[Enhancement] Player immunity against lower ranked groups in permission system.

[aWitch-Doctor]

Is it possible to make it so a player in a permission group with a weight of 5 can not kick/ban/any other command I wish from running the command on a player in a permission group with a weight of 10 while still allowing a player in a permission group with a weight of 15 to run all the commands on a player in the permission group with a weight of 10? I have tiered admin ranks and i need to stop the lower rank from admining the mid rank but still let the higher ranks admin the mid and lower ranks.

[dualspiral]

Technically, I guess it is possible. To get a feel on this, I'd like to know what commands you're thinking. I'm not doing this for every command, you clearly have specific use cases in mind - I guess kick/ban/mute/jail/invsee etc.

[Mohron]

Is it not possible to create this system separately and all servers to configure what commands obey the hiarchy? Because that would be one incredibly powerful module!

[Rasgnarok]

I feel like it is overly managing, as a change. Two options - Mohron mentionned one, simply have a plugin/module dedicated to this (due to the enormity of the implications and the fact it is permission-target related), OR, ask your staff to not use their permissions with the upper ranks? This feels like something a staff manager should take care of, not a plugin. If you need to encode cohesion in your staff, not enforce, then there is a bigger issue that a plugin would not solve.

[Mohron]

@Rasgnarok only every security principle disagrees with you. And I realize minecraft is just a game, but having the power to actually enforce your rank design is more meaningful than asking. How many of your server staff do you know in real life? How far does a trusting relationship built on the web really go? Hidden behind the wall of anonymity what really keeps your mutual agreement and understanding in place? Whatever it is, it may not last forever and hierarchical permissions helps minimize the damage a rogue previously trustworthy person can cause.

Sincerely, totally not a Cyber Security major...

[bookerthegeek]

I have to agee with this. A simple weight or tier system that would block a csv list of commands from being run on a highr rank. Or maybe sub ranks?

[dualspiral]

@Mohron That's very true, but you also have to ask, what would a rogue staff member do? I guess it limits the attack surface upwards, but a clever social hacker will wait until they are in the position they want to be in. Sure, those who "think" they are hacking will fall at the first hurdle by misusing helper positions, as it were, but those that really want control will bide their time.

From a security point of view, sure, it's not a bad idea to do this, and there is probably a way I can do it semi-easily if I make use of Sponge's command system - wrapping player arguments with a check. Honestly, conceptually dead simple to do. It's possible it could be done on a more global scale too - though I'd be afraid of really pushing it that far, it would take a bit more hackery to do it. However, all this really does is protect upwards, not downwards, and I'd argue that it's the little guys that need to be protected.

It's a tough one, that's for sure. I want to say that the use case is minimal and right now, it's not a priority - but at the same time, I am not aginst this going in. However, my main argument for this not going in quickly is that it isn't that effective at the levels we're talking about (if a rogue is already an admin, they are already going to be able to do surprising amounts of damage), and it's micromanagement to the extreme.

It can be done, sure, and I have ideas on how to do it. I'm not going to dismiss this out of hand, but while simple to do, it would take a lot of time to do if I was to do it on all commands, and the expectation would then be that I could control other plugins, something I don't really have any desire for.

I have to argee with this. A simple weight or tier system that would block a csv list of commands from being run on a highr rank. Or maybe sub ranks?

Overthinking it. I'd just use permission options/meta, maybe something like nucleus.command.<cmd>.exemptionweight, similar to how list weights/social spy levels are implemented, compare the two weights, and reject if the executor has a lower (or optionally, same) weight/level.

Of course, this would be off by default.

[bookerthegeek]

Thank you for considering this and all the thought you put into it.

Another use case for you. We have three tiers of mods and two admin tiers. One responsability of each tier is to police the tiers below it. Not only for abuse but to make sure that they are doing things correctly.

As such, while lower staff do need to be able to see into players inventory, they do not need to see inside an admins inventory. As an off the cuff example.

[aWitch-Doctor]

Lol this became more of a discussion then I thought It would need to be.

Dualspiral, yes kick/ban/mute are the only commands I would need. invsee/jail/kickall could be beneficial for other servers but I don't need it for mine. I would like players in rank 5 be able to use the commands on rank 4 but not on 5 or higher. Also I would like to be able to set it so that rank 10 can use those commands on rank 10 and lower.

Before I go any further, I agree. Making this it's own plugin would be great. Fully configurable for and command even if it's not a nucleus command. I don't see that happening anytime soon though.

Explanation time, I have 8 tiers, let's number them 1-8. There is another tier that is basically op, tier 9, that is reserved for about 5 people who actually work on the specific server. Tier 9 has all access for everything and there is no way around it, they need to be able to edit anything needed. I'm not worried about tier 9. Tier 1 is just a pub, a default member just playing the game. Tier 2 is a member of the community but is still only here to player the game. Tier 3 is a basic admin that we want to see if they can handle things before we give them more access. Tier 4 is full admin. Handles any issues that come up. Tier 5-8 are the top members of the community that run the servers.

Tiers 1 and 2 are free game for all levels of admin when it comes to admining them, tier 3 doesn't get commands that cause damage so still no issue. Tier 4, the full admins, can forget to not admin other tier 4's and sometimes get tired of things and this feature will stop them from doing something they would regret the next day when I catch wind of how they handled the issue. Tiers 5-8 are the real problem. They are the ones that are more likely to ban/kick/mute other tier 5-8's. It is all in a joking manner and it's not a real problem but to be able to stop them from goofing off would be amazing. This is also the reason I need to be able to have the option to run the command on the same tier. I am one of the tier 9's, but in the permissions tiers 5-9 have the same permissions for the most part. Having it so a tier 9 can still ban/kick/mute any of the tier 5-9 is needed while tier 5-8 can only admin tiers 1-4. With me so far? Now again yall can say micromanagement but it's just to save time and arguments and have peace of mind that I wont be yelled at one day because we had to demote a tier 8 (because he banned a tier 5-8 as a joke and the tier 5-8 got butt hurt) since I never took the time to set the server to not allow it. That is the main reason, there is also the security aspect. This is minecraft, and there are people on the other end of the internet. People make mistakes and sometimes these mistakes cause a person that was never supposed to have the access to have it. Family members (brother/sister, son/daughter), friends, hacked accounts. These are the ones I worry about. I don't need someone coming on who shouldn't have the access and banning the top members of the community then destroying everything they can.

Also, this is just one server in a vast internet of minecraft servers running nucleus. This is why I needed this feature, there is no telling what reasons the would be beneficial to another server.

I hope this makes sense to yall and you can see I'm not micromanaging people. I don't choose who gets the access but I would like to be able to make sure they can't break too much when they get it. So to recap, I don't want to get yelled at for something that could be prevented and the security risk of other people getting on an admins account is why I would like this to be added.

[dualspiral]

So, uhh, it's been three years. Oops. v2 will have this, see #1437 and https://ore.spongepowered.org/Nucleus/Nucleus/versions/2.0.0-S7.2-BETA-2#added-permission-levelspowers-for-moderation-tasks

v2 will be out soon. If you're still running servers, I'm sure you'll (finally) be excited about this!