Source.Python/docs/general/config-auth.html at v743 · Source-Python-Dev-Team/Source.Python

History

368 lines (356 loc) · 22.1 KB

Raw

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

341

342

343

344

345

346

347

348

349

350

351

352

353

354

355

356

357

358

359

360

361

362

363

364

365

366

367

368

<!DOCTYPE html>

<head>

<title>Configuring authorization — Source.Python v742 documentation</title>

</head><body>

<h3>Navigation</h3>

<ul>

<a href="../genindex.html" title="General Index"

accesskey="I">index</a></li>

<a href="../py-modindex.html" title="Python Module Index"

>modules</a> |</li>

<a href="sp-commands.html" title="Console commands"

accesskey="N">next</a> |</li>

<a href="updating.html" title="Updating"

accesskey="P">previous</a> |</li>

<li class="nav-item nav-item-0"><a href="../index.html"> Source.Python v742 documentation</a> »</li>

<li class="nav-item nav-item-this"><a href="">Configuring authorization</a></li>

</ul>

</div>

<h1>Configuring authorization<a class="headerlink" href="#configuring-authorization" title="Link to this heading">¶</a></h1>

<h2>Introduction<a class="headerlink" href="#introduction" title="Link to this heading">¶</a></h2>

<p>Source.Python provides an authorization package that can be used by plugins to

check whether a player is granted a specific permission. There are two object

types that can have permissions:</p>

<li><p>Players</p></li>

<li><p>Parents</p></li>

</ul>

<p>Parents can be used to create a set of permissions (like groups or roles).

Both, players and parents, can inherit permissions from parents, allowing a

flexible and dynamic permission hierarchy.</p>

<p>Before granting permissions and creating parents, you need to choose an

authorization backend.</p>

</section>

<h2>Backends<a class="headerlink" href="#backends" title="Link to this heading">¶</a></h2>

<p>The backend defines how permissions are stored. Currently, you can choose

between two built-in backends:</p>

<li><p>Flatfile</p></li>

</ul>

<p>To define which backend should be used, please open <code class="docutils literal notranslate"><span class="pre">core_settings.ini</span></code> and

specify the backend you want to use in the <code class="docutils literal notranslate"><span class="pre">AUTH_SETTINGS</span></code> section. Backend

specific settings are provided in sub-sections within the <code class="docutils literal notranslate"><span class="pre">BACKENDS</span></code> section.</p>

<p>Example/default settings:</p>

<div class="highlight-ini notranslate"><div class="highlight"><pre><span></span><span class="k">[AUTH_SETTINGS]</span>

<span class="na">backend</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">flatfile</span>

<span class="na">server_id</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">-1</span>

<span class="k">[[BACKENDS]]</span>

<span class="k">[[[flatfile]]]</span>

<span class="na">player_config_path</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">../cfg/source-python/auth/players.json</span>

<span class="na">simple_config_path</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">../cfg/source-python/auth/simple.txt</span>

<span class="na">parent_config_path</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">../cfg/source-python/auth/parents.json</span>

<span class="na">uri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">sqlite:///../addons/source-python/data/source-python/permissions.db</span>

</pre></div>

</div>

<h3>Flatfile<a class="headerlink" href="#flatfile" title="Link to this heading">¶</a></h3>

<p>The flatfile backend is a very easy and simple backend. It’s the

pre-configured/default backend in Source.Python and a good choice in the

following situations:</p>

<li><p>You only run a single server</p></li>

<li><p>You run multiple servers, but don’t want cross-server permissions (each server has its own permissions)</p></li>

<li><p>You just want to quickly configure authorization</p></li>

</ul>

<p>The backend creates three files to store all the authorization related data:</p>

<li><p><code class="docutils literal notranslate"><span class="pre">players.json</span></code></p></li>

<li><p><code class="docutils literal notranslate"><span class="pre">parents.json</span></code></p></li>

<li><p><code class="docutils literal notranslate"><span class="pre">simple.txt</span></code></p></li>

</ol>

<p>By default these files are created in <code class="docutils literal notranslate"><span class="pre">../cfg/source-python/auth/</span></code>, but

you can easily configure other locations in the <code class="docutils literal notranslate"><span class="pre">AUTH_SETTINGS</span></code> section

in <code class="docutils literal notranslate"><span class="pre">core_settings.ini</span></code>.</p>

</div>

<p>The first file is used to grant players permissions and add parents to

players. All data is stored in the JSON format.</p>

<p>Example content for <code class="docutils literal notranslate"><span class="pre">players.json</span></code>:</p>

<span class="w"> </span><span class="s2">"permissions"</span><span class="o">:</span><span class="w"> </span><span class="p">[</span>

<span class="w"> </span><span class="s2">"admin.kick"</span><span class="p">,</span>

<span class="w"> </span><span class="s2">"admin.ban"</span>

<span class="w"> </span><span class="s2">"STEAM_0:323145"</span><span class="o">:</span><span class="w"> </span><span class="p">{</span>

<span class="w"> </span><span class="s2">"permissions"</span><span class="o">:</span><span class="w"> </span><span class="p">[</span>

<span class="w"> </span><span class="s2">"parents"</span><span class="o">:</span><span class="w"> </span><span class="p">[</span>

<span class="w"> </span><span class="s2">"administrator"</span>

</pre></div>

</div>

<p>The SteamID format can be either SteamID2 (STEAM_Y:X:Z), SteamID3 ([U:X])

or SteamID64 (a long number).</p>

</div>

<p>The second file is used to grant parents permissions and to add parents to

other parents. The format is pretty much the same like the format in

<code class="docutils literal notranslate"><span class="pre">players.json</span></code>. The only difference is that you don’t use SteamIDs, but

names for the parents.</p>

<p>Example content for <code class="docutils literal notranslate"><span class="pre">parents.json</span></code>:</p>

<span class="w"> </span><span class="s2">"administrator"</span><span class="o">:</span><span class="w"> </span><span class="p">{</span>

<span class="w"> </span><span class="s2">"permissions"</span><span class="o">:</span><span class="w"> </span><span class="p">[</span>

<span class="w"> </span><span class="s2">"admin.*"</span>

</pre></div>

</div>

<p>The above example creates a new group called <code class="docutils literal notranslate"><span class="pre">administrator</span></code> which is able

to execute every permission defined by the <code class="docutils literal notranslate"><span class="pre">admin</span></code> plugin. Every player

or parent that inherits from this parent is able to execute <code class="docutils literal notranslate"><span class="pre">admin.kick</span></code>

and <code class="docutils literal notranslate"><span class="pre">admin.ban</span></code>. In case the plugin author of <code class="docutils literal notranslate"><span class="pre">admin</span></code> adds in another

permission (e.g. <code class="docutils literal notranslate"><span class="pre">admin.burn</span></code>) all players and parents inheriting from

<code class="docutils literal notranslate"><span class="pre">administrator</span></code> will automatically have the permission to execute

<code class="docutils literal notranslate"><span class="pre">admin.burn</span></code>, because the asterisk symbol (*) matches all subnodes.</p>

<p>The third file is a simple text file that grants all players that have been

added to this file the permission to execute everything and all.</p>

<p>Example content for <code class="docutils literal notranslate"><span class="pre">simple.txt</span></code>:</p>

<div class="highlight-none notranslate"><div class="highlight"><pre><span></span>[U:1:6456723]

STEAM_0:323145

78944003194

</pre></div>

</div>

<p>The equivalent for this configuration by using <code class="docutils literal notranslate"><span class="pre">players.json</span></code> would look

like this:</p>

<span class="w"> </span><span class="s2">"permissions"</span><span class="o">:</span><span class="w"> </span><span class="p">[</span>

<span class="w"> </span><span class="s2">"STEAM_0:323145"</span><span class="o">:</span><span class="w"> </span><span class="p">{</span>

<span class="w"> </span><span class="s2">"permissions"</span><span class="o">:</span><span class="w"> </span><span class="p">[</span>

<span class="w"> </span><span class="s2">"permissions"</span><span class="o">:</span><span class="w"> </span><span class="p">[</span>

</pre></div>

</div>

<p>Another possibility would be to create a super admin parent and add the

parents to all SteamIDs.</p>

<p>Example content for <code class="docutils literal notranslate"><span class="pre">players.json</span></code>:</p>

<span class="w"> </span><span class="s2">"parents"</span><span class="o">:</span><span class="w"> </span><span class="p">[</span>

<span class="w"> </span><span class="s2">"super_admin"</span>

<span class="w"> </span><span class="s2">"STEAM_0:323145"</span><span class="o">:</span><span class="w"> </span><span class="p">{</span>

<span class="w"> </span><span class="s2">"parents"</span><span class="o">:</span><span class="w"> </span><span class="p">[</span>

<span class="w"> </span><span class="s2">"super_admin"</span>

<span class="w"> </span><span class="s2">"parents"</span><span class="o">:</span><span class="w"> </span><span class="p">[</span>

<span class="w"> </span><span class="s2">"super_admin"</span>

</pre></div>

</div>

<p>Example content for <code class="docutils literal notranslate"><span class="pre">parents.json</span></code>:</p>

<span class="w"> </span><span class="s2">"super_admin"</span><span class="o">:</span><span class="w"> </span><span class="p">{</span>

<span class="w"> </span><span class="s2">"permissions"</span><span class="o">:</span><span class="w"> </span><span class="p">[</span>

</pre></div>

</div>

</section>

<p>The SQL backend is a more advanced backend and is a good choice in the

following situations:</p>

<li><p>You run multiple server and want to share the permissions across all servers.</p></li>

<li><p>You want to use <a class="reference external" href="http://github.com/necavi/SP-Webmin">SP-Webmin</a> for advanced multi-server management.</p></li>

</ul>

<p>Currently, the auth API officially only supports SQLite and MySQL, but as it is

implemented using SQLAlchemy it should work on other database engines such as

Postgre.</p>

<h4>SQLite configuration<a class="headerlink" href="#sqlite-configuration" title="Link to this heading">¶</a></h4>

<p>Abstract example:</p>

<span class="na">uri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">sqlite://<path to database file></span>

</pre></div>

</div>

<p>Concrete example:</p>

<span class="na">uri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">sqlite://<addon path>\source-python\data\source-python\permissions.db</span>

</pre></div>

</div>

<p>While multiple servers can use the same SQLite database it is not recommended.</p>

</div>

</section>

<h4>MySQL configuration<a class="headerlink" href="#mysql-configuration" title="Link to this heading">¶</a></h4>

<p>Abstract example:</p>

<span class="na">uri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">mysql+pymysql://<username>:<password>@<host>/<database>``</span>

</pre></div>

</div>

<p>Concrete example:</p>

<span class="na">uri</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">mysql+pymysql://user:1234@127.0.0.1/permissions</span>

</pre></div>

</div>

<p>Any number of servers can be pointed to the same database.</p>

</section>

<h2>Adding, modifying and deleting permissions and parents<a class="headerlink" href="#adding-modifying-and-deleting-permissions-and-parents" title="Link to this heading">¶</a></h2>

<p>You can always add, modify and delete permissions and parents by accessing the

JSON files or SQL database directly. However, Source.Python also provides

server commands to do these tasks. <a class="reference internal" href="sp-commands.html"><span class="doc">You might want to try them.</span></a></p>

</section>

<h2>Assigning permissions to guests<a class="headerlink" href="#assigning-permissions-to-guests" title="Link to this heading">¶</a></h2>

<p>There is a special parent called <code class="docutils literal notranslate"><span class="pre">guest</span></code> which can be used to assign

permissions to anonymous players. Every player on the server is a member of

that group.</p>

</section>

</div>

</a></p>

<div>

<h3><a href="../index.html">Table of Contents</a></h3>

<ul>

<li><a class="reference internal" href="#">Configuring authorization</a><ul>

<li><a class="reference internal" href="#introduction">Introduction</a></li>

<li><a class="reference internal" href="#backends">Backends</a><ul>

<li><a class="reference internal" href="#flatfile">Flatfile</a></li>

<li><a class="reference internal" href="#sqlite-configuration">SQLite configuration</a></li>

<li><a class="reference internal" href="#mysql-configuration">MySQL configuration</a></li>

</ul>

</li>

</ul>

</li>

<li><a class="reference internal" href="#adding-modifying-and-deleting-permissions-and-parents">Adding, modifying and deleting permissions and parents</a></li>

<li><a class="reference internal" href="#assigning-permissions-to-guests">Assigning permissions to guests</a></li>

</ul>

</li>

</ul>

</div>

<div>

<h4>Previous topic</h4>

<p class="topless"><a href="updating.html"

title="previous chapter">Updating</a></p>

</div>

<div>

<h4>Next topic</h4>

<p class="topless"><a href="sp-commands.html"

title="next chapter">Console commands</a></p>

</div>

<li><a href="../_sources/general/config-auth.rst.txt"

rel="nofollow">Show Source</a></li>

</ul>

</div>

<h3 id="searchlabel">Quick search</h3>

</form>

</div>

</search>

</div>

</div>

<h3>Navigation</h3>

<ul>

<a href="../genindex.html" title="General Index"

>index</a></li>

<a href="../py-modindex.html" title="Python Module Index"

>modules</a> |</li>

<a href="sp-commands.html" title="Console commands"

>next</a> |</li>

<a href="updating.html" title="Updating"

>previous</a> |</li>

<li class="nav-item nav-item-0"><a href="../index.html"> Source.Python v742 documentation</a> »</li>

<li class="nav-item nav-item-this"><a href="">Configuring authorization</a></li>

</ul>

</div>

Created using <a href="https://www.sphinx-doc.org/">Sphinx</a> 8.2.3.

</div>

</body>

</html>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FilesExpand file tree

config-auth.html

Latest commit

History

config-auth.html

File metadata and controls