GitHub/PyLink
3
0
Fork 0
mirror of https://github.com/jlu5/PyLink.git synced 2025-02-02 23:54:08 +01:00
Code Issues Projects Releases Wiki Activity

permissions-api: clarify how globs are processed

Browse Source 
[skip ci]
This commit is contained in:
James Lu 2017-09-08 19:02:03 -07:00 committed by GitHub
parent b9a4010acc
commit 4cf7b36b7b
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/technical/permissions-api.md
View File

@ -2,7 +2,7 @@
Permissions were introduced in PyLink 1.0 as a way for plugins to manage command access, replacing the old `irc.checkAuthenticated()`. The permissions system in PyLink is fairly simple, globally assigning a list of permissions to each hostmask/exttarget.
Permissions take the format `pluginname.commandname.optional_extra_portion(s)`, and support wildcards in matching. Permission nodes are case-insensitive and casemapping aware, but are conventionally defined as being all lowercase.
Permissions conventionally take the format `pluginname.commandname.optional_extra_portion(s)`, and support globs**\*** in matching. Permission nodes are case-insensitive and casemapping aware, but are defined as being all lowercase for consistency.
The permissions module is available as `pylinkirc.coremods.permissions`. Usually, plugins import it this format:
@ -10,9 +10,11 @@ The permissions module is available as `pylinkirc.coremods.permissions`. Usually
from pylinkirc.coremods import permissions
```
**\*** The globbing used by the permissions module is just generic IRC-style globbing. For example, anyone with `*`, `perm.*`, `perm.?`, `*.1`, etc. in their permissions list will be allowed to use a command checking for a permission named `perm.1`.
## Checking for permissions
Individual functions check for permissions using the `permissions.checkPermissions(irc, source, ['perm.1', 'perm.2'])` function, where the last argument is an OR'ed list of permissions (i.e. users only need one out of all of them). This function returns `True` when a permission check passes, and raises `utils.NotAuthorizedError` when a check fails, automatically aborting the execution of the command function.
Individual functions check for permissions using the `permissions.checkPermissions(irc, source, ['perm.1', 'perm.2'])` function, where the last argument is an OR'ed list of permissions matched against a list of permission string globs that a user may have. If the user has any of the permissions in the permission list, they will be allowed to call the command. This function returns `True` when a permission check passes, and raises `utils.NotAuthorizedError` when a check fails, automatically aborting the execution of the command function.
`utils.NotAuthorizedError` can be treated like any other exception, so it's possible to wrap it around `try:` / `except:` for more complex access checking ([example in the Automode plugin](https://github.com/GLolol/PyLink/blob/1.1.1/plugins/automode.py#L64-L68)).