Add config options to allow for finer control over how permissions are calculated, and set include-global to true on BungeeCord by default

bukkit/src/main/java/me/lucko/luckperms/bukkit/BukkitCalculatorFactory.java

@@ -52,22 +52,33 @@ public class BukkitCalculatorFactory extends AbstractCalculatorFactory {
 
     @Override
     public PermissionCalculator build(Contexts contexts, User user) {
-        UUID uuid = plugin.getUuidCache().getExternalUUID(user.getUuid());
-
         ImmutableList.Builder<PermissionProcessor> processors = ImmutableList.builder();
+
         processors.add(new MapProcessor());
-        processors.add(new ChildProcessor(plugin.getChildPermissionProvider()));
+
-        processors.add(new AttachmentProcessor(() -> {
+        if (plugin.getConfiguration().get(ConfigKeys.APPLY_BUKKIT_CHILD_PERMISSIONS)) {
-            LPPermissible permissible = Injector.getPermissible(uuid);
+            processors.add(new ChildProcessor(plugin.getChildPermissionProvider()));
-            return permissible == null ? null : permissible.getAttachmentPermissions();
+        }
-        }));
+
+        if (plugin.getConfiguration().get(ConfigKeys.APPLY_BUKKIT_ATTACHMENT_PERMISSIONS)) {
+            final UUID uuid = plugin.getUuidCache().getExternalUUID(user.getUuid());
+            processors.add(new AttachmentProcessor(() -> {
+                LPPermissible permissible = Injector.getPermissible(uuid);
+                return permissible == null ? null : permissible.getAttachmentPermissions();
+            }));
+        }
+
         if (plugin.getConfiguration().get(ConfigKeys.APPLYING_REGEX)) {
             processors.add(new RegexProcessor());
         }
+
         if (plugin.getConfiguration().get(ConfigKeys.APPLYING_WILDCARDS)) {
             processors.add(new WildcardProcessor());
         }
-        processors.add(new DefaultsProcessor(contexts.isOp(), plugin.getDefaultsProvider()));
+
+        if (plugin.getConfiguration().get(ConfigKeys.APPLY_BUKKIT_DEFAULT_PERMISSIONS)) {
+            processors.add(new DefaultsProcessor(contexts.isOp(), plugin.getDefaultsProvider()));
+        }
 
         return registerCalculator(new PermissionCalculator(plugin, user.getFriendlyName(), processors.build()));
     }

bukkit/src/main/java/me/lucko/luckperms/bukkit/calculators/ChildProcessor.java

@@ -27,6 +27,8 @@ package me.lucko.luckperms.bukkit.calculators;
 
 import lombok.RequiredArgsConstructor;
 
+import com.google.common.collect.Maps;
+
 import me.lucko.luckperms.api.Tristate;
 import me.lucko.luckperms.bukkit.model.ChildPermissionProvider;
 import me.lucko.luckperms.common.calculators.PermissionProcessor;
@@ -49,7 +51,7 @@ public class ChildProcessor implements PermissionProcessor {
     public void updateBacking(Map<String, Boolean> map) {
         childPermissions.clear();
         for (Map.Entry<String, Boolean> e : map.entrySet()) {
-            Map<String, Boolean> children = provider.getPermissions().get(e);
+            Map<String, Boolean> children = provider.getPermissions().get(Maps.immutableEntry(e.getKey(), e.getValue()));
             if (children != null) {
                 childPermissions.putAll(children);
             }

bukkit/src/main/resources/config.yml

@@ -95,6 +95,24 @@ apply-regex: true
 # If set to true, LuckPerms will detect and expand shorthand node patterns.
 apply-shorthand: true
 
+# If the plugin should apply Bukkit child permissions.
+# Plugin authors can define custom permissions structures for their plugin, which will be resolved and used
+# by LuckPerms if this setting is enabled.
+apply-bukkit-child-permissions: true
+
+# If the plugin should apply Bukkit default permissions.
+# Plugin authors can define permissions which should be given to all users by default, or setup permissions
+# which should/shouldn't be given to opped players.
+# If this option is set to false, LuckPerms will ignore these defaults.
+apply-bukkit-default-permissions: true
+
+# If the plugin should apply attachment permissions.
+# Other plugins on the server are able to add their own "permission attachments" to players. This allows
+# them to grant players additional permissions which last until the end of the session, or until they're removed.
+# If this option is set to false, LuckPerms will not include these attachment permissions when considering if a
+# player should have access to a certain permission.
+apply-bukkit-attachment-permissions: true
+
 # Define special group weights for this server.
 # Default is just 0.
 group-weight:

bungee/src/main/java/me/lucko/luckperms/bungee/BungeeCalculatorFactory.java

@@ -46,10 +46,13 @@ public class BungeeCalculatorFactory extends AbstractCalculatorFactory {
     @Override
     public PermissionCalculator build(Contexts contexts, User user) {
         ImmutableList.Builder<PermissionProcessor> processors = ImmutableList.builder();
+
         processors.add(new MapProcessor());
+
         if (plugin.getConfiguration().get(ConfigKeys.APPLYING_REGEX)) {
             processors.add(new RegexProcessor());
         }
+
         if (plugin.getConfiguration().get(ConfigKeys.APPLYING_WILDCARDS)) {
             processors.add(new WildcardProcessor());
         }

bungee/src/main/java/me/lucko/luckperms/bungee/BungeeListener.java

@@ -28,6 +28,7 @@ package me.lucko.luckperms.bungee;
 import lombok.RequiredArgsConstructor;
 
 import me.lucko.luckperms.api.Contexts;
+import me.lucko.luckperms.api.Tristate;
 import me.lucko.luckperms.api.caching.UserData;
 import me.lucko.luckperms.api.context.MutableContextSet;
 import me.lucko.luckperms.common.config.ConfigKeys;
@@ -161,6 +162,7 @@ public class BungeeListener implements Listener {
 
         User user = plugin.getUserManager().get(plugin.getUuidCache().getUUID(player.getUniqueId()));
         if (user == null) {
+            e.setHasPermission(false);
             return;
         }
 
@@ -168,6 +170,7 @@ public class BungeeListener implements Listener {
         if (userData == null) {
             plugin.getLog().warn("Player " + player.getName() + " does not have any user data setup.");
             plugin.doAsync(() -> user.setupData(false));
+            e.setHasPermission(false);
             return;
         }
 
@@ -181,7 +184,12 @@ public class BungeeListener implements Listener {
                 false
         );
 
-        e.setHasPermission(userData.getPermissionData(contexts).getPermissionValue(e.getPermission()).asBoolean());
+        Tristate result = userData.getPermissionData(contexts).getPermissionValue(e.getPermission());
+        if (result == Tristate.UNDEFINED && plugin.getConfiguration().get(ConfigKeys.APPLY_BUNGEE_CONFIG_PERMISSIONS)) {
+            return; // just use the result provided by the proxy when the event was created
+        }
+
+        e.setHasPermission(result.asBoolean());
     }
 
     // We don't pre-process all servers, so we have to do it here.

bungee/src/main/resources/config.yml

@@ -14,7 +14,7 @@ server: bungee
 
 # If users on this server should have their global permissions applied.
 # If set to false, only server specific permissions will apply for users on this server
-include-global: false
+include-global: true
 
 # If users on this server should have their global world permissions applied.
 # If set to false, only world specific permissions will apply for users on this server
@@ -95,6 +95,10 @@ apply-regex: true
 # If set to true, LuckPerms will detect and expand shorthand node patterns.
 apply-shorthand: true
 
+# If the plugin should apply the permissions & groups defined in the BungeeCord config.yml
+# If set to false, LuckPerms will ignore these values.
+apply-bungee-config-permissions: false
+
 # Define special group weights for this server.
 # Default is just 0.
 group-weight:

common/src/main/java/me/lucko/luckperms/common/config/ConfigKeys.java

@@ -102,6 +102,12 @@ public class ConfigKeys {
     public static final ConfigKey<Boolean> APPLYING_WILDCARDS = EnduringKey.wrap(BooleanKey.of("apply-wildcards", true));
     public static final ConfigKey<Boolean> APPLYING_REGEX = EnduringKey.wrap(BooleanKey.of("apply-regex", true));
     public static final ConfigKey<Boolean> APPLYING_SHORTHAND = EnduringKey.wrap(BooleanKey.of("apply-shorthand", true));
+    public static final ConfigKey<Boolean> APPLY_BUKKIT_CHILD_PERMISSIONS = EnduringKey.wrap(BooleanKey.of("apply-bukkit-child-permissions", true));
+    public static final ConfigKey<Boolean> APPLY_BUKKIT_DEFAULT_PERMISSIONS = EnduringKey.wrap(BooleanKey.of("apply-bukkit-default-permissions", true));
+    public static final ConfigKey<Boolean> APPLY_BUKKIT_ATTACHMENT_PERMISSIONS = EnduringKey.wrap(BooleanKey.of("apply-bukkit-attachment-permissions", true));
+    public static final ConfigKey<Boolean> APPLY_BUNGEE_CONFIG_PERMISSIONS = EnduringKey.wrap(BooleanKey.of("apply-bungee-config-permissions", false));
+    public static final ConfigKey<Boolean> APPLY_SPONGE_IMPLICIT_WILDCARDS = EnduringKey.wrap(BooleanKey.of("apply-sponge-implicit-wildcards", true));
+    public static final ConfigKey<Boolean> APPLY_SPONGE_DEFAULT_SUBJECTS = EnduringKey.wrap(BooleanKey.of("apply-sponge-default-subjects", true));
     public static final ConfigKey<Map<String, Integer>> GROUP_WEIGHTS = AbstractKey.of(c -> {
         return c.getMap("group-weight", ImmutableMap.of()).entrySet().stream().collect(ImmutableCollectors.toImmutableMap(
                 e -> e.getKey().toLowerCase(),

sponge/src/main/java/me/lucko/luckperms/sponge/SpongeCalculatorFactory.java

@@ -48,15 +48,24 @@ public class SpongeCalculatorFactory extends AbstractCalculatorFactory {
     @Override
     public PermissionCalculator build(Contexts contexts, User user) {
         ImmutableList.Builder<PermissionProcessor> processors = ImmutableList.builder();
+
         processors.add(new MapProcessor());
-        processors.add(new SpongeWildcardProcessor());
+
+        if (plugin.getConfiguration().get(ConfigKeys.APPLY_SPONGE_IMPLICIT_WILDCARDS)) {
+            processors.add(new SpongeWildcardProcessor());
+        }
+
         if (plugin.getConfiguration().get(ConfigKeys.APPLYING_REGEX)) {
             processors.add(new RegexProcessor());
         }
+
         if (plugin.getConfiguration().get(ConfigKeys.APPLYING_WILDCARDS)) {
             processors.add(new WildcardProcessor());
         }
-        processors.add(new DefaultsProcessor(plugin.getService(), contexts.getContexts()));
+
+        if (plugin.getConfiguration().get(ConfigKeys.APPLY_SPONGE_DEFAULT_SUBJECTS)) {
+            processors.add(new DefaultsProcessor(plugin.getService(), contexts.getContexts()));
+        }
 
         return registerCalculator(new PermissionCalculator(plugin, user.getFriendlyName(), processors.build()));
     }

sponge/src/main/resources/luckperms.conf

@@ -96,6 +96,20 @@ apply-regex=true
 # If set to true, LuckPerms will detect and expand shorthand node patterns.
 apply-shorthand=true
 
+# If LuckPerms should resolve and apply permissions according to Sponge's implicit wildcard inheritance system.
+#
+# That being:
+# If a user has been granted "example", then the player should have also be automatically
+# granted "example.function", "example.another", "example.deeper.nesting", and so on.
+#
+# If this option is set to false, this system will not be applied.
+apply-sponge-implicit-wildcards=true
+
+# If the plugin should apply Sponge default subject permissions.
+# Plugins can manipulate a set of default permissions granted to all users. If this option is set to false,
+# LuckPerms will ignore this data when considering if a player has a permission.
+apply-sponge-default-subjects=true
+
 # Define special group weights for this server.
 # Default is just 0.
 group-weight {