correct handling of permissions when user is global admin
* there are two king of administrators: those that have many of the privilegies and the user that are pointed in config file, auth_rx never initialized this from zero cos always assumed a starting point as migration, so never need or really detect who are the admin of the server, cos after migration the admin already has previous privilegies from plain db file. * override all the possible handlers with right detection of the admin user from the config file, on admin detected, no matter what .. give it all the (on fly) privilegies currently on server * still a privilegied user at this commit can erase the admin or change the password if have also enought privilegies * WARNING: this commit will depends of the previusly commit as of 2aef6adf19713c2ca9216ced614b5960e7c1457c for right admin name detection.
This commit is contained in:
parent
bf20c9f4bd
commit
15143fd58f
46
init.lua
46
init.lua
@ -128,15 +128,15 @@ end )
|
|||||||
minetest.register_authentication_handler( {
|
minetest.register_authentication_handler( {
|
||||||
-- translate old auth hooks to new database backend
|
-- translate old auth hooks to new database backend
|
||||||
get_auth = function( username )
|
get_auth = function( username )
|
||||||
|
minetest.log( "verbose" , "[auth_rx] get_auth handler access to some resource for " .. username )
|
||||||
local rec = auth_db.select_record( username )
|
local rec = auth_db.select_record( username )
|
||||||
if rec then
|
if rec then
|
||||||
local assigned_privs = rec.assigned_privs
|
local assigned_privs = rec.assigned_privs
|
||||||
|
|
||||||
if get_minetest_config( "name" ) == username then
|
if get_minetest_config( "name" ) == username then
|
||||||
-- grant server operator all privileges
|
-- grant server operator all privileges
|
||||||
-- (TODO: implement as function that honors give_to_admin flag)
|
|
||||||
assigned_privs = { }
|
assigned_privs = { }
|
||||||
for priv in pairs( core.registered_privileges ) do
|
for priv in pairs( minetest.registered_privileges ) do
|
||||||
table.insert( assigned_privs, priv )
|
table.insert( assigned_privs, priv )
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
@ -145,28 +145,52 @@ minetest.register_authentication_handler( {
|
|||||||
end
|
end
|
||||||
end,
|
end,
|
||||||
create_auth = function( username, password )
|
create_auth = function( username, password )
|
||||||
if auth_db.create_record( username, password ) then
|
minetest.log( "verbose" , "[auth_rx] create_auth handler new user over server for " .. username )
|
||||||
auth_db.set_assigned_privs( username, get_default_privs( ) )
|
local rec = auth_db.create_record( username, password )
|
||||||
minetest.log( "info", "Created player '" .. username .. "' in authentication database" )
|
if rec then
|
||||||
|
local assigned_privs = get_default_privs( )
|
||||||
|
|
||||||
|
if get_minetest_config( "name" ) == username then
|
||||||
|
-- grant server operator all privileges
|
||||||
|
assigned_privs = { }
|
||||||
|
for priv in pairs( minetest.registered_privileges ) do
|
||||||
|
table.insert( assigned_privs, priv )
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
auth_db.set_assigned_privs( username, assigned_privs )
|
||||||
end
|
end
|
||||||
end,
|
end,
|
||||||
delete_auth = function( username )
|
delete_auth = function( username )
|
||||||
if auth_db.delete_record( username ) then
|
minetest.log( "verbose" , "[auth_rx] delete_auth handler for " .. username )
|
||||||
minetest.log( "info", "Deleted player '" .. username .. "' in authenatication database" )
|
-- server operator's privileges are immutable
|
||||||
|
if get_minetest_config( "name" ) ~= username then
|
||||||
|
local rec = auth_db.delete_record( username )
|
||||||
|
if rec then
|
||||||
|
minetest.log( "info", "Deleted player '" .. username .. "' in authenatication database" )
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end,
|
end,
|
||||||
set_password = function ( username, password )
|
set_password = function ( username, password )
|
||||||
if auth_db.set_password( username, password ) then
|
minetest.log( "verbose" , "[auth_rx] set_password handler for " .. username )
|
||||||
|
local rec = auth_db.set_password( username, password )
|
||||||
|
if rec then
|
||||||
minetest.log( "info", "Reset password of player '" .. username .. "' in authentication database" )
|
minetest.log( "info", "Reset password of player '" .. username .. "' in authentication database" )
|
||||||
end
|
end
|
||||||
end,
|
end,
|
||||||
set_privileges = function ( username, privileges )
|
set_privileges = function ( username, privileges )
|
||||||
|
minetest.log( "verbose" , "[auth_rx] set_privileges handler grants for " .. username )
|
||||||
|
local assigned_privs = pack_privileges( privileges )
|
||||||
-- server operator's privileges are immutable
|
-- server operator's privileges are immutable
|
||||||
if get_minetest_config( "name" ) == username then return end
|
if get_minetest_config( "name" ) == username then
|
||||||
|
assigned_privs = { }
|
||||||
|
for priv in pairs( minetest.registered_privileges ) do
|
||||||
|
table.insert( assigned_privs, priv )
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
if auth_db.set_assigned_privs( username, pack_privileges( privileges ) ) then
|
if auth_db.set_assigned_privs( username, assigned_privs ) then
|
||||||
minetest.notify_authentication_modified( username )
|
minetest.notify_authentication_modified( username )
|
||||||
minetest.log( "info", "Reset privileges of player '" .. username .. "' in authentication database" )
|
|
||||||
end
|
end
|
||||||
end,
|
end,
|
||||||
record_login = function ( ) end,
|
record_login = function ( ) end,
|
||||||
|
Loading…
x
Reference in New Issue
Block a user