The permission system is added to let the admin user restrict the abilities that other users have. This could be useful when you only want to let people start the server when it crashed or other things.
Structure
There are dot-notated permission nodes that indicate whether a user can dispatch a specific action or not.
Permissions are primary set on permission groups that are assigned to each user. Secondary these group permissions can be overridden for each user. By default a user has no permissions, but they should be assigned automatically on creation to a default-group that can be modified by an admin.
Nodes
A single permission node consists of lowercase words, dots, tildes and asterisks.
global.server.create - The user can create a server
Asterisks represent a wildcard for anything in its position.
global.server.* - The user has all nodes that start with global.server
Tildes at the start of the note indicate that the node is negated. This is useful when using wildcards because these negated nodes are evaluated after them.
~global.server.create - the user can't create new servers
Order of evaluation
Do the following for all groups the user has and after that for the user specific permissions:
Add Wildcards
Add normal nodes
remove negated nodes
Save format
All permission related stuff on the user will be stored in a permissions object that has the following structure:
Since it could be costly to recalculate the permissions for a user on every request, the effectives-key is added. It caches all actual permissions that the user has, with all groups and overrides included. When the permission for a user or a group that effects the users permissions is changed, effectivesOutdated should be set to true to regenerate them on the next request the user issues.
Permission Nodes
Node
Description
global.server.create
the user can create new servers
global.server.delete
the user can remove servers
global.user.create
the user can add new users
global.user.modify
the user can grant permissions that he has to other users
Related to #9
Semoxy Permission System
Usage
The permission system is added to let the admin user restrict the abilities that other users have. This could be useful when you only want to let people start the server when it crashed or other things.
Structure
There are dot-notated permission nodes that indicate whether a user can dispatch a specific action or not. Permissions are primary set on permission groups that are assigned to each user. Secondary these group permissions can be overridden for each user. By default a user has no permissions, but they should be assigned automatically on creation to a
default-group that can be modified by an admin.Nodes
A single permission node consists of lowercase words, dots, tildes and asterisks.
global.server.create- The user can create a serverAsterisks represent a wildcard for anything in its position.
global.server.*- The user has all nodes that start withglobal.serverTildes at the start of the note indicate that the node is negated. This is useful when using wildcards because these negated nodes are evaluated after them.
~global.server.create- the user can't create new serversOrder of evaluation
Do the following for all groups the user has and after that for the user specific permissions:
Save format
All permission related stuff on the user will be stored in a
permissionsobject that has the following structure:Since it could be costly to recalculate the permissions for a user on every request, the
effectives-key is added. It caches all actual permissions that the user has, with all groups and overrides included. When the permission for a user or a group that effects the users permissions is changed,effectivesOutdatedshould be set to true to regenerate them on the next request the user issues.Permission Nodes