Global Whitelisted commands for specific servers and users

[23nd]

(Navi) another thing that we would want you to work on is adding a whitelist for server modules/commands. The code already exists to blacklist commands/modules globally but we want to be able to whitelist commands for certain servers/users as well.

.globalcommand / .gcmd
Toggles whether a command can be used on any server. Navi/fAEth only

.globalmodule / .gmod
Toggles whether a module can be used on any server. Navi/fAEth only

so basically we have that but we want to be able to say "the default state for this command is off BUT these certain users/servers can use it normally"

Basically we want to be able to add commands to the global blacklist, but make exceptions on a per command basis for certain users (in this case, patreon donators)

[23nd]

@Navi-King For clarification, you want me to do the following?

• Database, DBModel, and Migration Additions
  • Create a WhiteListItem table that mimics the BlackListItem table
  • Create a WhiteListSet table that assigns an Id to each named whitelist set
  • Create a WhiteListItemInSet table that links each WhiteListItem Id to a WhiteListSet Id
  • Create a BlockFreeCmdOrMdl table that mimics the BlockedCmdOrMdl table, but with an additional field called WhiteListSetId for linking a whitelist set to a specific command or module
• Command Additions
  • Create a GlobalWhiteListSet command that adds a new entry into the WhiteListSet table
    • .gwl add/remove PatronTier1 create/deletes a whitelist named PatronTier1 (must be unique)
  • Create a GlobalWhiteList command that adds a Server/Channel/User ID to the WhiteListItem table, and adds a relationship to the WhiteListItemInSet table to link the server/channel/user to a specific whitelist set name
    • .gwlu PatronTier1 USER_ID add/removes a specific user to the PatronTier1 whitelist
    • .gwlc PatronTier1 CHANNEL_ID add/removes a specific channel to the PatronTier1 whitelist
    • .gwls PatronTier1 SERVER_ID add/removes a specific server to the PatronTier1 whitelist
  • Create a WhiteList command that links a whitelist set to a specific command or module, and adds it as an entry in BlockFreeCmdOrMdl table
    • .gwmod ModuleName add/remove PatronTier1 adds or removes the entry linking PatronTier1 whitelist to ModuleName
    • .gwcmd CommandName add/remove PatronTier1 adds or removes the entry linking PatronTier1 whitelist to CommandName
  • Create a ListWhiteListNames command that lists all whitelist set names
  • Create a ListWhiteListMembers command that lists all IDs of members belonging to a specific whitelist set
    • .lwlm PatronTier1 server lists all server IDs belonging to the PatronTier1 server
• Service Changes
  • DON'T Modify TryBlockEarly() in BlackListService.cs since we don't want to give power to blacklisted users/channels/servers
  • DO Modify TryBlockLate() in GlobalPermissionService.cs to return false if the server/channel/user belongs to a whitelist linked to the given command/module

[23nd]

(Navi) I think it makes sense. Basically you’re mimicking the blacklist structure but using it to whitelist. You’re verifying that blacklisted users can’t use commands in whitelisted servers/channels, but making sure that whitelisted users can still use blacklisted commands?

(Katsu) Well commands aren’t blacklisted. Servers/Channels/Users are blacklisted. Whitelisted servers/channels/users can use globally disabled commands/modules, but whitelisted servers/channels/users are still disabled from using commands when blacklisted blacklist is all-or-nothing (all commands disabled) for specific users/channels/servers(edited) and yes, blacklisted users cannot use commands in whitelisted servers/channels So i won’t be modifying any blacklist stuff, just using it as a structure for whitelist and modifying the global command/module stuff perhaps whitelist is a misnomer

(Navi) Ok so basically the whitelist I want should override global permission but not blacklist

(Katsu) yeah, or actually, it’s also called “blocking”. so unblocking the blocking

(Navi) But yeah basically I want “blocked” commands able to be used by “unblocked” users Obviously the command to modify that should be bot owners only and bot owners should automatically be able to use any blacklisted command anyway. Or at least added to the unblocked list by default

Terminology Notes

• Blocking or Blocked Describes a specific command or module that has been GLOBALLY disabled.
• Global Permission Describes the status of a command or module as blocked or not. Also used to name the file responsible for this behavior.
• Blacklist Disables ALL commands for a specific server, channel, or user. Also used to name the file responsible for this behavior.
• Whitelist Enables SPECIFIC commands or modules for a set of servers, channels, and users. Totally unrelated to blacklist. Servers, channels, and users that are blacklisted still will not be able to use any commands, even if they exist in a whitelist. However, servers, channels, and users may use globally disabled commands that they have been whitelisted for specifically as long as they are not blacklisted themselves. TL;DR: whitelist affects globally disabled commands and does not affect blacklisted servers, channels, or users

[23nd]

TODO LIST

When all items have been checked off, this issue may be closed.

Database, DBModel, and Migration Additions

Note that this probably follows a MVC paradigm, and that the models should be written in code, migrations generated by some sort of dotnet command, and database tables generated at runtime.

• [x] Create a WhiteListItem table that mimics the BlackListItem table
• [x] Create a WhiteListSet table that assigns an Id to each named whitelist set
• [x] Create a WhiteListItemInSet table that links each WhiteListItem Id to a WhiteListSet Id
• [x] Create a UnblockedCmdOrMdl table that mimics the BlockedCmdOrMdl table, but with an additional field called WhiteListSetId for linking a whitelist set to a specific command or module

Command Additions

Each of these should have [NadekoCommand, Usage, Description, Aliases] attributes, and be added to either GlobalPermissionsCommands.cs or a new WhitelistCommands.cs in the Permissions module.

• [x] Create a GlobalWhiteListSet command that adds a new entry into the WhiteListSet table
  • [x] .gwl add/remove PatronTier1 create/deletes a whitelist named PatronTier1 (must be unique)
  • [x] Apply [OwnerOnly] attribute
  • [x] Add to src\NadekoBot\_strings\cmd\command_strings.json
  • [x] Add necessary response strings to src\NadekoBot\_strings\ResponseStrings.en-US.json
• [x] Create a GlobalWhiteList command that adds a Server/Channel/User ID to the WhiteListItem table, and adds a relationship to the WhiteListItemInSet table to link the server/channel/user to a specific whitelist set name
  • [x] .gwlu PatronTier1 USER_ID add/removes a specific user to the PatronTier1 whitelist
  • [x] .gwlc PatronTier1 CHANNEL_ID add/removes a specific channel to the PatronTier1 whitelist
  • [x] .gwls PatronTier1 SERVER_ID add/removes a specific server to the PatronTier1 whitelist
  • [x] Apply [OwnerOnly] attribute
  • [x] Add to src\NadekoBot\_strings\cmd\command_strings.json
  • [x] Add necessary response strings to src\NadekoBot\_strings\ResponseStrings.en-US.json
• [x] Create a Unblock command that links a whitelist set to a specific command or module, and adds it as an entry in UnblockedCmdOrMdl table
  • [x] .ubm ModuleName add/remove PatronTier1 adds or removes the entry linking PatronTier1 whitelist to ModuleName
  • [x] .ubc CommandName add/remove PatronTier1 adds or removes the entry linking PatronTier1 whitelist to CommandName
  • [x] Apply [OwnerOnly] attribute
  • [x] Add to src\NadekoBot\_strings\cmd\command_strings.json
  • [x] Add necessary response strings to src\NadekoBot\_strings\ResponseStrings.en-US.json
• [x] Create a ListWhiteListNames command that lists all whitelist set names
  • [x] .lwl
  • [x] Apply [OwnerOnly] attribute
  • [x] Add to src\NadekoBot\_strings\cmd\command_strings.json
  • [x] Add necessary response strings to src\NadekoBot\_strings\ResponseStrings.en-US.json
• [x] Create a ListWhiteListMembers command that lists all IDs of members belonging to a specific whitelist set
  • [x] .lwlm PatronTier1 server lists all server IDs belonging to the PatronTier1 server
  • [x] Apply [OwnerOnly] attribute
  • [x] Add to src\NadekoBot\_strings\cmd\command_strings.json
  • [x] Add necessary response strings to src\NadekoBot\_strings\ResponseStrings.en-US.json
• [x] Create a ListUnblocked command that lists all commands/modules unblocked for a specific whitelist set
  • [ ] .lub PatronTier1 lists all commands/modules unblocked for PatronTier1 members
  • [x] Apply [OwnerOnly] attribute
  • [x] Add to src\NadekoBot\_strings\cmd\command_strings.json
  • [x] Add necessary response strings to src\NadekoBot\_strings\ResponseStrings.en-US.json
• [x] Create a CheckMemberWhitelist command that lists all whitelist set names for a given user, channel, or server ID
  • [ ] .cmwl lists all whitelist sets that include the author's user ID
  • [x] .cmwl user USER_ID lists all whitelist sets that include USER_ID
  • [x] .cmwl channel CHANNEL_ID lists all whitelist sets that include CHANNEL_ID
  • [x] .cmwl server SERVER_ID lists all whitelist sets that include SERVER_ID
  • [x] Apply [OwnerOnly] or [RequireContext(ContextType.Guild)] attribute
  • [x] Add to src\NadekoBot\_strings\cmd\command_strings.json
  • [x] Add necessary response strings to src\NadekoBot\_strings\ResponseStrings.en-US.json

Service Changes

• [x] Modify GlobalPermissionService.cs
  • [ ] Add Unblocked properties to the class and constructor (see BlacklistService.cs for ideas)
    • [ ] UnblockedServers
    • [ ] UnblockedChannels
    • [ ] UnblockedUsers
  • [x] Modify TryBlockLate() to return false if the server/channel/user belongs to an Unblocked list linked to the given command/module

[23nd]

Status update: pretty much all the commands for adding/removing and creating/deleting have been implemented, along with some info commands to list members and unblocked cmds/mdls for each list.

What's left:

• [x] Check against the unblocked lists in the Permissions LateBlocker
• [x] Ensure that ResetGlobalPerms clears the unblocked lists OR add a clear unblocked for a given whitelist command
• [x] Add some more reverse-search info commands (get list of whitelists by unblocked module, etc)
• [x] Finalize the command names and order of arguments
• [x] Pagination for the info commands (if desired)

[23nd]

For ResetGlobalPerms, the existing implementation leaves unwanted data in the database. To avoid messing with it, I'll implement a separate ResetGlobalWhitelist and ResetGlobalUnblocked for totally clearing all GlobalWhitelist records and UnblockedCmdOrMdl records (and their relation table records).

[23nd]

Also note that I cannot unblock Custom Reactions (even though they can be added to a whitelist), because NadekoBot does not block them in the CustomReactionsService.TryExecuteEarly behavior (even though they can be added to global permissions via gcmd).

[23nd]

Note 2: Any changes made in the database to either BlockedCmdOrMdl or UnblockedCmdOrMdl may cause the global permissions to be out of sync with the database. A restart will be required to re-sync global permissions, should you find yourself modifying the database directly.

I could reload the GlobalPermissionService via bot command, but that may introduce a moment of vulnerability without any working permission checks.

I also tried to modify the internal hashsets of (Un)BlockedCommands/Modules to sync them with the database, but unfortunately those hashsets are readonly and I don't want to overrule that decision at this time.

[Navi-King]

This is awesome. We do still need to move it to its own module probably though since keeping it in permissions messes with the commands that general users should be able to use. Also it will help future proof it against upstream code changes.