Closed NanoSector closed 7 years ago
As an alternative we could just do simple username/password based authentication. The Phrik bot in the Arch Linux channel does so and can match against hostname to verify a user without logging him/her in. This is probably an easier method and more convenient (you can simply map permissions to user accounts).
This should be mostly tackled now, I wrote a new system which I will commit in a little bit.
What needs to be done is write up some sensible default groups and permissions. Perhaps have a way to show the permissions in a nice overview.
What also still needs to be done is the ability to map groups to channels, maybe.
Should be all done :)
We'll need to introduce a sophisticated permissions system. I've been looking into a DAC (Discretionary Access Control) based system.
Some points to consider:
There currently is a very basic permissions system inside the bot but it does not implement DAC properly. (the current system merely checks if the given parameters match any of the criteria objects associated with the permission).
I had some basic rules in mind:
And I also had some potential problems in mind:
If anyone has any ideas for pre-existing classes or frameworks for such permissions systems that would be great. Otherwise we'll have to resort to building our own.