3
0
mirror of https://github.com/jlu5/PyLink.git synced 2025-01-25 03:34:05 +01:00
PyLink/docs/technical/permissions-api.md

2.2 KiB
Raw Blame History

The Permissions API

Permissions were introduced in PyLink 1.0 as a way for plugins to manage command access, replacing the old irc.checkAuthenticated(). The permissions system in PyLink is fairly simple, globally assigning a list of permissions to each hostmask/exttarget.

Permissions take the format pluginname.commandname.optional_extra_portion(s), and support wildcards in matching. Permission nodes are case-insensitive and casemapping aware, but are conventionally defined as being all lowercase.

The permissions module is available as pylinkirc.coremods.permissions. Usually, plugins import it this format:

from pylinkirc.coremods import permissions

Checking for permissions

Individual functions check for permissions using the permissions.checkPermissions(irc, source, ['perm.1', 'perm.2']) function, where the last argument is an ORed list of permissions (i.e. users only need one out of all of them). This function returns True when a permission check passes, and raises utils.NotAuthorizedError when a check fails, automatically aborting the execution of the command function.

utils.NotAuthorizedError can be treated like any other exception, so its possible to wrap it around try: / except: for more complex access checking (example in the Automode plugin).

Assigning default permissions

Plugins are also allowed to assign default permissions to their commands, though this should be used sparingly to ensure maximum configurability (explicitly removing permissions isnt supported yet). Default permissions are specified as a dict mapping targets to permission lists.

Example of this in Automode:

# The default set of Automode permissions.
default_permissions = {"$ircop": ['automode.manage.relay_owned', 'automode.sync.relay_owned',
                                  'automode.list']}

Default permissions are registered in a plugins main() function via permissions.addDefaultPermissions(default_permissions_dict), and should always be erased on die() through permissions.removeDefaultPermissions(default_permissions_dict).