indicate whether a user can dispatch a specific action or not.
Permissions are primary set on permission groups that are assigned to each user. Secondary these group permissions can be overridden for each user. By default a user has no permissions, but they should be assigned automatically on creation to a default-group that can be modified by an admin.
Nodes
A single permission node consists of lowercase words, dots, tildes and asterisks.
global.server.create - The user can create a server
Asterisks represent a wildcard for anything in its position.
global.server.* - The user has all nodes that start with global.server
Tildes at the start of the note indicate that the node is negated. This is useful when using wildcards because these negated nodes are evaluated after them.
~global.server.create - the user can't create new servers
Order of evaluation
Do the following for all groups the user has and after that for the user specific permissions:
- Add Wildcards
- Add normal nodes
- remove negated nodes
Save format
All permission related stuff on the user will be stored in a permissions object that has the following structure:
{
"groups": [
"List",
"of",
"group",
"ids"
],
"overrides": [
"user",
"specific",
"nodes"
],
"effectives": [
"permission",
"cache"
],
"effectivesOutdated": false
}Since it could be costly to recalculate the permissions for a user on every request, the effectives-key is added. It caches all actual permissions that the user has, with all groups and overrides included. When the permission for a user or a group that effects the users permissions is changed, effectivesOutdated should be set to true to regenerate them on the next request the user issues.
Permission Nodes
| Node | Description |
|---|---|
| global.server.create | the user can create new servers |
| global.server.delete | the user can remove servers |
| global.user.create | the user can add new users |
| global.user.modify | the user can grant permissions that he has to other users |
| global.user.delete | the user can remove users |
| server.name.start | the user can start this server |
| server.name.stop | the user can stop this server |
| server.name.command.commandname | the user can execute a specific command |
| server.name.display | the user can see this server |
| server.name.player.kick | the user can kick players |
| server.name.player.ban | the user can ban a player |
| server.name.player.whitelist | the user can add players to the whitelist |
| server.name.player.op | the user can op players |
| server.name.player.deop | the user can deop players |
| server.name.dsm | the user can manage dsm settings |
| server.name.worlds | the user can manage worlds on this server |
| server.name.backups | the user can manage backups for this server |
| server.name.addons | the user can manage addon |
| global.system | the user can manage semoxy settings |