flag permissions structure mixes namespaces
Elkano opened this issue ยท 6 comments
Issue
Currently the namespace structure for flag permissions is a bit messed up.
To check if you are allowed to change a specific flag for a specific region the following three permissions are used:
- worldguard.region.flag.flags.flag.region
- worldguard.region.flag.flags.flag.own.region
- worldguard.region.flag.flags.flag.member.region
In addition to this, there are three additional permissions check to see if you are allowed to change the flags for a specific region regardless of the flag:
- worldguard.region.flag.region
- worldguard.region.flag.own.region
- worldguard.region.flag.member.region
So in order to allow modifications to all regions you would add the following permission (in addition to the flags permissions):
- worldguard.region.flag.*
Unfortunately this also includes the worldguard.region.flag.flags.* permission giving access to all flags.
Suggested solution
A solution to this would be to move the three per region permission into their own namespace eg:
- worldguard.region.flag.regions.region
- worldguard.region.flag.regions.own.region
- worldguard.region.flag.regions.member.region
Changing this now will probably break everything for people who had it set before. I've noticed this before but imo it's better to leave it as is.
The problem I see is that it seems unexpected to give permission for all flags. Since the set of three permissions (/own/member) is used in many cases and often you'll just use * to give all three.
When I talked to sk98q a few days ago about this he agreed that it's a possible security flaw.
Also, if the change is noted in the change log, those that read it should have no problem fixing it since you should be able to do it with a single regex search/replace.
Except that the overwhelming majority of people don't read the change log and don't know how to "do it with a single regex search/replace." The only thing I'm saying is that it's not a backwards compatible change and it's going to make a lot of people stumble.
Add the worldguard.region.flag.regions.x or whatever you want to call them as alternate ways of giving the same permissions as the current flags?
That way people could use worldguard.region.flag.regions.* to give all 3 flags, and not break anyone who is already using the current worldguard.region.flag.own etc.
I just had another thought... The only people you are likely to want to give all three permissions (modify any region) are admins. Why wouldn't you want to also give them permissions to all flag types?
Servers having a large user base often have an additional layer between users and admins, eg moderators, that are intended to be able to set some of the flags but not all.
Adding worldguard.region.flag.regions.* in addition to the current flags would work though the old flags should be noted as depreciated and be removed after a few version in order to keep the code clean.