HasObjectPermissionTo: Difference between revisions

From Multi Theft Auto: Wiki
Jump to navigation Jump to search
(Replace to predefined variables.)
 
(25 intermediate revisions by 15 users not shown)
Line 1: Line 1:
__NOTOC__  
__NOTOC__  
{{Server function}}<!-- Change this to "Client function" or "Server function" appropriately-->
{{Server function}}
<!-- Describe in plain english what this function does. Don't go into details, just give an overview -->
This function returns whether or not the given object has access to perform the given action.
This function returns whether or not the given object has access to perform the given action. The object can be given as a resource or a client element (ie. a player), or a string formatted like "user.<name>" or "resource.<name>".
{{Note|Only certain action names work. This function seems to return ''nil'' and output a bad argument error when checking if an object has rights for an action which doesn't start with ''function.'', ''command.'' or ''resource.'' keywords.}}
 
Scripts frequently wish to limit access to features to particular users. The naïve way to do this would be to check if the player who is attempting to perform an action is in a particular group (usually the Admin group). The main issue with doing this is that the Admin group is not guaranteed to exist. It also doesn't give the server admin any flexibility. He might want to allow his 'moderators' access to the function you're limiting access to, or he may want it disabled entirely.
 
This is where using the ACL properly comes in, and luckily this is very easy. It all comes down to using this function. This, somewhat confusingly named function lets you check if an ACL object (a player or a resource) has a particular ACL right. In this case, we just care about players.
 
So, first of all, think of a name for your 'right'. Let's say we want a private area only certain people can go in, we'll call our right accessPrivateArea. Then, all you need to do is add one 'if' statement to your code:
<syntaxhighlight lang="lua">if hasObjectPermissionTo ( player, "resource.YourResourceName.accessPrivateArea", false ) then
-- Whatever you want to happen if they're allowed in
else
-- Whatever you want to happen if they aren't
end
</syntaxhighlight>
 
Notice that we've named the ''right'' using ''resource.YourResourceName.accessPrivateArea'' - this is just for neatness, so that the admin knows what resource the right belongs to. It's strongly advised you follow this convention. The ''false'' argument specifies the 'defaultPermission', false indicating that if the user hasn't had the right allowed or dissallowed (i.e. the admin hasn't added it to the config), that it should default to being not allowed.
 
The only downside of using this method is that the admin has to modify his config. The upsides are that the admin has much more control and your script will work for any server, however the admin has configured it.


==Syntax==  
==Syntax==  
<!-- NOTE: don't use 'special' names for variable names, e.g. you shouldn't be writing things like 'player player, vehicle vehicle', instead write something like 'player thePlayer, vehicle vehicleToGetInto'. This is less confusing and prevents the syntax highlighting being odd -->
<syntaxhighlight lang="lua">
<syntaxhighlight lang="lua">
bool hasObjectPermissionTo ( string / element theObject, string theAction [, bool defaultPermission = true ] )
bool hasObjectPermissionTo ( string / element theObject, string theAction [, bool defaultPermission = true ] )
</syntaxhighlight>  
</syntaxhighlight>  
 
<!-- Yes! This is actually correct this time ^^ notice theObject can be a string! -->
{{OOP|This function is also a static function underneath the ACL class.|[[ACL]].hasObjectPermissionTo||}}
===Required Arguments===  
===Required Arguments===  
<!-- List each argument one per line. This should be the argument's name as in the argument list above, NOT the argument's data type -->
*'''theObject:''' The object to test if has permission to. This can be a client element (ie. a player), a resource or a string in the form "user.<name>" or "resource.<name>".
*'''theObject:''' The object to test if has permission to. This can be a client element (ie. a player) or a string.
*'''theAction:''' The action to test if the given object has access to. Ie. "function.kickPlayer".
*'''theAction:''' The action to test if the given object has access to. Ie. "function.kickPlayer".


<!-- Only include this section below if there are optional arguments -->
===Optional Arguments===  
===Optional Arguments===  
{{OptionalArg}}  
{{OptionalArg}}  
*'''defaultPermission:''' The default permission if none is specified in either of the groups the given object is a member of. If this is left to true, the given object will have permissions to perform the action unless the opposite is explicitly specified in the [[ACL]]. If false, the action will be denied by default unless explicitly approved by the [[ACL]].
*'''defaultPermission:''' The default permission if none is specified in either of the groups the given object is a member of. If this is left to true, the given object will have permissions to perform the action unless the opposite is explicitly specified in the [[ACL]]. If false, the action will be denied by default unless explicitly approved by the [[Access Control List]].


===Returns===
===Returns===
<!-- Make this descriptive. Explain what cases will return false. If you're unsure, add a tag to it so we can check -->
Returns ''true'' if the given object has permission to perform the given action, ''false'' otherwise. Returns ''nil'' if the function failed because of bad arguments.
Returns ''true'' if the given object has permission to perform the given action, ''false'' otherwise. Returns ''nil'' if the function failed because of bad arguments.


==Example==  
==Example==  
<!-- Explain what the example is in a single sentance -->
This example kicks a player if the user using it has access to the kickPlayer function.
This example does...
<!-- Add the code below, an emphasis should be on making it clear, not optimized. You could provide two versions if you wish, one clear and well commented, the other optimized -->
<syntaxhighlight lang="lua">
<syntaxhighlight lang="lua">
 
-- Kick command
-- ChrML: Please test this example
 
-- Ban command
function onKickCommandHandler ( playerSource, commandName, playerToKick, stringReason )
function onKickCommandHandler ( playerSource, commandName, playerToKick, stringReason )
     -- Does the calling user have permission to kick the player? Default
     -- Does the calling user have permission to kick the player? Default
Line 41: Line 49:
         -- Do we have permission to kick the player? We do this so we can fail
         -- Do we have permission to kick the player? We do this so we can fail
         -- nicely if this resource doesn't have access to call that function.
         -- nicely if this resource doesn't have access to call that function.
         if ( hasObjectPermissionTo ( getThisResource (), "function.kickPlayer", true ) )
         if ( hasObjectPermissionTo ( resource, "function.kickPlayer", true ) ) then
             -- Kick him
             -- Kick him
             kickPlayer ( playerToKick, playerSource, stringReason )
             kickPlayer ( playerToKick, playerSource, stringReason )
         else
         else
             -- Resource doesn't have any permissions, sorry
             -- Resource doesn't have any permissions, sorry
             outputChatBox ( "kick: The admin resource does not have permission to kick the given player. Please give this resource access to 'function.kickPlayer' in the ACL to use this function.", playerSource )
             outputChatBox ( "kick: The admin resource is not able to kick players. Please give this resource access to 'function.kickPlayer' in the ACL to use this function.", playerSource )
         end
         end
     else
     else
Line 53: Line 61:
     end
     end
end
end
addCommandHandler ( "kick", onKickCommandHandler )
</syntaxhighlight>
</syntaxhighlight>


Line 58: Line 67:
<!-- Change FunctionArea to the area that this function is in on the main function list page, e.g. Server, Player, Vehicle etc -->
<!-- Change FunctionArea to the area that this function is in on the main function list page, e.g. Server, Player, Vehicle etc -->
{{ACL_functions}}
{{ACL_functions}}
[[Category:Needs_Example]] <!-- leave this until the example is completed. -->
[[zh-cn:hasObjectPermissionTo]]
[[pt-br:hasObjectPermissionTo]]
[[ru:hasObjectPermissionTo]]

Latest revision as of 04:22, 10 June 2023

This function returns whether or not the given object has access to perform the given action.

[[{{{image}}}|link=|]] Note: Only certain action names work. This function seems to return nil and output a bad argument error when checking if an object has rights for an action which doesn't start with function., command. or resource. keywords.

Scripts frequently wish to limit access to features to particular users. The naïve way to do this would be to check if the player who is attempting to perform an action is in a particular group (usually the Admin group). The main issue with doing this is that the Admin group is not guaranteed to exist. It also doesn't give the server admin any flexibility. He might want to allow his 'moderators' access to the function you're limiting access to, or he may want it disabled entirely.

This is where using the ACL properly comes in, and luckily this is very easy. It all comes down to using this function. This, somewhat confusingly named function lets you check if an ACL object (a player or a resource) has a particular ACL right. In this case, we just care about players.

So, first of all, think of a name for your 'right'. Let's say we want a private area only certain people can go in, we'll call our right accessPrivateArea. Then, all you need to do is add one 'if' statement to your code:

if hasObjectPermissionTo ( player, "resource.YourResourceName.accessPrivateArea", false ) then
-- Whatever you want to happen if they're allowed in
else
-- Whatever you want to happen if they aren't
end

Notice that we've named the right using resource.YourResourceName.accessPrivateArea - this is just for neatness, so that the admin knows what resource the right belongs to. It's strongly advised you follow this convention. The false argument specifies the 'defaultPermission', false indicating that if the user hasn't had the right allowed or dissallowed (i.e. the admin hasn't added it to the config), that it should default to being not allowed.

The only downside of using this method is that the admin has to modify his config. The upsides are that the admin has much more control and your script will work for any server, however the admin has configured it.

Syntax

bool hasObjectPermissionTo ( string / element theObject, string theAction [, bool defaultPermission = true ] )

OOP Syntax Help! I don't understand this!

Note: This function is also a static function underneath the ACL class.
Method: ACL.hasObjectPermissionTo(...)


Required Arguments

  • theObject: The object to test if has permission to. This can be a client element (ie. a player), a resource or a string in the form "user.<name>" or "resource.<name>".
  • theAction: The action to test if the given object has access to. Ie. "function.kickPlayer".

Optional Arguments

NOTE: When using optional arguments, you might need to supply all arguments before the one you wish to use. For more information on optional arguments, see optional arguments.

  • defaultPermission: The default permission if none is specified in either of the groups the given object is a member of. If this is left to true, the given object will have permissions to perform the action unless the opposite is explicitly specified in the ACL. If false, the action will be denied by default unless explicitly approved by the Access Control List.

Returns

Returns true if the given object has permission to perform the given action, false otherwise. Returns nil if the function failed because of bad arguments.

Example

This example kicks a player if the user using it has access to the kickPlayer function.

-- Kick command
function onKickCommandHandler ( playerSource, commandName, playerToKick, stringReason )
    -- Does the calling user have permission to kick the player? Default
    -- to false for safety reasons. We do this so any user can't use us to
    -- kick players.
    if ( hasObjectPermissionTo ( playerSource, "function.kickPlayer", false ) ) then

        -- Do we have permission to kick the player? We do this so we can fail
        -- nicely if this resource doesn't have access to call that function.
        if ( hasObjectPermissionTo ( resource, "function.kickPlayer", true ) ) then
            -- Kick him
            kickPlayer ( playerToKick, playerSource, stringReason )
        else
            -- Resource doesn't have any permissions, sorry
            outputChatBox ( "kick: The admin resource is not able to kick players. Please give this resource access to 'function.kickPlayer' in the ACL to use this function.", playerSource )
        end
    else
        -- User doesn't have any permissions
        outputChatBox ( "kick: You don't have permissions to use this command.", playerSource )
    end
end
addCommandHandler ( "kick", onKickCommandHandler )

See Also