search

Gerold55 / laptop

Introducing the MineTest Laptop Mod
Other
25 stars 14 forks source link

App Store #117

Open apachano opened 6 years ago

apachano commented 6 years ago

There should be an app store system. Once you get a ton of apps installed in the game you may only want a selection on a computer. Permissions would also be beneficial, maybe one app is only designed for moderators and only a moderator can install it on their computer.

bell07 commented 6 years ago

I was sure we have already an issue for this oO. Partially discussed in #40 and in #71

My idea is to add grouping attribute to the apps definitions, the "system apps" are pre-installed and all other are not available on new laptop. Of course with hardware-specific overrides, like custom_theme.

The app-store repository allow to select from all compatible apps and write them to "available apps table" on system medium. That allow to transport apps using usb for example.

If #40 is done we can value the apps and add pricing and payments to the repository.

maybe one app is only designed for moderators and only a moderator can install it on their computer.

The apps are designed for computers. We have some version dependency. The computers are like in real-live, if anyone have physic access, he can do with the computer all he like. So there is no garanty an admin-app cannot be called by other player.

If user-depending security is needed it can be implemented inside the app, like the mail app does

apachano commented 6 years ago

I think for certain things user level security would be best, specifically if any admin feature is added, but I think as a basic feature not allowing basic users to see admin level apps in the app store would be a start. I guess that can be thought about if such an app exists.

I think your idea is perfect for having "System apps" Installed and all others only available from an app store or installed via media. Once I learn more of the code maybe I can help.

bell07 commented 6 years ago

The nodemeta is insecure by design. The nodemeta is node-centric, that means it does not follow the idea "what is allowed to player" but "what is possible with the node". The formspec is not shown to the player but stored in node and any other player can look on them. I like this feature because multiple players are able to work on the same formspec out of the box. See the realchess app.

We can only check the players input because the sent data is always assigned to a player. I use it for basic security in the mail app, if the player differ from the last one => close the mail app.

If #80 is implemented the "personalized formspecs" needs to be used. But I like to further follow the concept the player who have the laptop can do all with them