Sign in to follow this  
Gaeron

Generic Permissions System Redux

Recommended Posts

Rather than resurrect an old thread from several years ago, I feel that this one has enough merits for a fresh airing.

 

One of those difficult things on Chaos is to manage permissions on each individual mine door, building, boat or anything else that Rolf adds. Some things can be done remotely, some have to be done locally. Especially with mine doors where unless you keep an exhaustive list of locations and the current settings then changing them all when someone needs adding or removing is prohibitive. Even then its painful to go round and visit them all when something changes. Personally I'd like to spend my time playing the game rather than have to focus on access management.

The idea of this is similar to firewalls, a simple rule set is attached to whatever needs it and someone who attempts access is tested against the rule. At the first match the action of the matching rule is taken. If there is no rule match then access is denied.

For a town writ there would be one list per role specifying who is in the role.

The dialogue to manage a rule list needs the following
- add a new rule (prepends or appends)
- delete a rule
- move a rule up or down within the list
- test a target against the rule list (response is allow, deny or manage)

The format of the rules is simple

           action target

where action can be deny, allow or manage (manage implies allow) and target is of the format player_name@location (not dissimilar to email addy)

- if player_name is blank then it means any player

- if location is blank then it means any location

- players names are a single word which is nicely convenient but locations can be multi-word so everything after the @ is considered location, spaces included

- The object owner is a hidden rule which always prepends the list

  manage player_name@kingdom

The kingdom part of the target is fixed as the kingdom the owner was in when they created the object. This means that if they change kingdom they can no longer manage the entity. For boats which are a personal item the prepends rule would be.

  manage player_name@

 

I do envisage a few special keywords such as base kingdoms if appropriate, for example on Chaos to exclude all new freedom players from accessing a building you could do deny @FREEDOM

That is all the definitions.

The other thing to consider is sequence, it is important and some examples are in order.

1. a mine door owned by JK in a war situation

  • deny @MR
  • deny @HOTS
  • allow @JK

this will explicitly block any MR or HotS player from using but allow any JK player but it could just as easily be written as

  • allow @JK

as the fall through action is always deny.


2. as (1) but this time a suspected alt belonging to another kingdom called imnotaspyreally is blocked too

  • allow @JK
  • deny imnotaspyreally@

now this would fail because the allow rule is hit first and it should be

  • deny imnotaspyreally@
  • allow @JK

which will now block the offending individual. Note that when specifying individuals you only normally need to do player_name@ as names are unique. Also when changing rules always use the test feature.


3. The Hells Kitchen town has made a cave in which are three utmost veins and they want to keep for themselves, but also keep out three noobs in case they unwittingly mine the veins at low skill.

  • deny noob1@
  • deny noob2@
  • deny noob3@
  • allow @hells kitchen


4. MR are at war with a dummy MR town griefersville but they have a spy in there called lolwutme and want him to have access to a gatehouse

  • allow lolwutme@
  • deny @griefersville
  • allow @MR

5. A player account transporter is used at war deeds and often changes towns for a number of reasons (including right now access issues). We want to allow him into a gatehouse while he is a member of one of two towns, but not at a third.

  • allow transporter@town1
  • allow transporter@town2
  • allow @wardeed

6. I've created a mine door in a war situation and want to allow Nadroj and  Horton to help manage it

  • manage nadroj@
  • manage horton@
  • allow @MR

Summary

The use of lists can reduce the management effort on a LOT of writs while mine doors and boats will automatically compensate for player moves between towns and kingdoms. The lists will generally be a lot shorter than than the current tick lists, in fact in a worst case scenario it would only be the same length as the current lists are. They should also be of arbitrary length to avoid the mine door issue we currently have.

In terms of converting any existing permissions, any invidual one would become allow player_name@ which could then be pruned down. Where there is a "all in my village" as with boats that would become @my_village. To cope with the optoin of allow friends this would insert the appropriate of name@ into the permissions but it would have to be handled manually there after. If its only friends you are allowing you could easily empty and reinsert that particular permissions list.

Comments?

 

Share this post


Link to post
Share on other sites

Kind of complicated, innit?


I think mine doors already have open to kingdom, deed and individual players.


Maybe the only thing that is needed is a priority pick (like if you want player names to override kingdom and deed, or deed to override the others, etc). That way you could allow a spy that belongs to a different kingdom to the cave by having name override kingdom, or prevent turncoats from entering by having kingdom override individual players.


 


Of course it would still lack the blacklist option.


So yeah its complicated. Maybe keep current settings and add yours under an "advanced" tab more for PvP sake.


 


Anyhow, i actually came here for improvements on Deed permissions, like separating the Tame from Pick stuff from the ground, and maybe moving that to the Roles instead of applying for anyone. (which is probably the most stupid thing on the whole game, if i want to allow an ally to tame an animal on my deed, i need to allow people to pick stuff from the ground inside the deed, which means i have to be there, allow the guy to tame, and then switch back when he's done)


Edited by ReaverKane

Share this post


Link to post
Share on other sites

While I see how nifty this is, this is too program-my.. common people goes @_@ with this.. I took time to understand it and only with the examples I can understand it and I'm sure it is something to do with I am IT-savy...


 


But agree that the permissions system need a fix, esp how minedoors work is dangerously... way too easy for spies to exploit.


Edited by rosedragon

Share this post


Link to post
Share on other sites

Easiest way imo is to have mine door-style access for most things, but remotely manageable for houses, and also have a negative section (i.e. refuse access to this specific person, etc).


Share this post


Link to post
Share on other sites

Cool idea. I like how you broke it down so the people who code it won't ###### it up as easily. We definitely could use more flexible permissions on boats and writs. Minedoors are pretty good as they are, but your suggestion would probably be more intuitive.


 


Think this idea could also be applied to guard towers in some way?


 


Like the creator of the guard tower could


-Enemy @spyalt1


-Enemy @spyalt2


-Friendly @HotS


 


IMO if you made a guard tower you should have a little more control over the guards, or even the Emperor could set roles on kingdom towers.


Share this post


Link to post
Share on other sites

Guard towers already attack KOS people if on deed. Apart from that, idk.

Yea but deeds are like 5% of the total map and towers just like minedoors are all over the map. If we're going to adjust permissions to help manage minedoors against same-kingdom noobs and spies, might be worth adding a similar function to kingdom towers. 

 

I think the discussion is about the loopholes in permissions that same-kingdom accounts regularly take advantage of. And guard towers are probably the most perverted example of that since it actually helps those noobs and spies through the area when they'd normally be dismissed by the wildlife.

 

More on the topic of minedoors--right now they're pretty loose. If you use a minedoor to access a deed, you need to set the minedoor permissions so everyone in village can pass. But this also gives them all rights to manage, which is very risky to allow. A spy could easily flip the door open on the creators. The permissions are not strict enough.

Edited by Versai

Share this post


Link to post
Share on other sites

Yea but deeds are like 5% of the total map and towers just like minedoors are all over the map. If we're going to adjust permissions to help manage minedoors against same-kingdom noobs and spies, might be worth adding a similar function to kingdom towers. 

 

I think the discussion is about the loopholes in permissions that same-kingdom accounts regularly take advantage of. And guard towers are probably the most perverted example of that since it actually helps those noobs and spies through the area when they'd normally be dismissed by the wildlife.

 

More on the topic of minedoors--right now they're pretty loose. If you use a minedoor to access a deed, you need to set the minedoor permissions so everyone in village can pass. But this also gives them all rights to manage, which is very risky to allow. A spy could easily flip the door open on the creators. The permissions are not strict enough.

Might be true, although that would make towers OP in PVE.

Share this post


Link to post
Share on other sites

Might be true, although that would make towers OP in PVE.

In what way? Keep in mind the tower suggestion is for PVP servers. Of course you couldn't set your tower to attack people on freedom servers... In no way does it affect PVE.

Edited by Versai

Share this post


Link to post
Share on other sites

honestly setting permissions on guard towers seems complicated, since towers got conquered... and giving it to king also won't help since template kingdoms often fight for the crown ;) .


Share this post


Link to post
Share on other sites

honestly setting permissions on guard towers seems complicated, since towers got conquered... and giving it to king also won't help since template kingdoms often fight for the crown ;) .

Yea I can't really imagine a golden solution. But the problem still exists. Would love to see the alt / spy / noob situation solved one way or another. There is WAY too many privileges that automatically come with joining a kingdom. Players need better control of their investments.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this