X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=data%2Frbot%2Fplugins%2Freaction.rb;h=879b89fa4735b5286d18afb3f3b17b55d9f9b5d4;hb=052217de30c59206d7025b582d4604557a747470;hp=c32bb62d0abcb56d9a152dea45b405ad789dcfce;hpb=5ec367410500a2d8a68382a06d4ffec13ed7dad9;p=user%2Fhenk%2Fcode%2Fruby%2Frbot.git

diff --git a/data/rbot/plugins/reaction.rb b/data/rbot/plugins/reaction.rb
index c32bb62d..879b89fa 100644
--- a/data/rbot/plugins/reaction.rb
+++ b/data/rbot/plugins/reaction.rb
@@ -217,16 +217,16 @@ class ReactionPlugin < Plugin
       "If prefixed by 'act:' (e.g. act:/(order|command)s/) the bot will only respond if a CTCP ACTION matches the trigger"
     when :reply, :replies
       "reaction replies are simply messages that the bot will reply when a trigger is matched. " +
-      "Replies can be prefixed by 'act:' (e.g. act:goes shopping) to signify that the bot should act instead of saying the message. " +
-      "Replies can be prefixed by 'cmd:' or 'command:' (e.g. cmd:lart %{who}) to issue a command to the bot. " +
-      "Replies can use the %{key} syntax to access one of the following keys: " +
-      "who (the user that said the trigger), bot (the bot's own nick), " +
-      "target (the first word following the trigger), what (whatever follows target), " +
+      "Replies prefixed by 'act:' (e.g. act:goes shopping) signify that the bot should act instead of saying the message. " +
+      "Replies prefixed by 'cmd:' or 'command:' (e.g. cmd:lart %{who}) issue a command to the bot. " +
+      "Replies can use the %{key} syntax to access the following keys: " +
+      "who (user that said the trigger), bot (bot's own nick), " +
+      "target (first word following the trigger), what (whatever follows target), " +
       "before (everything that precedes the trigger), after, (everything that follows the trigger), " +
-      "match (the actual matched text), match1, match2, ... (the i-th capture). " +
-      "Replies can be prefixed by 'ruby:' (e.g. ruby:m.reply 'Hello ' + subs[:who]) to have short ruby code in there, " +
-      "in which case %{key} substitution does not take place, but the subs hash can be used by the code. " +
-      "Be warned that creating ruby replies can open unexpected security holes."
+      "match (matched text), match1, match2, ... (the i-th capture). " +
+      "Replies prefixed by 'ruby:' (e.g. ruby:m.reply 'Hello ' + subs[:who]) are interpreted as ruby code. " +
+      "No %{key} substitution is done in this case, use the subs hash in the code instead. " +
+      "Be warned that creating ruby replies can open unexpected security holes in the bot."
     when :list
       "reaction list [n]: lists the n-the page of programmed reactions (30 reactions are listed per page)"
     when :show
@@ -238,7 +238,7 @@ class ReactionPlugin < Plugin
 
   def unreplied(m)
     return unless PrivMessage === m
-    debug "testing #{m} for reactions"
+    debug "testing #{m.inspect} for reactions"
     return if @reactions.empty?
     candidates = @reactions.map { |react|
       blob = react === m
@@ -301,6 +301,14 @@ class ReactionPlugin < Plugin
     }
   end
 
+  def can_add?(m, reaction)
+    return true if reaction.act == :reply
+    return true if reaction.act == :act
+    return true if reaction.act == :ruby and @bot.auth.permit?(m.source, "reaction::react::ruby", m.channel)
+    return true if reaction.act == :cmd and @bot.auth.permit?(m.source, "reaction::react::cmd", m.channel)
+    return false
+  end
+
   def handle_add(m, params)
     trigger = params[:trigger].to_s
     reply = params[:reply].to_s
@@ -324,19 +332,23 @@ class ReactionPlugin < Plugin
     found = reaction.find_reply(reply)
     if found
       # ruby replies need special permission
-      if found.act != :ruby or @bot.auth.permit?(m.source, "reaction::react::ruby", m.channel)
+      if can_add?(m, found)
         found.pct = pct
         found.author = m.sourcenick
         found.date = Time.now
         found.channel = m.channel
       else
-        m.reply _("Sorry, you're not allowed to change ruby replies here")
+        m.reply _("Sorry, you're not allowed to change %{act} replies here") % {
+          :act => found.act
+        }
         return
       end
     else
       found = reaction.add_reply(reply, pct, m.sourcenick, Time.now, m.channel)
-      if found.act == :ruby and not @bot.auth.permit?(m.source, "reaction::react::ruby", m.channel)
-        m.reply _("Sorry, you're not allowed to add ruby replies here")
+      unless can_add?(m, found)
+        m.reply _("Sorry, you're not allowed to add %{act} replies here") % {
+          :act => found.act
+        }
         reaction.rm_reply(reaction.replies.length)
         if new_reaction
           @reactions.delete(reaction)
@@ -438,6 +450,8 @@ plugin.map plugin.add_syntax, :action => 'handle_add',
 
 # ruby reactions are security holes, so give stricter permission
 plugin.default_auth('react::ruby', false)
+# cmd reactions can be security holes too
+plugin.default_auth('react::cmd', false)
 
 plugin.map 'reaction list [:page]', :action => 'handle_list',
   :requirements => { :page => /^\d+$/ }