SourcePerms

[necavi]

# SourcePerms

Easy to use permissions for SourcePython

Configuration:

The configuration files are located at cfg/source-python/auth/

The group config format is:

Syntax: Select all

{
	"<groupname>" : 
	{
		"parents" :
		[
			"group1",
			"group2"
		],
		"permissions" :
		[
			"permission1",
			"permission2"
		]
	}
}

The admin config format is:

Syntax: Select all

{
	"<steamid>" :
	{
		"parents" :
		[
			"group1",
			"group2"
		],
		"permissions" :
		[
			"permission1",
			"permission2"
		]
	}
}

Example group config:

Syntax: Select all

{
	"admin" :
	{
		"permissions" :
		[
			"sp.fun.*"
		]
	}
}

Example admin config:

Syntax: Select all

{
	"STEAM_0:0:11672517": 
	{
		"parents" :
		[
			"admins"
		],
		"permissions" :
		[
			"sp.map.map"
		]
	}
}

This would give the player access to the following commands: sp_ignite, sp_freeze, sp_unfreeze and sp_map.

Simple. Easy. Powerful.

Upcoming features:
- SQL Backend
- Saving

Download Here

[necavi]

Version 0.2
- Added groups and permission inheritance
- Restructured the plugin quite a bit to allow for future backends

[Ayuto]

I really like the idea of this auth module. Our current implementation allows people to create/load different auth providers, so they can use e.g. EventScripts' or Sourcemods auth files (though, we haven't added parsers for these files yet). But actually I'm not really sure if that's the way we should go.

Your implementation seems to be clear and easy to use, so what about having just one authorization service? I would really like to see a discussion on this! Note: I haven't talked with Satoon and L'In20Cible about this, so don't think this is the opinion of the whole SP team.

I guess this would create a super admin group with access to everything, right?

Syntax: Select all

{
    "super_admin" :
    {
        "permissions" :
        [
            "*"
        ]
    }
}

[necavi]

Yep! As I'm sure you've seen from the code, doing that would just make a permission regex that matches any permission passed into it.

I'm developing it with the hope that it could be integrated as the official auth module, as per my thread here and would love to see some discussion about that. Currently I'm planning on allowing multiple backends, but having them load into the main permission cache (more similar to how Sourcemod does things) rather than querying each backend individually. That design allows for greatly increased consistency while still allowing things like having a flatfile on the server that loads server-specific permissions of course the SQL backend will allow server-specific permissions as well, but I respect that some people strongly desire server-specific permissions to be completely separate.

[satoon101]

I have been very busy lately, and unable to form a comprehensive reply to this thread and/or the auth thread you started in the API forum. I really like this idea, as well, and would like to ask you to propose this as a pull request on our repository. I would like to give you the ability to post changes to the auth api directly, but I don't believe that is possible without giving you full access, unfortunately.

Having said that, I would certainly appreciate hearing L'In20cible's opinion on this, as well.

One more thing. If we change to just use this implementation, I would still like an easy way to give certain steamids all permissions, much like our current "simple" auth.

[L'In20Cible]

I do not really have any opinion on this as I never used any AUTH system external to my own codes. You guys go for what you think the best is!

[necavi]

Version 0.3:
- Added multiple backends support
- Added simple backend
- Vastly simplified group/player permission creation
- Added "options" for backends, allowing them to set load paths/uris/etc in the core sourceperms.ini file
- Setup Flatfile and simple backends to use options to set their config paths.

The simple backend is completely equivalent to the simple provider that ships with SourcePython - it is simply a file of steamIDs and grants each ID "*" permissions (access to everything)
Adding an additional backend is as simple as just setting PermissionSource = flatfile, simple in the sourceperms.ini file.

All of the basics are in place and I don't foresee any major changes from this point on, I like the way things have turned out and will be adding an SQL backend and adding quite a bit more error checking, logging and other fine touches.