From a3dc8d973b49d6a4bf1446093c194aed5f69916f Mon Sep 17 00:00:00 2001
From: Giuseppe Bilotta <giuseppe.bilotta@gmail.com>
Date: Tue, 29 Aug 2006 09:49:58 +0000
Subject: Introduce BotConfigValue permissions, to protect particularly
 sensitive config options while still allowing access to more innocent ones

---
 lib/rbot/config.rb      | 2 ++
 lib/rbot/core/config.rb | 9 +++++++++
 2 files changed, 11 insertions(+)

(limited to 'lib')

diff --git a/lib/rbot/config.rb b/lib/rbot/config.rb
index e8cea284..ef079429 100644
--- a/lib/rbot/config.rb
+++ b/lib/rbot/config.rb
@@ -25,6 +25,7 @@ module Irc
     attr_reader :requires_rescan
     attr_reader :order
     attr_reader :manager
+    attr_reader :auth_path
     def initialize(key, params)
       @manager = BotConfig::configmanager
       # Keys must be in the form 'module.name'.
@@ -48,6 +49,7 @@ module Irc
       @wizard = params[:wizard]
       @requires_restart = params[:requires_restart]
       @requires_rescan = params[:requires_rescan]
+      @auth_path = "config::key::#{key.sub('.','::')}"
     end
     def default
       if @default.instance_of?(Proc)
diff --git a/lib/rbot/core/config.rb b/lib/rbot/core/config.rb
index dfbaaab6..1fe2da22 100644
--- a/lib/rbot/core/config.rb
+++ b/lib/rbot/core/config.rb
@@ -36,6 +36,7 @@ class ConfigModule < CoreBotModule
       m.reply "no such config key #{key}"
       return
     end
+    return if !@bot.auth.allow?(@bot.config.items[key].auth_path, m.source, m.replyto)
     value = @bot.config.items[key].to_s
     m.reply "#{key}: #{value}"
   end
@@ -54,6 +55,7 @@ class ConfigModule < CoreBotModule
     unless @bot.config.items.has_key?(key)
       m.reply "no such config key #{key}"
     end
+    return if !@bot.auth.allow?(@bot.config.items[key].auth_path, m.source, m.replyto)
     @bot.config.items[key].unset
     handle_get(m, params)
     m.reply "this config change will take effect on the next restart" if @bot.config.items[key].requires_restart
@@ -67,6 +69,7 @@ class ConfigModule < CoreBotModule
       m.reply "no such config key #{key}"
       return
     end
+    return if !@bot.auth.allow?(@bot.config.items[key].auth_path, m.source, m.replyto)
     begin
       @bot.config.items[key].set_string(value)
     rescue ArgumentError => e
@@ -93,6 +96,7 @@ class ConfigModule < CoreBotModule
       m.reply "config key #{key} is not an array"
       return
     end
+    return if !@bot.auth.allow?(@bot.config.items[key].auth_path, m.source, m.replyto)
     begin
       @bot.config.items[key].add(value)
     rescue ArgumentError => e
@@ -115,6 +119,7 @@ class ConfigModule < CoreBotModule
       m.reply "config key #{key} is not an array"
       return
     end
+    return if !@bot.auth.allow?(@bot.config.items[key].auth_path, m.source, m.replyto)
     begin
       @bot.config.items[key].rm(value)
     rescue ArgumentError => e
@@ -253,4 +258,8 @@ conf.map 'config help :topic',
 
 conf.default_auth('*', false)
 conf.default_auth('show::status', true)
+# TODO these shouldn't be set here, we need a way to let the default
+# permission be specified together with the BotConfigValue
+conf.default_auth('key', true)
+conf.default_auth('key::auth::password', false)
 
-- 
cgit v1.2.3