mirror of
https://github.com/LuckPerms/LuckPerms.git
synced 2025-02-11 18:11:42 +01:00
Add 'require-sender-group-membership-to-modify' config option (#1140)
This commit is contained in:
Luck
parent
ffdeadac8a
commit
b7f8ca6658
@ -281,6 +281,11 @@ primary-group-calculation: parents-by-weight
|
||||
# the arguments given within the command.
|
||||
argument-based-command-permissions: false
|
||||
|
||||
# If the plugin should check whether senders are a member of a given group before they're able to
|
||||
# edit the groups data or add/remove other users to/from it.
|
||||
# Note: these limitations do not apply to the web editor!
|
||||
require-sender-group-membership-to-modify: false
|
||||
|
||||
# If the plugin should send log notifications to users whenever permissions are modified.
|
||||
#
|
||||
# - Notifications are only sent to those with the appropriate permission to receive them
|
||||
|
||||
@ -289,6 +289,11 @@ primary-group-calculation: parents-by-weight
|
||||
# the arguments given within the command.
|
||||
argument-based-command-permissions: false
|
||||
|
||||
# If the plugin should check whether senders are a member of a given group before they're able to
|
||||
# edit the groups data or add/remove other users to/from it.
|
||||
# Note: these limitations do not apply to the web editor!
|
||||
require-sender-group-membership-to-modify: false
|
||||
|
||||
# If the plugin should send log notifications to users whenever permissions are modified.
|
||||
#
|
||||
# - Notifications are only sent to those with the appropriate permission to receive them
|
||||
|
||||
@ -25,14 +25,19 @@
|
||||
|
||||
package me.lucko.luckperms.common.command.access;
|
||||
|
||||
import me.lucko.luckperms.api.Contexts;
|
||||
import me.lucko.luckperms.api.Tristate;
|
||||
import me.lucko.luckperms.api.context.ContextSet;
|
||||
import me.lucko.luckperms.common.caching.type.PermissionCache;
|
||||
import me.lucko.luckperms.common.config.ConfigKeys;
|
||||
import me.lucko.luckperms.common.model.Group;
|
||||
import me.lucko.luckperms.common.model.PermissionHolder;
|
||||
import me.lucko.luckperms.common.model.Track;
|
||||
import me.lucko.luckperms.common.model.User;
|
||||
import me.lucko.luckperms.common.node.factory.NodeFactory;
|
||||
import me.lucko.luckperms.common.plugin.LuckPermsPlugin;
|
||||
import me.lucko.luckperms.common.sender.Sender;
|
||||
import me.lucko.luckperms.common.verbose.CheckOrigin;
|
||||
|
||||
import java.util.Map;
|
||||
import java.util.function.BiFunction;
|
||||
@ -254,6 +259,49 @@ public final class ArgumentPermissions {
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the sender has permission to act using a given group, if holder is a group.
|
||||
*
|
||||
* @param plugin the plugin instance
|
||||
* @param sender the sender to check
|
||||
* @param holder the target group (doesn't have to be a group instance - this method checks that)
|
||||
* @param contextSet the contexts the sender is trying to act within
|
||||
* @return true if the sender should NOT be allowed to act, true if they should
|
||||
*/
|
||||
public static boolean checkGroup(LuckPermsPlugin plugin, Sender sender, PermissionHolder holder, ContextSet contextSet) {
|
||||
if (holder.getType().isGroup()) {
|
||||
return checkGroup(plugin, sender, ((Group) holder).getName(), contextSet);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the sender has permission to act using a given group
|
||||
*
|
||||
* @param plugin the plugin instance
|
||||
* @param sender the sender to check
|
||||
* @param targetGroupName the target group
|
||||
* @param contextSet the contexts the sender is trying to act within
|
||||
* @return true if the sender should NOT be allowed to act, true if they should
|
||||
*/
|
||||
public static boolean checkGroup(LuckPermsPlugin plugin, Sender sender, String targetGroupName, ContextSet contextSet) {
|
||||
if (!plugin.getConfiguration().get(ConfigKeys.REQUIRE_SENDER_GROUP_MEMBERSHIP_TO_MODIFY)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (sender.isConsole()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
User user = plugin.getUserManager().getIfLoaded(sender.getUuid());
|
||||
if (user == null) {
|
||||
throw new IllegalStateException("Unable to get a User for " + sender.getUuid() + " - " + sender.getName());
|
||||
}
|
||||
|
||||
PermissionCache permissionData = user.getCachedData().getPermissionData(Contexts.of(contextSet, Contexts.global().getSettings()));
|
||||
return !permissionData.getPermissionValue(NodeFactory.groupNode(targetGroupName), CheckOrigin.INTERNAL).asBoolean();
|
||||
}
|
||||
|
||||
private ArgumentPermissions() {}
|
||||
|
||||
}
|
||||
|
||||
@ -77,7 +77,8 @@ public class MetaAddChatMeta extends SharedSubCommand {
|
||||
String meta = ArgumentParser.parseString(1, args);
|
||||
MutableContextSet context = ArgumentParser.parseContext(2, args, plugin);
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -82,7 +82,8 @@ public class MetaAddTempChatMeta extends SharedSubCommand {
|
||||
TemporaryMergeBehaviour modifier = ArgumentParser.parseTemporaryModifier(3, args).orElseGet(() -> plugin.getConfiguration().get(ConfigKeys.TEMPORARY_ADD_BEHAVIOUR));
|
||||
MutableContextSet context = ArgumentParser.parseContext(3, args, plugin);
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -91,7 +91,8 @@ public class MetaClear extends SharedSubCommand {
|
||||
|
||||
MutableContextSet context = ArgumentParser.parseContext(0, args, plugin);
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -77,7 +77,8 @@ public class MetaRemoveChatMeta extends SharedSubCommand {
|
||||
String meta = ArgumentParser.parseStringOrElse(1, args, "null");
|
||||
MutableContextSet context = ArgumentParser.parseContext(2, args, plugin);
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -77,7 +77,8 @@ public class MetaRemoveTempChatMeta extends SharedSubCommand {
|
||||
String meta = ArgumentParser.parseStringOrElse(1, args, "null");
|
||||
MutableContextSet context = ArgumentParser.parseContext(2, args, plugin);
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -69,12 +69,9 @@ public class MetaSet extends SharedSubCommand {
|
||||
String value = args.get(1);
|
||||
MutableContextSet context = ArgumentParser.parseContext(2, args, plugin);
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkArguments(plugin, sender, permission, key)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context) ||
|
||||
ArgumentPermissions.checkArguments(plugin, sender, permission, key)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -96,7 +96,8 @@ public class MetaSetChatMeta extends SharedSubCommand {
|
||||
context = ArgumentParser.parseContext(2, args, plugin);
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -74,12 +74,9 @@ public class MetaSetTemp extends SharedSubCommand {
|
||||
TemporaryMergeBehaviour modifier = ArgumentParser.parseTemporaryModifier(3, args).orElseGet(() -> plugin.getConfiguration().get(ConfigKeys.TEMPORARY_ADD_BEHAVIOUR));
|
||||
MutableContextSet context = ArgumentParser.parseContext(3, args, plugin);
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkArguments(plugin, sender, permission, key)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context) ||
|
||||
ArgumentPermissions.checkArguments(plugin, sender, permission, key)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -105,7 +105,8 @@ public class MetaSetTempChatMeta extends SharedSubCommand {
|
||||
context = ArgumentParser.parseContext(3, args, plugin);
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -60,12 +60,9 @@ public class MetaUnset extends SharedSubCommand {
|
||||
String key = args.get(0);
|
||||
MutableContextSet context = ArgumentParser.parseContext(1, args, plugin);
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkArguments(plugin, sender, permission, key)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context) ||
|
||||
ArgumentPermissions.checkArguments(plugin, sender, permission, key)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -60,12 +60,9 @@ public class MetaUnsetTemp extends SharedSubCommand {
|
||||
String key = args.get(0);
|
||||
MutableContextSet context = ArgumentParser.parseContext(1, args, plugin);
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkArguments(plugin, sender, permission, key)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context) ||
|
||||
ArgumentPermissions.checkArguments(plugin, sender, permission, key)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -61,7 +61,8 @@ public class HolderClear<T extends PermissionHolder> extends SubCommand<T> {
|
||||
|
||||
MutableContextSet context = ArgumentParser.parseContext(0, args, plugin);
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, getPermission().get(), context)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, getPermission().get(), context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -27,6 +27,7 @@ package me.lucko.luckperms.common.commands.generic.other;
|
||||
|
||||
import com.google.gson.JsonObject;
|
||||
|
||||
import me.lucko.luckperms.api.context.ContextSet;
|
||||
import me.lucko.luckperms.common.command.CommandResult;
|
||||
import me.lucko.luckperms.common.command.abstraction.SubCommand;
|
||||
import me.lucko.luckperms.common.command.access.ArgumentPermissions;
|
||||
@ -58,7 +59,7 @@ public class HolderEditor<T extends PermissionHolder> extends SubCommand<T> {
|
||||
|
||||
@Override
|
||||
public CommandResult execute(LuckPermsPlugin plugin, Sender sender, T holder, List<String> args, String label) {
|
||||
if (ArgumentPermissions.checkViewPerms(plugin, sender, getPermission().get(), holder)) {
|
||||
if (ArgumentPermissions.checkViewPerms(plugin, sender, getPermission().get(), holder) || ArgumentPermissions.checkGroup(plugin, sender, holder, ContextSet.empty())) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -70,12 +70,10 @@ public class ParentAdd extends SharedSubCommand {
|
||||
return CommandResult.INVALID_ARGS;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkArguments(plugin, sender, permission, group.getName())) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, group, context) ||
|
||||
ArgumentPermissions.checkArguments(plugin, sender, permission, group.getName())) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -75,12 +75,10 @@ public class ParentAddTemp extends SharedSubCommand {
|
||||
return CommandResult.INVALID_ARGS;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkArguments(plugin, sender, permission, group.getName())) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, group, context) ||
|
||||
ArgumentPermissions.checkArguments(plugin, sender, permission, group.getName())) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -61,7 +61,7 @@ public class ParentClear extends SharedSubCommand {
|
||||
|
||||
MutableContextSet context = ArgumentParser.parseContext(0, args, plugin);
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) || ArgumentPermissions.checkGroup(plugin, sender, holder, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -82,12 +82,9 @@ public class ParentClearTrack extends SharedSubCommand {
|
||||
|
||||
MutableContextSet context = ArgumentParser.parseContext(1, args, plugin);
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkArguments(plugin, sender, permission, track.getName())) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context) ||
|
||||
ArgumentPermissions.checkArguments(plugin, sender, permission, track.getName())) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -66,12 +66,10 @@ public class ParentRemove extends SharedSubCommand {
|
||||
String groupName = ArgumentParser.parseNameWithSpace(0, args);
|
||||
MutableContextSet context = ArgumentParser.parseContext(1, args, plugin);
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkArguments(plugin, sender, permission, groupName)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, groupName, context) ||
|
||||
ArgumentPermissions.checkArguments(plugin, sender, permission, groupName)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -64,12 +64,10 @@ public class ParentRemoveTemp extends SharedSubCommand {
|
||||
String groupName = ArgumentParser.parseNameWithSpace(0, args);
|
||||
MutableContextSet context = ArgumentParser.parseContext(1, args, plugin);
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkArguments(plugin, sender, permission, groupName)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, groupName, context) ||
|
||||
ArgumentPermissions.checkArguments(plugin, sender, permission, groupName)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -70,12 +70,10 @@ public class ParentSet extends SharedSubCommand {
|
||||
return CommandResult.LOADING_ERROR;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkArguments(plugin, sender, permission, group.getName())) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, group, context) ||
|
||||
ArgumentPermissions.checkArguments(plugin, sender, permission, group.getName())) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -103,12 +103,10 @@ public class ParentSetTrack extends SharedSubCommand {
|
||||
return CommandResult.LOADING_ERROR;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkArguments(plugin, sender, permission, track.getName(), group.getName())) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, group, context) ||
|
||||
ArgumentPermissions.checkArguments(plugin, sender, permission, track.getName(), group.getName())) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -27,6 +27,7 @@ package me.lucko.luckperms.common.commands.generic.parent;
|
||||
|
||||
import me.lucko.luckperms.api.Node;
|
||||
import me.lucko.luckperms.api.StandardNodeEquality;
|
||||
import me.lucko.luckperms.api.context.ContextSet;
|
||||
import me.lucko.luckperms.common.actionlog.ExtendedLogEntry;
|
||||
import me.lucko.luckperms.common.command.CommandResult;
|
||||
import me.lucko.luckperms.common.command.abstraction.SharedSubCommand;
|
||||
@ -78,6 +79,14 @@ public class UserSwitchPrimaryGroup extends SharedSubCommand {
|
||||
return CommandResult.INVALID_ARGS;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, ContextSet.empty()) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, ContextSet.empty()) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, group, ContextSet.empty()) ||
|
||||
ArgumentPermissions.checkArguments(plugin, sender, permission, group.getName())) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
if (user.getPrimaryGroup().getStoredValue().orElse(NodeFactory.DEFAULT_GROUP_NAME).equalsIgnoreCase(group.getName())) {
|
||||
Message.USER_PRIMARYGROUP_ERROR_ALREADYHAS.send(sender, user.getFriendlyName(), group.getFriendlyName());
|
||||
return CommandResult.STATE_ERROR;
|
||||
|
||||
@ -61,7 +61,8 @@ public class PermissionClear extends SharedSubCommand {
|
||||
|
||||
MutableContextSet context = ArgumentParser.parseContext(0, args, plugin);
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
@ -27,6 +27,7 @@ package me.lucko.luckperms.common.commands.generic.permission;
|
||||
|
||||
import me.lucko.luckperms.api.DataMutateResult;
|
||||
import me.lucko.luckperms.api.context.MutableContextSet;
|
||||
import me.lucko.luckperms.api.nodetype.types.InheritanceType;
|
||||
import me.lucko.luckperms.common.actionlog.ExtendedLogEntry;
|
||||
import me.lucko.luckperms.common.command.CommandResult;
|
||||
import me.lucko.luckperms.common.command.abstraction.CommandException;
|
||||
@ -43,6 +44,7 @@ import me.lucko.luckperms.common.locale.command.CommandSpec;
|
||||
import me.lucko.luckperms.common.locale.message.Message;
|
||||
import me.lucko.luckperms.common.model.PermissionHolder;
|
||||
import me.lucko.luckperms.common.node.factory.NodeFactory;
|
||||
import me.lucko.luckperms.common.node.model.NodeTypes;
|
||||
import me.lucko.luckperms.common.plugin.LuckPermsPlugin;
|
||||
import me.lucko.luckperms.common.sender.Sender;
|
||||
import me.lucko.luckperms.common.utils.Predicates;
|
||||
@ -65,14 +67,19 @@ public class PermissionSet extends SharedSubCommand {
|
||||
boolean value = ArgumentParser.parseBoolean(1, args);
|
||||
MutableContextSet context = ArgumentParser.parseContext(2, args, plugin);
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context) ||
|
||||
ArgumentPermissions.checkArguments(plugin, sender, permission, node)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkArguments(plugin, sender, permission, node)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
InheritanceType inheritanceType = NodeTypes.parseInheritanceType(node);
|
||||
if (inheritanceType != null) {
|
||||
if (ArgumentPermissions.checkGroup(plugin, sender, inheritanceType.getGroupName(), context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
}
|
||||
|
||||
DataMutateResult result = holder.setPermission(NodeFactory.builder(node).setValue(value).withExtraContext(context).build());
|
||||
|
||||
@ -28,6 +28,7 @@ package me.lucko.luckperms.common.commands.generic.permission;
|
||||
import me.lucko.luckperms.api.TemporaryDataMutateResult;
|
||||
import me.lucko.luckperms.api.TemporaryMergeBehaviour;
|
||||
import me.lucko.luckperms.api.context.MutableContextSet;
|
||||
import me.lucko.luckperms.api.nodetype.types.InheritanceType;
|
||||
import me.lucko.luckperms.common.actionlog.ExtendedLogEntry;
|
||||
import me.lucko.luckperms.common.command.CommandResult;
|
||||
import me.lucko.luckperms.common.command.abstraction.CommandException;
|
||||
@ -45,6 +46,7 @@ import me.lucko.luckperms.common.locale.command.CommandSpec;
|
||||
import me.lucko.luckperms.common.locale.message.Message;
|
||||
import me.lucko.luckperms.common.model.PermissionHolder;
|
||||
import me.lucko.luckperms.common.node.factory.NodeFactory;
|
||||
import me.lucko.luckperms.common.node.model.NodeTypes;
|
||||
import me.lucko.luckperms.common.plugin.LuckPermsPlugin;
|
||||
import me.lucko.luckperms.common.sender.Sender;
|
||||
import me.lucko.luckperms.common.utils.DurationFormatter;
|
||||
@ -70,14 +72,19 @@ public class PermissionSetTemp extends SharedSubCommand {
|
||||
TemporaryMergeBehaviour modifier = ArgumentParser.parseTemporaryModifier(3, args).orElseGet(() -> plugin.getConfiguration().get(ConfigKeys.TEMPORARY_ADD_BEHAVIOUR));
|
||||
MutableContextSet context = ArgumentParser.parseContext(3, args, plugin);
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context) ||
|
||||
ArgumentPermissions.checkArguments(plugin, sender, permission, node)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkArguments(plugin, sender, permission, node)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
InheritanceType inheritanceType = NodeTypes.parseInheritanceType(node);
|
||||
if (inheritanceType != null) {
|
||||
if (ArgumentPermissions.checkGroup(plugin, sender, inheritanceType.getGroupName(), context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
}
|
||||
|
||||
TemporaryDataMutateResult result = holder.setPermission(NodeFactory.builder(node).setValue(value).withExtraContext(context).setExpiry(duration).build(), modifier);
|
||||
|
||||
@ -27,6 +27,7 @@ package me.lucko.luckperms.common.commands.generic.permission;
|
||||
|
||||
import me.lucko.luckperms.api.DataMutateResult;
|
||||
import me.lucko.luckperms.api.context.MutableContextSet;
|
||||
import me.lucko.luckperms.api.nodetype.types.InheritanceType;
|
||||
import me.lucko.luckperms.common.actionlog.ExtendedLogEntry;
|
||||
import me.lucko.luckperms.common.command.CommandResult;
|
||||
import me.lucko.luckperms.common.command.abstraction.CommandException;
|
||||
@ -43,6 +44,7 @@ import me.lucko.luckperms.common.locale.command.CommandSpec;
|
||||
import me.lucko.luckperms.common.locale.message.Message;
|
||||
import me.lucko.luckperms.common.model.PermissionHolder;
|
||||
import me.lucko.luckperms.common.node.factory.NodeFactory;
|
||||
import me.lucko.luckperms.common.node.model.NodeTypes;
|
||||
import me.lucko.luckperms.common.plugin.LuckPermsPlugin;
|
||||
import me.lucko.luckperms.common.sender.Sender;
|
||||
import me.lucko.luckperms.common.utils.Predicates;
|
||||
@ -64,14 +66,19 @@ public class PermissionUnset extends SharedSubCommand {
|
||||
String node = ArgumentParser.parseString(0, args);
|
||||
MutableContextSet context = ArgumentParser.parseContext(1, args, plugin);
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context) ||
|
||||
ArgumentPermissions.checkArguments(plugin, sender, permission, node)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkArguments(plugin, sender, permission, node)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
InheritanceType inheritanceType = NodeTypes.parseInheritanceType(node);
|
||||
if (inheritanceType != null) {
|
||||
if (ArgumentPermissions.checkGroup(plugin, sender, inheritanceType.getGroupName(), context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
}
|
||||
|
||||
DataMutateResult result = holder.unsetPermission(NodeFactory.builder(node).withExtraContext(context).build());
|
||||
|
||||
@ -27,6 +27,7 @@ package me.lucko.luckperms.common.commands.generic.permission;
|
||||
|
||||
import me.lucko.luckperms.api.DataMutateResult;
|
||||
import me.lucko.luckperms.api.context.MutableContextSet;
|
||||
import me.lucko.luckperms.api.nodetype.types.InheritanceType;
|
||||
import me.lucko.luckperms.common.actionlog.ExtendedLogEntry;
|
||||
import me.lucko.luckperms.common.command.CommandResult;
|
||||
import me.lucko.luckperms.common.command.abstraction.CommandException;
|
||||
@ -43,6 +44,7 @@ import me.lucko.luckperms.common.locale.command.CommandSpec;
|
||||
import me.lucko.luckperms.common.locale.message.Message;
|
||||
import me.lucko.luckperms.common.model.PermissionHolder;
|
||||
import me.lucko.luckperms.common.node.factory.NodeFactory;
|
||||
import me.lucko.luckperms.common.node.model.NodeTypes;
|
||||
import me.lucko.luckperms.common.plugin.LuckPermsPlugin;
|
||||
import me.lucko.luckperms.common.sender.Sender;
|
||||
import me.lucko.luckperms.common.utils.Predicates;
|
||||
@ -64,14 +66,19 @@ public class PermissionUnsetTemp extends SharedSubCommand {
|
||||
String node = ArgumentParser.parseString(0, args);
|
||||
MutableContextSet context = ArgumentParser.parseContext(1, args, plugin);
|
||||
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context)) {
|
||||
if (ArgumentPermissions.checkContext(plugin, sender, permission, context) ||
|
||||
ArgumentPermissions.checkGroup(plugin, sender, holder, context) ||
|
||||
ArgumentPermissions.checkArguments(plugin, sender, permission, node)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
if (ArgumentPermissions.checkArguments(plugin, sender, permission, node)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
InheritanceType inheritanceType = NodeTypes.parseInheritanceType(node);
|
||||
if (inheritanceType != null) {
|
||||
if (ArgumentPermissions.checkGroup(plugin, sender, inheritanceType.getGroupName(), context)) {
|
||||
Message.COMMAND_NO_PERMISSION.send(sender);
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
}
|
||||
|
||||
DataMutateResult result = holder.unsetPermission(NodeFactory.builder(node).setExpiry(10L).withExtraContext(context).build());
|
||||
|
||||
@ -49,6 +49,7 @@ import me.lucko.luckperms.common.storage.DataConstraints;
|
||||
import me.lucko.luckperms.common.utils.Predicates;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.function.Predicate;
|
||||
|
||||
public class UserDemote extends SubCommand<User> {
|
||||
public UserDemote(LocaleManager locale) {
|
||||
@ -88,7 +89,11 @@ public class UserDemote extends SubCommand<User> {
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
DemotionResult result = track.demote(user, context, s -> !ArgumentPermissions.checkArguments(plugin, sender, getPermission().get(), track.getName(), s), sender, removeFromFirst);
|
||||
Predicate<String> previousGroupPermissionChecker = s ->
|
||||
!ArgumentPermissions.checkArguments(plugin, sender, getPermission().get(), track.getName(), s) &&
|
||||
!ArgumentPermissions.checkGroup(plugin, sender, s, context);
|
||||
|
||||
DemotionResult result = track.demote(user, context, previousGroupPermissionChecker, sender, removeFromFirst);
|
||||
switch (result.getStatus()) {
|
||||
case NOT_ON_TRACK:
|
||||
Message.USER_TRACK_ERROR_NOT_CONTAIN_GROUP.send(sender, user.getFriendlyName(), track.getName());
|
||||
|
||||
@ -49,6 +49,7 @@ import me.lucko.luckperms.common.storage.DataConstraints;
|
||||
import me.lucko.luckperms.common.utils.Predicates;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.function.Predicate;
|
||||
|
||||
public class UserPromote extends SubCommand<User> {
|
||||
public UserPromote(LocaleManager locale) {
|
||||
@ -88,7 +89,11 @@ public class UserPromote extends SubCommand<User> {
|
||||
return CommandResult.NO_PERMISSION;
|
||||
}
|
||||
|
||||
PromotionResult result = track.promote(user, context, s -> !ArgumentPermissions.checkArguments(plugin, sender, getPermission().get(), track.getName(), s), sender, addToFirst);
|
||||
Predicate<String> nextGroupPermissionChecker = s ->
|
||||
!ArgumentPermissions.checkArguments(plugin, sender, getPermission().get(), track.getName(), s) &&
|
||||
!ArgumentPermissions.checkGroup(plugin, sender, s, context);
|
||||
|
||||
PromotionResult result = track.promote(user, context, nextGroupPermissionChecker, sender, addToFirst);
|
||||
switch (result.getStatus()) {
|
||||
case MALFORMED_TRACK:
|
||||
Message.USER_PROMOTE_ERROR_MALFORMED.send(sender, result.getGroupTo().get());
|
||||
|
||||
@ -181,6 +181,12 @@ public final class ConfigKeys {
|
||||
*/
|
||||
public static final ConfigKey<Boolean> USE_ARGUMENT_BASED_COMMAND_PERMISSIONS = BooleanKey.of("argument-based-command-permissions", false);
|
||||
|
||||
/**
|
||||
* If the plugin should check whether senders are a member of a given group
|
||||
* before they're able to edit the groups permissions or add/remove it from other users.
|
||||
*/
|
||||
public static final ConfigKey<Boolean> REQUIRE_SENDER_GROUP_MEMBERSHIP_TO_MODIFY = BooleanKey.of("require-sender-group-membership-to-modify", false);
|
||||
|
||||
/**
|
||||
* If wildcards are being applied
|
||||
*/
|
||||
|
||||
@ -276,6 +276,11 @@ primary-group-calculation: parents-by-weight
|
||||
# the arguments given within the command.
|
||||
argument-based-command-permissions: false
|
||||
|
||||
# If the plugin should check whether senders are a member of a given group before they're able to
|
||||
# edit the groups data or add/remove other users to/from it.
|
||||
# Note: these limitations do not apply to the web editor!
|
||||
require-sender-group-membership-to-modify: false
|
||||
|
||||
# If the plugin should send log notifications to users whenever permissions are modified.
|
||||
#
|
||||
# - Notifications are only sent to those with the appropriate permission to receive them
|
||||
|
||||
@ -285,6 +285,11 @@ primary-group-calculation = "parents-by-weight"
|
||||
# the arguments given within the command.
|
||||
argument-based-command-permissions = false
|
||||
|
||||
# If the plugin should check whether senders are a member of a given group before they're able to
|
||||
# edit the groups data or add/remove other users to/from it.
|
||||
# Note: these limitations do not apply to the web editor!
|
||||
require-sender-group-membership-to-modify = false
|
||||
|
||||
# If the plugin should send log notifications to users whenever permissions are modified.
|
||||
#
|
||||
# - Notifications are only sent to those with the appropriate permission to receive them
|
||||
|
||||
@ -280,6 +280,11 @@ primary-group-calculation: parents-by-weight
|
||||
# the arguments given within the command.
|
||||
argument-based-command-permissions: false
|
||||
|
||||
# If the plugin should check whether senders are a member of a given group before they're able to
|
||||
# edit the groups data or add/remove other users to/from it.
|
||||
# Note: these limitations do not apply to the web editor!
|
||||
require-sender-group-membership-to-modify: false
|
||||
|
||||
# If the plugin should send log notifications to users whenever permissions are modified.
|
||||
#
|
||||
# - Notifications are only sent to those with the appropriate permission to receive them
|
||||
|
||||
Loading…
Reference in New Issue
Block a user