Introduce BotConfigValue permissions, to protect particularly sensitive config option...

diff --git a/ChangeLog b/ChangeLog
index f76d53fcd3d94782527e64a84f532f5c549272f9..5a334901f0b80ac88568900f9c9bb9af62dcf33b 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,9 @@
 
        * Script plugin: new (UNSAFE!) echo functions. Just like eval, but
        m.replies the result of the evaluation.
+       * New Auth Framework: config keys now have their own permissions. So
+       you can allow people to view or edit only some of the config values.
+       auth.password defaults to false. Still needs some work.
 
 2006-08-26  Giuseppe Bilotta <giuseppe.bilotta@gmail.com>
 

diff --git a/lib/rbot/config.rb b/lib/rbot/config.rb
index e8cea284ab136d80cb06b763fa884a3ad00b56e4..ef079429ed0f459d305773d4298c0cf60fcf3530 100644 (file)
--- a/lib/rbot/config.rb
+++ b/lib/rbot/config.rb
@@ -25,6 +25,7 @@ module Irc
     attr_reader :requires_rescan
     attr_reader :order
     attr_reader :manager
+    attr_reader :auth_path
     def initialize(key, params)
       @manager = BotConfig::configmanager
       # Keys must be in the form 'module.name'.
@@ -48,6 +49,7 @@ module Irc
       @wizard = params[:wizard]
       @requires_restart = params[:requires_restart]
       @requires_rescan = params[:requires_rescan]
+      @auth_path = "config::key::#{key.sub('.','::')}"
     end
     def default
       if @default.instance_of?(Proc)

diff --git a/lib/rbot/core/config.rb b/lib/rbot/core/config.rb
index dfbaaab66d05fb5da16c4ba3ac2d202aff60f59c..1fe2da22d041aef016cc1d3a719af87cb98cd3c2 100644 (file)
--- a/lib/rbot/core/config.rb
+++ b/lib/rbot/core/config.rb
@@ -36,6 +36,7 @@ class ConfigModule < CoreBotModule
       m.reply "no such config key #{key}"\r
       return\r
     end\r
+    return if !@bot.auth.allow?(@bot.config.items[key].auth_path, m.source, m.replyto)\r
     value = @bot.config.items[key].to_s\r
     m.reply "#{key}: #{value}"\r
   end\r
@@ -54,6 +55,7 @@ class ConfigModule < CoreBotModule
     unless @bot.config.items.has_key?(key)\r
       m.reply "no such config key #{key}"\r
     end\r
+    return if !@bot.auth.allow?(@bot.config.items[key].auth_path, m.source, m.replyto)\r
     @bot.config.items[key].unset\r
     handle_get(m, params)\r
     m.reply "this config change will take effect on the next restart" if @bot.config.items[key].requires_restart\r
@@ -67,6 +69,7 @@ class ConfigModule < CoreBotModule
       m.reply "no such config key #{key}"\r
       return\r
     end\r
+    return if !@bot.auth.allow?(@bot.config.items[key].auth_path, m.source, m.replyto)\r
     begin\r
       @bot.config.items[key].set_string(value)\r
     rescue ArgumentError => e\r
@@ -93,6 +96,7 @@ class ConfigModule < CoreBotModule
       m.reply "config key #{key} is not an array"\r
       return\r
     end\r
+    return if !@bot.auth.allow?(@bot.config.items[key].auth_path, m.source, m.replyto)\r
     begin\r
       @bot.config.items[key].add(value)\r
     rescue ArgumentError => e\r
@@ -115,6 +119,7 @@ class ConfigModule < CoreBotModule
       m.reply "config key #{key} is not an array"\r
       return\r
     end\r
+    return if !@bot.auth.allow?(@bot.config.items[key].auth_path, m.source, m.replyto)\r
     begin\r
       @bot.config.items[key].rm(value)\r
     rescue ArgumentError => e\r
@@ -253,4 +258,8 @@ conf.map 'config help :topic',
 \r
 conf.default_auth('*', false)\r
 conf.default_auth('show::status', true)\r
+# TODO these shouldn't be set here, we need a way to let the default\r
+# permission be specified together with the BotConfigValue\r
+conf.default_auth('key', true)\r
+conf.default_auth('key::auth::password', false)\r
 \r