search

MadnessExpress / BruhBot

A ruby based Discord bot made with Discordrb
GNU General Public License v3.0
4 stars 2 forks source link

User Authorisation #28

Closed Timmooo closed 8 years ago

Timmooo commented 8 years ago

How are we going to decide who can do what with the bot? Are authorisation levels going to be modifiable?

For the most part I imagine things will be fine for anyone to use, however certain commands would probably be ideally by bot owners ala superadmins. I'm thinking the best implementation option for this would be a config option where you provide the userid of the users you want to have this access in an array. This can then be checked against for certain commands / modules.

There may also be other cases where customisation may be wanted such as #10 or even with #14 . Perhaps a basic user structure could be set up.

  1. Superadmins (all access to bot higher functions)
  2. Admins (access to all plugin features and some bot features)
  3. Poweruser (access most plugin features)
  4. All users not in the other lists

Superadmins can then add other users with !user add 4064 2 etc Alternatively roles 2 & 3, could be defined by a usergroup in the channel?

I think this is probably reasonably important for some features so should be considered as part of the core functions?

Esjitu commented 8 years ago

The way most bots I've tried do this is by using Discord's role system. Things able to be used by all users just work off the @everyone role, while others might be restricted to the admin role. What I've seen a lot of bots do for special functionalities that aren't necessarily admin commands is to require the creation of a role with a specific name. For example you only want certain people to have control over your music bot, and require them to belong to a role called DJ. The config file could allow bot owners to change the actual name of the role required, but basically as long as your users have [x] role they're able to run those commands.

I don't think there's any reason to complicate it further by needing an array with permitted users when this is possible, and in fact the way most Discord bots define their permissions. Additionally a lot of bots have an entirely different prefix for admin commands to make the distinction clearer - perhaps we can also employ this? If ! is the standard command prefix, maybe something like ~ for admin commands (the key right next to ! on most keyboards). Naturally, this, too, would be configurable by bot owners to set their own prefixes, but the idea would still be to keep your user and admin commands on separate prefixes to avoid confusion.

MadnessExpress commented 8 years ago

I created a method that verifies a user's role based on an array of role names it is given. This is called as needed on a per plugin basis, and stores either true or false in a variable that can be compared.