From a3dc8d973b49d6a4bf1446093c194aed5f69916f Mon Sep 17 00:00:00 2001 From: Giuseppe Bilotta Date: Tue, 29 Aug 2006 09:49:58 +0000 Subject: Introduce BotConfigValue permissions, to protect particularly sensitive config options while still allowing access to more innocent ones --- ChangeLog | 3 +++ lib/rbot/config.rb | 2 ++ lib/rbot/core/config.rb | 9 +++++++++ 3 files changed, 14 insertions(+) diff --git a/ChangeLog b/ChangeLog index f76d53fc..5a334901 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,9 @@ * Script plugin: new (UNSAFE!) echo functions. Just like eval, but m.replies the result of the evaluation. + * New Auth Framework: config keys now have their own permissions. So + you can allow people to view or edit only some of the config values. + auth.password defaults to false. Still needs some work. 2006-08-26 Giuseppe Bilotta diff --git a/lib/rbot/config.rb b/lib/rbot/config.rb index e8cea284..ef079429 100644 --- a/lib/rbot/config.rb +++ b/lib/rbot/config.rb @@ -25,6 +25,7 @@ module Irc attr_reader :requires_rescan attr_reader :order attr_reader :manager + attr_reader :auth_path def initialize(key, params) @manager = BotConfig::configmanager # Keys must be in the form 'module.name'. @@ -48,6 +49,7 @@ module Irc @wizard = params[:wizard] @requires_restart = params[:requires_restart] @requires_rescan = params[:requires_rescan] + @auth_path = "config::key::#{key.sub('.','::')}" end def default if @default.instance_of?(Proc) diff --git a/lib/rbot/core/config.rb b/lib/rbot/core/config.rb index dfbaaab6..1fe2da22 100644 --- a/lib/rbot/core/config.rb +++ b/lib/rbot/core/config.rb @@ -36,6 +36,7 @@ class ConfigModule < CoreBotModule m.reply "no such config key #{key}" return end + return if !@bot.auth.allow?(@bot.config.items[key].auth_path, m.source, m.replyto) value = @bot.config.items[key].to_s m.reply "#{key}: #{value}" end @@ -54,6 +55,7 @@ class ConfigModule < CoreBotModule unless @bot.config.items.has_key?(key) m.reply "no such config key #{key}" end + return if !@bot.auth.allow?(@bot.config.items[key].auth_path, m.source, m.replyto) @bot.config.items[key].unset handle_get(m, params) m.reply "this config change will take effect on the next restart" if @bot.config.items[key].requires_restart @@ -67,6 +69,7 @@ class ConfigModule < CoreBotModule m.reply "no such config key #{key}" return end + return if !@bot.auth.allow?(@bot.config.items[key].auth_path, m.source, m.replyto) begin @bot.config.items[key].set_string(value) rescue ArgumentError => e @@ -93,6 +96,7 @@ class ConfigModule < CoreBotModule m.reply "config key #{key} is not an array" return end + return if !@bot.auth.allow?(@bot.config.items[key].auth_path, m.source, m.replyto) begin @bot.config.items[key].add(value) rescue ArgumentError => e @@ -115,6 +119,7 @@ class ConfigModule < CoreBotModule m.reply "config key #{key} is not an array" return end + return if !@bot.auth.allow?(@bot.config.items[key].auth_path, m.source, m.replyto) begin @bot.config.items[key].rm(value) rescue ArgumentError => e @@ -253,4 +258,8 @@ conf.map 'config help :topic', conf.default_auth('*', false) conf.default_auth('show::status', true) +# TODO these shouldn't be set here, we need a way to let the default +# permission be specified together with the BotConfigValue +conf.default_auth('key', true) +conf.default_auth('key::auth::password', false) -- cgit v1.2.3