4 # :title: rbot auth management from IRC
6 # Author:: Giuseppe "Oblomov" Bilotta <giuseppe.bilotta@gmail.com>
8 class AuthModule < CoreBotModule
13 # The namespace migration causes each Irc::Auth::PermissionSet to be
14 # unrecoverable, and we have to rename their class name to
15 # Irc::Bot::Auth::PermissionSet
16 @registry.recovery = Proc.new { |val|
17 patched = val.sub("o:\035Irc::Auth::PermissionSet", "o:\042Irc::Bot::Auth::PermissionSet")
18 Marshal.restore(patched)
21 load_array(:default, true)
22 debug "initialized auth. Botusers: #{@bot.auth.save_array.pretty_inspect}"
29 def save_array(key=:default)
31 @registry[key] = @bot.auth.save_array
32 @bot.auth.reset_changed
33 debug "saved botusers (#{key}): #{@registry[key].pretty_inspect}"
37 def load_array(key=:default, forced=false)
38 debug "loading botusers (#{key}): #{@registry[key].pretty_inspect}"
39 @bot.auth.load_array(@registry[key], forced) if @registry.has_key?(key)
40 if @bot.auth.botowner.password != @bot.config['auth.password']
41 error "Master password is out of sync!"
42 debug " db password: #{@bot.auth.botowner.password}"
43 debug "conf password: #{@bot.config['auth.password']}"
44 error "Using conf password"
45 @bot.auth.botowner.password = @bot.config['auth.password']
49 # The permission parameters accept arguments with the following syntax:
50 # cmd_path... [on #chan .... | in here | in private]
51 # This auxiliary method scans the array _ar_ to see if it matches
52 # the given syntax: it expects + or - signs in front of _cmd_path_
53 # elements when _setting_ = true
55 # It returns an array whose first element is the array of cmd_path,
56 # the second element is an array of locations and third an array of
57 # warnings occurred while parsing the strings
59 def parse_args(ar, setting)
64 next_must_be_chan = false
67 ar.each_with_index { |x, i|
68 if doing_cmds # parse cmd_path
69 # check if the list is done
70 if x == "on" or x == "in"
72 next_must_be_chan = true if x == "on"
75 if "+-".include?(x[0])
76 warns << ArgumentError.new(_("please do not use + or - in front of command %{command} when resetting") % {:command => x}) unless setting
78 warns << ArgumentError.new(_("+ or - expected in front of %{string}") % {:string => x}) if setting
81 else # parse locations
87 case next_must_be_chan
89 locs << x.gsub(/^here$/,'_').gsub(/^private$/,'?')
91 warns << ArgumentError.new(_("'%{string}' doesn't look like a channel name") % {:string => x}) unless @bot.server.supports[:chantypes].include?(x[0])
100 warns << _("trailing comma") if want_more
101 warns << _("you probably forgot a comma") unless last_idx == ar.length - 1
102 return cmds, locs, warns
105 def auth_edit_perm(m, params)
107 setting = m.message.split[1] == "set"
108 splits = params[:args]
110 has_for = splits[-2] == "for"
111 return usage(m) unless has_for
114 user = @bot.auth.get_botuser(splits[-1].sub(/^all$/,"everyone"))
116 return m.reply(_("couldn't find botuser %{name}") % {:name => splits[-1]})
118 return m.reply(_("you can't change permissions for %{username}") % {:username => user.username}) if user.owner?
119 splits.slice!(-2,2) if has_for
121 cmds, locs, warns = parse_args(splits, setting)
122 errs = warns.select { |w| w.kind_of?(Exception) }
125 m.reply _("couldn't satisfy your request: %{errors}") % {:errors => errs.join(',')}
136 ch = "?" if loc == "_"
138 ch = m.target.to_s if loc == "_"
142 val = setval[0].chr == '+'
144 user.set_permission(cmd, val, ch)
147 user.reset_permission(cmd, ch)
152 m.reply "something went wrong while trying to set the permissions"
155 @bot.auth.set_changed
156 debug "user #{user} permissions changed"
160 def auth_view_perm(m, params)
162 if params[:user].nil?
163 user = get_botuser_for(m.source)
164 return m.reply(_("you are owner, you can do anything")) if user.owner?
166 user = @bot.auth.get_botuser(params[:user].sub(/^all$/,"everyone"))
167 return m.reply(_("owner can do anything")) if user.owner?
170 return m.reply(_("couldn't find botuser %{name}") % {:name => params[:user]})
175 next if val.perm.empty?
178 str << _("on any channel: ")
180 str << _("in private: ")
182 str << _("on #{k}: ")
185 val.perm.each { |cmd, bool|
186 sub << (bool ? "+" : "-")
189 str.last << sub.join(', ')
192 m.reply _("no permissions set for %{user}") % {:user => user.username}
194 m.reply _("permissions for %{user}:: %{permissions}") %
195 { :user => user.username, :permissions => str.join('; ')}
199 def auth_search_perm(m, p)
200 pattern = Regexp.new(p[:pattern].to_s)
201 results = @bot.plugins.maps.select { |k, v| k.match(pattern) }
202 count = results.length
203 max = @bot.config['send.max_lines']
204 extra = (count > max ? _(". only %{max} will be shown") : "") % { :max => max }
205 m.reply _("%{count} commands found matching %{pattern}%{extra}") % {
206 :count => count, :pattern => pattern, :extra => extra
209 results[0,max].each { |cmd, hash|
210 m.reply _("%{cmd}: %{perms}") % {
212 :perms => hash[:auth].join(", ")
217 def find_auth(pseudo)
218 k = pseudo.plugin.intern
219 cmds = @bot.plugins.commands
222 cmds[k][:botmodule].handler.each do |tmpl|
223 options, failure = tmpl.recognize(pseudo)
225 auth = tmpl.options[:full_auth_path]
232 def auth_allow_deny(m, p)
234 botuser = @bot.auth.get_botuser(p[:user].sub(/^all$/,"everyone"))
236 return m.reply(_("couldn't find botuser %{name}") % {:name => p[:user]})
239 if p[:where].to_s.empty?
242 where = m.parse_channel_list(p[:where].to_s).first # should only be one anyway
245 if p.has_key? :auth_path
246 auth_path = p[:auth_path]
248 # pseudo-message to find the template. The source is ignored, and the
249 # target is set according to where the template should be checked
250 # (public or private)
251 # This might still fail in the case of 'everywhere' for commands there are
252 # really only private
255 pseudo_target = @bot.myself
257 pseudo_target = m.channel
259 pseudo_target = m.server.channel(where)
262 pseudo = PrivMessage.new(bot, m.server, m.source, pseudo_target, p[:stuff].to_s)
264 auth_path = find_auth(pseudo)
270 if @bot.auth.permit?(botuser, auth_path, where)
271 return m.reply(_("%{user} can already do that") % {:user => botuser}) if allow
273 return m.reply(_("%{user} can't do that already") % {:user => botuser}) if !allow
275 cmd = PrivMessage.new(bot, m.server, m.source, m.target, "permissions set %{sign}%{path} %{where} for %{user}" % {
278 :sign => (allow ? '+' : '-'),
279 :where => p[:where].to_s
283 m.reply(_("sorry, %{cmd} doesn't look like a valid command. maybe you misspelled it, or you need to specify it should be in private?") % {
284 :cmd => p[:stuff].to_s
290 auth_allow_deny(m, p.merge(:allow => true))
294 auth_allow_deny(m, p.merge(:allow => false))
297 def get_botuser_for(user)
298 @bot.auth.irc_to_botuser(user)
301 def get_botusername_for(user)
302 get_botuser_for(user).username
306 m.reply _("welcome, %{user}") % {:user => get_botusername_for(m.source)}
309 def auth_auth(m, params)
310 params[:botuser] = 'owner'
314 def auth_login(m, params)
316 case @bot.auth.login(m.source, params[:botuser], params[:password])
319 @bot.auth.set_changed
321 m.reply _("sorry, can't do")
324 m.reply _("couldn't login: %{exception}") % {:exception => e}
329 def auth_autologin(m, params)
330 u = do_autologin(m.source)
332 m.reply _("I couldn't find anything to let you login automatically")
338 def do_autologin(user)
339 @bot.auth.autologin(user)
342 def auth_whoami(m, params)
343 m.reply _("you are %{who}") % {
344 :who => get_botusername_for(m.source).gsub(
345 /^everyone$/, _("no one that I know")).gsub(
346 /^owner$/, _("my boss"))
350 def auth_whois(m, params)
351 return auth_whoami(m, params) if !m.public?
352 u = m.channel.users[params[:user]]
354 return m.reply("I don't see anyone named '#{params[:user]}' here") unless u
356 m.reply _("#{params[:user]} is %{who}") % {
357 :who => get_botusername_for(u).gsub(
358 /^everyone$/, _("no one that I know")).gsub(
359 /^owner$/, _("my boss"))
363 def help(cmd, topic="")
366 return _("login [<botuser>] [<pass>]: logs in to the bot as botuser <botuser> with password <pass>. When using the full form, you must contact the bot in private. <pass> can be omitted if <botuser> allows login-by-mask and your netmask is among the known ones. if <botuser> is omitted too autologin will be attempted")
368 return _("whoami: names the botuser you're linked to")
370 return _("who is <user>: names the botuser <user> is linked to")
374 return _("a permission is specified as module::path::to::cmd; when you want to enable it, prefix it with +; when you want to disable it, prefix it with -; when using the +reset+ command, do not use any prefix")
375 when "set", "reset", "[re]set", "(re)set"
376 return _("permissions [re]set <permission> [in <channel>] for <user>: sets or resets the permissions for botuser <user> in channel <channel> (use ? to change the permissions for private addressing)")
378 return _("permissions view [for <user>]: display the permissions for user <user>")
380 return _("permissions search <pattern>: display the permissions associated with the commands matching <pattern>")
382 return _("permission topics: syntax, (re)set, view, search")
387 return _("user show <what> : shows info about the user; <what> can be any of autologin, login-by-mask, netmasks")
389 return _("user enable|disable <what> : turns on or off <what> (autologin, login-by-mask)")
391 return _("user set password <blah> : sets the user password to <blah>; passwords can only contain upper and lowercase letters and numbers, and must be at least 4 characters long")
393 return _("user add|rm netmask <mask> : adds/removes netmask <mask> from the list of netmasks known to the botuser you're linked to")
395 return _("user reset <what> : resets <what> to the default values. <what> can be +netmasks+ (the list will be emptied), +autologin+ or +login-by-mask+ (will be reset to the default value) or +password+ (a new one will be generated and you'll be told in private)")
397 return _("user tell <who> the password for <botuser> : contacts <who> in private to tell him/her the password for <botuser>")
399 return _("user create <name> <password> : create botuser named <name> with password <password>. The password can be omitted, in which case a random one will be generated. The <name> should only contain alphanumeric characters and the underscore (_)")
401 return _("user list : lists all the botusers")
403 return _("user destroy <botuser> : destroys <botuser>. This function %{highlight}must%{highlight} be called in two steps. On the first call <botuser> is queued for destruction. On the second call, which must be in the form 'user confirm destroy <botuser>', the botuser will be destroyed. If you want to cancel the destruction, issue the command 'user cancel destroy <botuser>'") % {:highlight => Bold}
405 return _("user topics: show, enable|disable, add|rm netmask, set, reset, tell, create, list, destroy")
408 return _("auth <masterpassword>: log in as the bot owner; other commands: login, whoami, permissions syntax, permissions [re]set, permissions view, user, meet, hello, allow, prevent")
410 return _("meet <nick> [as <user>]: creates a bot user for nick, calling it user (defaults to the nick itself)")
412 return _("hello: creates a bot user for the person issuing the command")
415 _("allow <user> to do <sample command> [<where>]: gives botuser <user> the permissions to execute a command such as the provided sample command"),
416 _("(in private or in channel, according to the optional <where>)."),
417 _("<sample command> should be a full command, not just the command keyword --"),
418 _("correct: allow user to do addquote stuff --"),
419 _("wrong: allow user to do addquote.")
423 _("deny <user> from doing <sample command> [<where>]: removes from botuser <user> the permissions to execute a command such as the provided sample command"),
424 _("(in private or in channel, according to the optional <where>)."),
425 _("<sample command> should be a full command, not just the command keyword --"),
426 _("correct: deny user from doing addquote stuff --"),
427 _("wrong: deny user from doing addquote.")
430 return _("auth commands: auth, login, whoami, who, permission[s], user, meet, hello, allow, deny")
435 _("sorry, I need more arguments to %{command}") % {:command => cmd}
438 def not_args(cmd, *stuff)
439 _("I can only %{command} these: %{arguments}") %
440 {:command => cmd, :arguments => stuff.join(', ')}
443 def set_prop(botuser, prop, val)
444 k = prop.to_s.gsub("-","_")
445 botuser.send( (k + "=").to_sym, val)
446 if prop == :password and botuser == @bot.auth.botowner
447 @bot.config.items[:'auth.password'].set_string(@bot.auth.botowner.password)
451 def reset_prop(botuser, prop)
452 k = prop.to_s.gsub("-","_")
453 botuser.send( ("reset_"+k).to_sym)
456 def ask_bool_prop(botuser, prop)
457 k = prop.to_s.gsub("-","_")
458 botuser.send( (k + "?").to_sym)
461 def auth_manage_user(m, params)
462 splits = params[:data]
465 return auth_whoami(m, params) if cmd.nil?
467 botuser = get_botuser_for(m.source)
468 # By default, we do stuff on the botuser the irc user is bound to
471 has_for = splits[-2] == "for"
473 butarget = @bot.auth.get_botuser(splits[-1]) rescue nil
474 return m.reply(_("no such bot user %{user}") % {:user => splits[-1]}) unless butarget
477 return m.reply(_("you can't mess with %{user}") % {:user => butarget.username}) if butarget.owner? && botuser != butarget
479 bools = [:autologin, :"login-by-mask"]
480 can_set = [:password]
481 can_addrm = [:netmasks]
482 can_reset = bools + can_set + can_addrm
483 can_show = can_reset + ["perms"]
489 return m.reply(_("you can't see the properties of %{user}") %
490 {:user => butarget.username}) if botuser != butarget &&
491 !botuser.permit?("auth::show::other")
497 if botuser != butarget
498 return m.reply(_("no way I'm telling you the master password!")) if butarget == @bot.auth.botowner
499 return m.reply(_("you can't ask for someone else's password"))
501 return m.reply(_("c'mon, you can't be asking me seriously to tell you the password in public!")) if m.public?
502 return m.reply(_("the password for %{user} is %{password}") %
503 { :user => butarget.username, :password => butarget.password })
505 props = splits[1..-1]
512 next if k == :password
515 if ask_bool_prop(butarget, k)
516 str << _("can %{action}") % {:action => k}
518 str << _("can not %{action}") % {:action => k}
521 if butarget.netmasks.empty?
522 str << _("knows no netmasks")
524 str << _("knows %{netmasks}") % {:netmasks => butarget.netmasks.join(", ")}
528 return m.reply("#{butarget.username} #{str.join('; ')}")
530 when :enable, :disable
531 return m.reply(_("you can't change the default user")) if butarget.default? && !botuser.permit?("auth::edit::other::default")
532 return m.reply(_("you can't edit %{user}") % {:user => butarget.username}) if butarget != botuser && !botuser.permit?("auth::edit::other")
534 return m.reply(need_args(cmd)) unless splits[1]
537 splits[1..-1].each { |a|
539 if bools.include?(arg)
540 set_prop(butarget, arg, cmd.to_sym == :enable)
547 m.reply(_("I ignored %{things} because %{reason}") % {
548 :things => skipped.join(', '),
549 :reason => not_args(cmd, *bools)}) unless skipped.empty?
551 m.reply _("I haven't changed anything")
553 @bot.auth.set_changed
554 return auth_manage_user(m, {:data => ["show"] + things + ["for", butarget.username] })
558 return m.reply(_("you can't change the default user")) if
559 butarget.default? && !botuser.permit?("auth::edit::default")
560 return m.reply(_("you can't edit %{user}") % {:user=>butarget.username}) if
561 butarget != botuser && !botuser.permit?("auth::edit::other")
563 return m.reply(need_args(cmd)) unless splits[1]
564 arg = splits[1].to_sym
565 return m.reply(not_args(cmd, *can_set)) unless can_set.include?(arg)
567 return m.reply(need_args([cmd, splits[1]].join(" "))) unless argarg
568 if arg == :password && m.public?
569 return m.reply(_("is that a joke? setting the password in public?"))
571 set_prop(butarget, arg, argarg)
572 @bot.auth.set_changed
573 auth_manage_user(m, {:data => ["show", arg.to_s, "for", butarget.username] })
576 return m.reply(_("you can't change the default user")) if
577 butarget.default? && !botuser.permit?("auth::edit::default")
578 return m.reply(_("you can't edit %{user}") % {:user=>butarget.username}) if
579 butarget != botuser && !botuser.permit?("auth::edit::other")
581 return m.reply(need_args(cmd)) unless splits[1]
584 splits[1..-1].each { |a|
586 if can_reset.include?(arg)
587 reset_prop(butarget, arg)
594 m.reply(_("I ignored %{things} because %{reason}") %
595 { :things => skipped.join(', '),
596 :reason => not_args(cmd, *can_reset)}) unless skipped.empty?
598 m.reply _("I haven't changed anything")
600 @bot.auth.set_changed
601 @bot.say(m.source, _("the password for %{user} is now %{password}") %
602 {:user => butarget.username, :password => butarget.password}) if
603 things.include?("password")
604 return auth_manage_user(m, {:data => (["show"] + things - ["password"]) + ["for", butarget.username]})
607 when :add, :rm, :remove, :del, :delete
608 return m.reply(_("you can't change the default user")) if
609 butarget.default? && !botuser.permit?("auth::edit::default")
610 return m.reply(_("you can't edit %{user}") % {:user => butarget.username}) if
611 butarget != botuser && !botuser.permit?("auth::edit::other")
614 if arg.nil? or arg !~ /netmasks?/ or splits[2].nil?
615 return m.reply(_("I can only add/remove netmasks. See +help user add+ for more instructions"))
618 method = cmd.to_sym == :add ? :add_netmask : :delete_netmask
622 splits[2..-1].each { |mask|
624 butarget.send(method, mask.to_irc_netmask(:server => @bot.server))
626 debug "failed with #{e.message}"
627 debug e.backtrace.join("\n")
631 m.reply "I failed to #{cmd} #{failed.join(', ')}" unless failed.empty?
632 @bot.auth.set_changed
633 return auth_manage_user(m, {:data => ["show", "netmasks", "for", butarget.username] })
636 m.reply _("sorry, I don't know how to %{request}") % {:request => m.message}
639 m.reply _("couldn't %{cmd}: %{exception}") % {:cmd => cmd, :exception => e}
643 def auth_meet(m, params)
646 # we are actually responding to a 'hello' command
647 unless m.botuser.transient?
648 m.reply @bot.lang.get('hello_X') % m.botuser
654 # m.channel is always an Irc::Channel because the command is either
655 # public-only 'meet' or private/public 'hello' which was handled by
656 # the !nick case, so this shouldn't fail
657 irc_user = m.channel.users[nick]
658 return m.reply("I don't see anyone named '#{nick}' here") unless irc_user
661 buname = params[:user] || nick
663 call_event(:botuser,:pre_perm, {:irc_user => irc_user, :bot_user => buname})
664 met = @bot.auth.make_permanent(irc_user, buname)
665 @bot.auth.set_changed
666 call_event(:botuser,:post_perm, {:irc_user => irc_user, :bot_user => buname})
667 m.reply @bot.lang.get('hello_X') % met
668 @bot.say nick, _("you are now registered as %{buname}. I created a random password for you : %{pass} and you can change it at any time by telling me 'user set password <password>' in private" % {
670 :pass => met.password
673 # or can this happen for other cases too?
674 # TODO autologin if forced
675 m.reply _("but I already know %{buname}" % {:buname => buname})
677 m.reply _("I had problems meeting %{nick}: %{e}" % { :nick => nick, :e => e })
681 def auth_tell_password(m, params)
684 botuser = @bot.auth.get_botuser(params[:botuser])
686 return m.reply(_("couldn't find botuser %{user}") % {:user => params[:botuser]})
688 return m.reply(_("I'm not telling the master password to anyone, pal")) if botuser == @bot.auth.botowner
689 msg = _("the password for botuser %{user} is %{password}") %
690 {:user => botuser.username, :password => botuser.password}
692 @bot.say m.source, _("I told %{user} that %{message}") % {:user => user, :message => msg}
695 def auth_create_user(m, params)
697 password = params[:password]
698 return m.reply(_("are you nuts, creating a botuser with a publicly known password?")) if m.public? and not password.nil?
700 bu = @bot.auth.create_botuser(name, password)
701 @bot.auth.set_changed
703 m.reply(_("failed to create %{user}: %{exception}") % {:user => name, :exception => e})
704 debug e.inspect + "\n" + e.backtrace.join("\n")
707 m.reply(_("created botuser %{user}") % {:user => bu.username})
710 def auth_list_users(m, params)
711 # TODO name regexp to filter results
712 list = @bot.auth.save_array.inject([]) { |list, x| ['everyone', 'owner'].include?(x[:username]) ? list : list << x[:username] }
713 if defined?(@destroy_q)
715 @destroy_q.include?(x) ? x + _(" (queued for destruction)") : x
718 return m.reply(_("I have no botusers other than the default ones")) if list.empty?
719 return m.reply(n_("botuser: %{list}", "botusers: %{list}", list.length) %
720 {:list => list.join(', ')})
723 def auth_destroy_user(m, params)
724 @destroy_q = [] unless defined?(@destroy_q)
725 buname = params[:name]
726 return m.reply(_("You can't destroy %{user}") % {:user => buname}) if
727 ["everyone", "owner"].include?(buname)
728 mod = params[:modifier].to_sym rescue nil
730 buser_array = @bot.auth.save_array
731 buser_hash = buser_array.inject({}) { |h, u|
736 return m.reply(_("no such botuser %{user}") % {:user=>buname}) unless
737 buser_hash.keys.include?(buname)
741 if @destroy_q.include?(buname)
742 @destroy_q.delete(buname)
743 m.reply(_("%{user} removed from the destruction queue") % {:user=>buname})
745 m.reply(_("%{user} was not queued for destruction") % {:user=>buname})
749 if @destroy_q.include?(buname)
750 return m.reply(_("%{user} already queued for destruction, use %{highlight}user confirm destroy %{user}%{highlight} to destroy it") % {:user=>buname, :highlight=>Bold})
753 return m.reply(_("%{user} queued for destruction, use %{highlight}user confirm destroy %{user}%{highlight} to destroy it") % {:user=>buname, :highlight=>Bold})
757 return m.reply(_("%{user} is not queued for destruction yet") %
758 {:user=>buname}) unless @destroy_q.include?(buname)
759 buser_array.delete_if { |u|
760 u[:username] == buname
762 @destroy_q.delete(buname)
763 @bot.auth.load_array(buser_array, true)
764 @bot.auth.set_changed
766 return m.reply(_("failed: %{exception}") % {:exception => e})
768 return m.reply(_("botuser %{user} destroyed") % {:user => buname})
772 def auth_copy_ren_user(m, params)
773 source = Auth::BotUser.sanitize_username(params[:source])
774 dest = Auth::BotUser.sanitize_username(params[:dest])
775 return m.reply(_("please don't touch the default users")) unless
776 (["everyone", "owner"] & [source, dest]).empty?
778 buser_array = @bot.auth.save_array
779 buser_hash = buser_array.inject({}) { |h, u|
784 return m.reply(_("no such botuser %{source}") % {:source=>source}) unless
785 buser_hash.keys.include?(source)
786 return m.reply(_("botuser %{dest} exists already") % {:dest=>dest}) if
787 buser_hash.keys.include?(dest)
789 copying = m.message.split[1] == "copy"
793 buser_hash[source].each { |k, val|
797 h = buser_hash[source]
800 buser_array << h if copying
802 @bot.auth.load_array(buser_array, true)
803 @bot.auth.set_changed
804 call_event(:botuser, copying ? :copy : :rename, :source => source, :dest => dest)
806 return m.reply(_("failed: %{exception}") % {:exception=>e})
809 m.reply(_("botuser %{source} copied to %{dest}") %
810 {:source=>source, :dest=>dest})
812 m.reply(_("botuser %{source} renamed to %{dest}") %
813 {:source=>source, :dest=>dest})
818 def auth_export(m, params)
820 exportfile = "#{@bot.botclass}/new-auth.users"
822 what = params[:things]
824 has_to = what[-2] == "to"
826 exportfile = "#{@bot.botclass}/#{what[-1]}"
832 m.reply _("selecting data to export ...")
834 buser_array = @bot.auth.save_array
835 buser_hash = buser_array.inject({}) { |h, u|
843 we_want = buser_hash.delete_if { |key, val|
844 not what.include?(key)
848 m.reply _("preparing data for export ...")
851 we_want.each { |k, val|
858 yaml_hash[k][kk] = []
860 yaml_hash[k][kk] << {
861 :fullform => nm.fullform,
862 :casemap => nm.casemap.to_s
871 m.reply _("failed to prepare data: %{exception}") % {:exception=>e}
872 debug e.backtrace.dup.unshift(e.inspect).join("\n")
876 m.reply _("exporting to %{file} ...") % {:file=>exportfile}
878 # m.reply yaml_hash.inspect
879 File.open(exportfile, "w") do |file|
880 file.puts YAML::dump(yaml_hash)
883 m.reply _("failed to export users: %{exception}") % {:exception=>e}
884 debug e.backtrace.dup.unshift(e.inspect).join("\n")
890 def auth_import(m, params)
892 importfile = "#{@bot.botclass}/new-auth.users"
894 what = params[:things]
896 has_from = what[-2] == "from"
898 importfile = "#{@bot.botclass}/#{what[-1]}"
904 m.reply _("reading %{file} ...") % {:file=>importfile}
906 yaml_hash = YAML::load_file(importfile)
908 m.reply _("failed to import from: %{exception}") % {:exception=>e}
909 debug e.backtrace.dup.unshift(e.inspect).join("\n")
913 # m.reply yaml_hash.inspect
915 m.reply _("selecting data to import ...")
920 we_want = yaml_hash.delete_if { |key, val|
921 not what.include?(key)
925 m.reply _("parsing data from import ...")
930 yaml_hash.each { |k, val|
931 buser_hash[k] = { :username => k }
935 buser_hash[k][kk] = []
937 buser_hash[k][kk] << nm[:fullform].to_irc_netmask(:casemap => nm[:casemap].to_irc_casemap).to_irc_netmask(:server => @bot.server)
940 buser_hash[k][kk] = v
945 m.reply _("failed to parse data: %{exception}") % {:exception=>e}
946 debug e.backtrace.dup.unshift(e.inspect).join("\n")
950 # m.reply buser_hash.inspect
952 org_buser_array = @bot.auth.save_array
953 org_buser_hash = org_buser_array.inject({}) { |h, u|
958 # TODO we may want to do a(n optional) key-by-key merge
960 org_buser_hash.merge!(buser_hash)
961 new_buser_array = org_buser_hash.values
962 @bot.auth.load_array(new_buser_array, true)
963 @bot.auth.set_changed
970 auth = AuthModule.new
972 auth.map "user export *things",
973 :action => 'auth_export',
974 :defaults => { :things => ['all'] },
975 :auth_path => ':manage:fedex:'
977 auth.map "user import *things",
978 :action => 'auth_import',
979 :auth_path => ':manage:fedex:'
981 auth.map "user create :name :password",
982 :action => 'auth_create_user',
983 :defaults => {:password => nil},
984 :auth_path => ':manage:'
986 auth.map "user [:modifier] destroy :name",
987 :action => 'auth_destroy_user',
988 :requirements => { :modifier => /^(cancel|confirm)?$/ },
989 :defaults => { :modifier => '' },
990 :auth_path => ':manage::destroy!'
992 auth.map "user copy :source [to] :dest",
993 :action => 'auth_copy_ren_user',
994 :auth_path => ':manage:'
996 auth.map "user rename :source [to] :dest",
997 :action => 'auth_copy_ren_user',
998 :auth_path => ':manage:'
1000 auth.map "meet :nick [as :user]",
1001 :action => 'auth_meet',
1002 :auth_path => 'user::manage', :private => false
1005 :action => 'auth_meet',
1006 :auth_path => 'user::manage::meet'
1008 auth.default_auth("user::manage", false)
1009 auth.default_auth("user::manage::meet::hello", true)
1011 auth.map "user tell :user the password for :botuser",
1012 :action => 'auth_tell_password',
1013 :auth_path => ':manage:'
1015 auth.map "user list",
1016 :action => 'auth_list_users',
1019 auth.map "user *data",
1020 :action => 'auth_manage_user'
1022 auth.map "allow :user to do *stuff [*where]",
1023 :action => 'auth_allow',
1024 :requirements => {:where => /^(?:anywhere|everywhere|[io]n \S+)$/},
1025 :auth_path => ':edit::other:'
1027 auth.map "deny :user from doing *stuff [*where]",
1028 :action => 'auth_deny',
1029 :requirements => {:where => /^(?:anywhere|everywhere|[io]n \S+)$/},
1030 :auth_path => ':edit::other:'
1032 auth.default_auth("user", true)
1033 auth.default_auth("edit::other", false)
1036 :action => 'auth_whoami',
1039 auth.map "who is :user",
1040 :action => 'auth_whois',
1043 auth.map "auth :password",
1044 :action => 'auth_auth',
1046 :auth_path => '!login!'
1048 auth.map "login :botuser :password",
1049 :action => 'auth_login',
1051 :defaults => { :password => nil },
1052 :auth_path => '!login!'
1054 auth.map "login :botuser",
1055 :action => 'auth_login',
1056 :auth_path => '!login!'
1059 :action => 'auth_autologin',
1060 :auth_path => '!login!'
1062 auth.map "permissions set *args",
1063 :action => 'auth_edit_perm',
1064 :auth_path => ':edit::set:'
1066 auth.map "permissions reset *args",
1067 :action => 'auth_edit_perm',
1068 :auth_path => ':edit::set:'
1070 auth.map "permissions view [for :user]",
1071 :action => 'auth_view_perm',
1074 auth.map "permissions search *pattern",
1075 :action => 'auth_search_perm',
1078 auth.default_auth('*', false)