Conversation
sylv256
added
enhancement
Juuxel
left a comment
Juuxel
left a comment
There was a problem hiding this comment.
I think there should be a code example in the API docs showing how to use this API, especially from the POV of mods defining and checking permissions. It's currently a bit unclear to me. Some of the PR desc and test mod could probably be repurposed for a smaller example.
...c-permission-api-v1/src/main/java/net/fabricmc/fabric/api/permission/v1/PermissionCodec.java
Outdated
Show resolved
Hide resolved
...mission-api-v1/src/main/java/net/fabricmc/fabric/api/permission/v1/PermissionPredicates.java
Outdated
Show resolved
Hide resolved
| this.type = switch (source.getEntity()) { | ||
| case Player player -> Type.PLAYER; | ||
| case Entity entity -> Type.ENTITY; | ||
| case null -> Type.SYSTEM; | ||
| }; | ||
| this.uuid = switch (source.getEntity()) { | ||
| case Entity entity -> entity.getUUID(); | ||
| case null -> Util.NIL_UUID; | ||
| }; |
There was a problem hiding this comment.
I don't think the entity should necessarily be used for determining the type, because it can be changed through commands like /execute as @a run .... See luckperms, which used to do the same thing Luckperms#3673!
There was a problem hiding this comment.
Oh that is fair hmm. Through guess just looking at the command output might not be idea either. Will check if maybe patching it directly first before actually doing the check is better option
There was a problem hiding this comment.
Changed it to only determine the type / uuid on initial CommandSourceStack creation, so any later modification of it (calling with* methods) will inherit initial type and uuid
…SourceStack type / uuid detection
# Conflicts: # gradle.properties
|
Some feedback (in no particular order) as requested: Mojang have recently added some permissions-y APIs to private static final Permission PERM = new Permission.Atom(
Identifier.fromNamespaceAndPath("example_mod", "command.test")
);
ServerPlayer player;
if (!player.permissions().hasPermission(PERM)) {
// deny
}In my view this now captures ~90% of what mods will need. Before it was added, fabric-permissions-api was quite key as an interface between mods and permissions providers, I am not sure it necessarily is anymore. At the very least, given what I understand the philosophy of Fabric API to be, it seems sensible for any new APIs added on top to look and feel similar to the Permission APIs the game now has. Some other comments - some of these are suggestions, others I think would be blockers for LP implementing this API fully:
possibly others, but those are the key ones I can see so far :) |
|
Yeah I am aware of vanilla's permission checks, which is why I delayed working on this api originally. It kinda felt bit too unfinished and doesn't handle default values as nicely (which my mods depending on defaults being dynamic for example). In future if Mojang implements more of it, it might make sense to get it connected closer with vanilla permission sets. Main reason why it's all under permission is since everything is checked the same way (as within concept of this api there is no real distinction between boolean/TriState permissions and string/number ones). Boolean/TriState just got few extra utility methods due to it being commonly checked one. That one is slightly tricky. Let's say you have a mod that adds machines that modify world or do something that needs to check for permission. It's likely they will want to check with their owner being their context, which will happen whatever the player is online or not. So the checks being straightforward is kinda important here. With context values being serializable, I can look into that as I do see the usecase. For simpler ones I can look into implementing it, but I feel not everything will make sense to support that (for example the CommandSourceStack or Entity don't really make sense to be represented as a string). Generally my idea of context was to pretty much work similarly to how loot tables can include optional data that then might be used for more precise logic. Think about area protection mod wanting to change player permissions locally. In that case it needs the position to determine where thing happens. Similarly to loot tables custom ones would require direct compat. Technically speaking PermissionContext isn't static in itself, as for default entity one it dynamically queries then from said entity. |
5 participants
Provides relatively simple, but way more flexible permission api for mods to use.
Using it is as simple as calling #checkPermission method on entity / CommandSourceStack, or any other PermissionContextOwner implementation. Proper contexts are implemented as a separate classes implementing PermissionContext, which allow to always receive uuid, type (player, entity, etc) and vanilla permission level, as well as optionally additional contexts provided via PermissionContext#get method (similar to PacketContext in that regard).
This api was designed to allow checks for players (online and offline), entities and other objects.
The checks themselves default to using vanilla TriState, but api allows providing any codec for it to read from (which automatically handles support for ints, strings and any other complex data). That is also one of main things that differentiate it from vanilla permission checks, which only allow checking for bools without externally defined defaults.
The implementer (think LuckPerms, PlayerRoles or some protection mod) only need to handle a single PermissionCheckCallback event.