Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Channel ACLs #79

Draft
wants to merge 5 commits into
base: master
Choose a base branch
from
Draft

Channel ACLs #79

wants to merge 5 commits into from

Conversation

S-S-X
Copy link
Member

@S-S-X S-S-X commented Feb 18, 2023

Add simple access control lists for channels.

Possible roles are:

  • deny Access to channel is denied.
  • read Can read messages sent to channel.
  • write Can send messages to channel.
  • manager Can manage deny, read and write ACLs for channel.
  • owner Can manage all ACLs, including channel owners.

Default role, when ACLs are not used for channel, is write.

Possible identities for ACL lookup are:

  • Player name. Matches individual players.
  • Privilege prefixed with $, for example $interact. Matches players who has that privilege.
  • Special identity *. Default privilege for channel, used when no better match found.
  • More special identities can be added, for example faction membership or such.

Password handling have been mostly moved from core to ACL plugin.
Beerchat now asks for password when attempting to join channel with password, /jc wont accept password at all (however it could still do that but access checks still requires ACL plugin).

@S-S-X S-S-X added the enhancement New feature or request label Feb 18, 2023
@S-S-X
Copy link
Member Author

S-S-X commented Feb 21, 2023

ACL Password Outcome
allow allow ✔️
undef allow ✔️
deny allow
allow undef ✔️
undef undef ✔️
deny undef
allow deny
undef deny
deny deny

That is how event handlers work by default. By default access is always granted and must be explicitly denied: if any handler denies access then access is denied completely. If nothing denies access then access is granted.

Explicit grants however are possible, if event handler returns true instead of nil then propagation is stopped and access granted immediately without checking any other rules. This however also requires extra care with event handler registration order and is way harder to manage.

@S-S-X

This comment was marked as outdated.

@S-S-X S-S-X force-pushed the channel-acls branch 2 times, most recently from 59e4555 to f0cd733 Compare May 12, 2023 13:40
format_message.lua Outdated Show resolved Hide resolved
@S-S-X S-S-X force-pushed the channel-acls branch 3 times, most recently from b7cccde to 53dd3ff Compare May 20, 2023 17:27
@S-S-X S-S-X changed the title ACL starting point Channel ACLs May 21, 2023
S-S-X added a commit that referenced this pull request May 21, 2023
beerchat.join_channel rework backwards compatible way

Update chatcommands

Update ACLs / actual permission checks

Add beerchat.capture_message

Password query / single shot override everything

Privilege based ACL roles + other updates

Remove password from /jc command

Cleanup /cc

Remove ACLs with -d switch

Rename channel_name
@S-S-X S-S-X marked this pull request as ready for review May 21, 2023 20:00
@S-S-X
Copy link
Member Author

S-S-X commented May 21, 2023

This is going to need some play testing on actual server.

Things to test:

  • Basic chatting / channel switching / joining / creating channels.
  • Channels with password, is there any issues with existing protected channels or password functionality.
  • Do player based ACLs work?
  • Do privilege based ACLs work?
  • Do owner and manager roles work correctly?
  • ACLs should not affect channels where there's no ACLs.

It does also change basic message formatting parameters channel_name -> channel and channel_password -> password so custom format strings might break.
Currently however only main channel format string is actually configurable and even if formatting breaks it'll be easy to fix (in configuration) and chat should work just fine.

Stats:
spec/** 5 files changed, 249 insertions(+), 16 deletions(-)
!spec/** 12 files changed, 342 insertions(+), 145 deletions(-)
plugin/acl** 2 files changed, 270 insertions(+)

@S-S-X S-S-X marked this pull request as draft January 2, 2024 15:44
S-S-X added a commit that referenced this pull request Jan 3, 2024
beerchat.join_channel rework backwards compatible way

Update chatcommands

Update ACLs / actual permission checks

Add beerchat.capture_message

Password query / single shot override everything

Privilege based ACL roles + other updates

Remove password from /jc command

Cleanup /cc

Remove ACLs with -d switch

Rename channel_name
S-S-X added 2 commits January 6, 2024 20:01
beerchat.join_channel rework backwards compatible way

Update chatcommands

Update ACLs / actual permission checks

Add beerchat.capture_message

Password query / single shot override everything

Privilege based ACL roles + other updates

Remove password from /jc command

Cleanup /cc

Remove ACLs with -d switch

Rename channel_name
Test password query

ACL/acls basic tests

Tests for /mc

Test ACL removal

Remove print from channel ban test
@S-S-X
Copy link
Member Author

S-S-X commented Jan 17, 2024

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request needs testing
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant