Jikoo / OpenInv

Open anyone's inventory as a chest, real-time!
GNU General Public License v3.0
119 stars 41 forks source link

blanket block on accessing restricted inventories #228

Closed baailey closed 3 months ago

baailey commented 3 months ago

looking to block all staff from being able to open other staff inventories. currently I can block a moderator from accessing a higher ranks inventory (senior mod, admin etc) with openinv.access.level.1 or with a higher number. though, this won't higher ranked staff from being able to access moderator invs haha

however, and this may just be user-error on my part, I don't seem to be able to block moderators from being able to open other moderators inventories. this used to be possible by simply setting OpenInv.exempt to the moderator rank, but with this rework it doesn't seem there is such a simple solution anymore.

happy to be proven wrong, hopeful a solution can be introduced if my testing was successful. thanks.

Jikoo commented 3 months ago

Hm, you're right. Here I was thinking I was all clever enabling more complex setups, too.

Are you after a flat denial, or would changing access to beat, not meet or beat work? I.e. access 1 can only open those without an access perm, 2 can access 1/none but not 2, etc. Sounds like for your particular setup that would work fine with everyone on access 1.

rautamiekka commented 3 months ago

My 2 cents why I personally think this is a bad idea, at least in a public one, or otherwise one where you can't completely trust your staff:

While generally I take maybe excessively extreme care who becomes my staff, and have been able to fully trust my staff to behave as expected (minus some Mods on their trial period waiting to become full Mods), yet all staff, even the lowest ranks like Mods, should be able to catch both high and low ranks abusing their powers, cuz you as the Owner will have only so much time to watch the Players in addition to your staff and play the game.

In this case, even the lowest staff ranks should be able to catch a low-ranking staff having stacks of diamonds they absolutely couldn't had been able to acquire by legit means.

Still, if you wanna run it like that and you have other ways to prevent a problem, you can.

Jikoo commented 3 months ago

For clarity, access meet or beat -> beat would likely be a config setting where the default is current behavior.

The reason this didn't cross my mind was that I've always thought it best policy to have equals able to check each other. I do think it has merit, because equals have a tendency to play pranks on each other where the "prank" would be plain meanness if done to someone with a lower rank who can't respond. Kids may be dumb (source: was a kid), but usually they have enough empathy to figure that out, and if not, they really shouldn't be in a position of power.

Having thought on it more, if it is a config setting, it will probably have to have options for meet -> full access, view, or deny. I really like the idea of meet -> view-only as a compromise.

baailey commented 3 months ago

I don't think the view-only is a bad idea, just looking to make sure people can't modify specific user inventories. How you do that is completely up to you.

rautamiekka's concerns are also valid, but our experience has never been anything severe, it's just pranks gone wrong that I would very much prefer never having to deal with, as it's a pointless hassle that could've all been prevented if they never had access in the first place.

I think the view-only option is enticing, as long as it helps enforce safety measures I previously set in place before the permission rework. Best case scenario, just make both possible to satisfy whoever needs what.