From d0e19a2b64fc6d62e623b7a6854c8b92aa65ad55 Mon Sep 17 00:00:00 2001 From: Pragmatic Software Date: Mon, 3 Feb 2020 20:45:10 -0800 Subject: [PATCH] Capabilities: restrict `cap add` and `cap remove` --- PBot/Capabilities.pm | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/PBot/Capabilities.pm b/PBot/Capabilities.pm index 2302b4e3..e1118c80 100644 --- a/PBot/Capabilities.pm +++ b/PBot/Capabilities.pm @@ -38,6 +38,8 @@ sub initialize { # add some basic capabilities $self->add('can-modify-capabilities', undef, 1); + $self->add('can-add-capabilities', undef, 1); + $self->add('can-remove-capabilities', undef, 1); # add admin capabilities group $self->add('admin', 'chanop', 1); # add chanop capabilities group -- see ChanOpCommands.md @@ -96,7 +98,6 @@ sub exists { sub add { my ($self, $cap, $subcap, $dontsave) = @_; - if (not defined $subcap) { if (not $self->{caps}->exists($cap)) { $self->{caps}->add($cap, {}, $dontsave); @@ -230,6 +231,10 @@ sub capcmd { my $subcap = $self->{pbot}->{interpreter}->shift_arg($stuff->{arglist}); return "Usage: cap add [sub-capability]" if not defined $cap; + my $u = $self->{pbot}->{users}->loggedin($from, "$nick!$user\@$host"); + return "You must be logged into your user account to add capabilities." if not defined $u; + return "You must have the can-add-capabilities capability to add capabilities." if not $self->userhas($u, 'can-add-capabilities'); + if (not defined $subcap) { return "Capability $cap already exists. Did you mean to add a sub-capability to it? Usage: cap add [sub-capability]" if $self->exists($cap); $self->add($cap); @@ -248,6 +253,10 @@ sub capcmd { return "Usage: cap remove [sub-capability]" if not defined $cap; return "No such capability $cap." if not $self->exists($cap); + my $u = $self->{pbot}->{users}->loggedin($from, "$nick!$user\@$host"); + return "You must be logged into your user account to remove capabilities." if not defined $u; + return "You must have the can-remove-capabilities capability to remove capabilities." if not $self->userhas($u, 'can-remove-capabilities'); + if (not defined $subcap) { $self->remove($cap); return "Capability $cap removed.";