From aa404ca89800f5f6aa76eb2233952f00724fded0 Mon Sep 17 00:00:00 2001 From: Kamal Curi Date: Sun, 22 Oct 2023 18:36:12 +0000 Subject: [PATCH] Add 'IPM - Integrated Permissions Module' --- IPM---Integrated-Permissions-Module.md | 27 ++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 IPM---Integrated-Permissions-Module.md diff --git a/IPM---Integrated-Permissions-Module.md b/IPM---Integrated-Permissions-Module.md new file mode 100644 index 0000000..f98a282 --- /dev/null +++ b/IPM---Integrated-Permissions-Module.md @@ -0,0 +1,27 @@ +# Integrated Permissions Module + +### What it is: + +The IPM is a set of functions that serve to authenticate command execution permissions for individual users. This task used to belong to some [rudimentary role-checking code](https://brejela.club/gitea/neeble-club/neeble/src/commit/8902a4d49a4b8f47ca581bef35083d32e0b01a98/utils/commands.py#L265-L273) which was copied and [pasted](https://brejela.club/gitea/neeble-club/neeble/src/commit/8902a4d49a4b8f47ca581bef35083d32e0b01a98/utils/commands.py#L319-L327) [many](https://brejela.club/gitea/neeble-club/neeble/src/commit/8902a4d49a4b8f47ca581bef35083d32e0b01a98/utils/commands.py#L649-L658) times. However, with the introduction of fixed usernames in Discord, and the inflexibility of role-bound permissions (using the bot in more than one server requires the same role in those servers as well), work on another means of authorization is necessary. + +##### Disclaimer: +###### Although the module was made to work with neeble's discord bot interface, it will be designed so that it can easily be used as a general solution for access control. + +### How it works: + +The module works under the concepts of [access control lists](https://en.wikipedia.org/wiki/Access-control_list) applied in a table format with two columns: One contains the username, and the other contains a [JSON-Formatted](https://en.wikipedia.org/wiki/JSON) dictionary. This dictionary's key corresponds to a set of related commands, and its value is a list which contains the specific commands this user may be able to execute, a has access to all specific commands if the list contains a "*". + +Example: + +``` +id|user|ipmlist | +--+----+-----------------------------------------------------------------------+ + 1|foo |{"mgmt": ["dbg", "version", "nf"], "news": ["readNews", "refreshNews"]}| + 2|bar |{"mgmt": ["*"], "news": ["*"]} | + ``` + + Where user `foo` can execute the `dbg`, `version` and `nf` commands, as well as the specific `news`-related managment commands. And `bar` has access to all commands under both `mgmt` and `news` categories. + +### How to help: + +You may `git clone -b ipm git@brejela.club:neeble-club/neeble.git` to start working on the IPM-enabled version of neeble-bot. You can also access its [gitea page](https://brejela.club/gitea/neeble-club/neeble/src/branch/ipm). You may ask [me](https://brejela.club/gitea/brejela) for org permissions to push your branch to the main repository. \ No newline at end of file