Using Security
For Users
To take advantage of any security stuff, you must first add your username:
<Bob> !Security.AddUser
Admins can specify an optional username to create arbitrary users. If you have lots of nicknames, for example, Bob, Bob|Fishing, Bob|Sleeping, and want them all to be linked, first create your primary one with the above, then use BeginLink? and Link as follows:
<Bob> !Security.BeginLink Bob|Fishing Bob|Sleeping *** Bob is now known as Bob|Fishing -> [NickServ] IDENTIFY MyPassword <Bob|Fishing> !Security.Link Bob *** Bob|Fishing is now known as Bob|Sleeping -> [NickServ] IDENTIFY MyPassword <Bob|Sleeping> !Security.Link Bob *** Bob|Sleeping is now known as Bob
Of course, if you're nicknames are linking in NickServ?, you won't have to identify each time.
If you'd like to grant a permission to another user, or to a plugin, you can use:
<Bob> !Security.Grant plugin.BobsPlugin choob message.*
To grant all of the message ChoobPermissions? to BobsPlugin?.
To revoke a mermission, you must know exactly what and where it is, for example trying to revoke message.send from someone who has all permissions will not work. You can find permissions like this:
<Bob> !Security.FindPermission plugin.BobsPlugin choob message.send
Then revoke them using Security.Revoke (same syntax as Grant and FindPermission?).
You can add a group to another group as follows:
<Bob> !Security.AddToGroup user.Bob plugin.BobsPlugin
To add plugin.BobsPlugin? to user.Bob. RemoveFromGroup? is similar.
In Code
For the most part, all you'll be wanting to use is in the following example:
public void commandDoSecurityThings ( Message mes, Modules mods, IRCInterface irc )
{
if (mods.security.hasPerm(new ChoobPermission("user.add"), mes.getNick()))
{
// Permission granted to the calling user
}
if (mods.security.hasPluginPerm(new ChoobPermission("group.members"), "PluginName"))
{
// Permission denied to the calling user
}
}
Note that you should also perform nickserv checks using the NickServ? plugin, if available!
Implementation
The UserNodes? tables contains both users and groups. There's 4 types of node:
| Type | Example Name | NodeName? | NodeClass? |
| User | Fred | fred | 0 |
| User-owned group | user.Fred.foo | fred.foo | 1 |
| Plugin-owned group | plugin.Talk.bar | talk.bar | 2 |
| System group | system.root | root | 3 |
Group names are of the form {user|plugin|system}.groupname. User and plugin groups are of the special form user.userName.groupName and plugin.pluginName.groupName, as well as their root groups of user.userName etc. The groups of the form user.userName are a special group, where all permissions for that user should be stored. Nickname linking works by adding another user's node to this group, hence inheriting all permissions.
Users are free to create groups under their own group hierarchy and add users to it, likewise plugins. Any group external to this must have group.add.whatever permission and to add members, group.members.whatever.
Permissions can be granted by anything with permission.grant.whatever where whatever is the group name. Permissions are applicable ONLY to groups. This means to grant a permission to user foo, you grant them to group "user.foo". The user.foo group should be used to hold linked nicknames for user "foo". A plugin can only grant a permission to which it is entitled.
Current ChoobPermissions? that are checked
| Permission | Description |
| user.add | Add user |
| user.del | Delete user |
| user.link | Link a username to another username |
| group.add.<groupName> | Add group <groupName> |
| group.members.<groupName> | Manipulate group <groupName>'s members |
| group.grant.<groupName> | Grant permission to members of <groupName> |
| group.revoke.<groupName> | Revoke permission from members of <groupName> |
| message.send.privmsg | Send a message to a specified target (as opposed to a context reply) |
| message.send.action | Send an action to a specified target (as opposed to a context reply) |
| event.create | Create an IRCEvent derived object |
| objectdb.<full classname> | Any access to object of class classname |
| generic.<type name> | Call a generic call in any plugin of type <type name> |
