Description

Luck Perms Version: v5.4.102
Minecraft Version: 1.20
Other conditions: I am using a Paper server and using EssentialsX 2.20.0 (no other plugins are used for this test)

Hello, I would like to ask something that has been causing me grief for the past few days.
My goal is to make it so that the default group has no commands what's so ever.

This is what I did in an attempt to do so:

1. Made myself OP
2. Execute /lp editor
3. Within the web editor, I have set * to FALSE
4. Made sure that I am in the default group
5. Applied the changes using the webapp's instructions
6. de-OP myself
7. Check my access (I couldn't see any bukkit/essentialsX commands, which is desirable, however I still see "lp", luckperms:*, and perm-like commands)

In case you are curious, I have also tried the following:

• Log out and log back in
• Restart the server
• Specifically set luckperms (I have used the auto-complete from the webapp) to false
• Used wildcards like luckperms.* and also made sure that wildcards are enabled in the config.yml file
• Made sure that I have deopped myself (executed the deop command multiple times)
• Personally inspected the DB file's tables that it was correct (I was using the Sqlite3 format, and yes, I have forced it to instantiate the sqlite db file before the test)
• I tried executing /lp group default permission set * false directly on Minecraft's chat while at OP status
• Set the weight of the group: weight.10

There is one bit of good news out of this issue though. Despite the lp commands still being visible, the auto-complete doesn't work, and executing commands like lp editor doesn't work if they are not on OP status. So thankfully this isn't an issue where anyone can change permissions.

Let me know if you have any questions.

Reproduction Steps

1. Made myself OP
2. Execute /lp editor
3. Within the web editor, I have set * to FALSE
4. Made sure that I am in the default group
5. Applied the changes using the webapp's instructions
6. de-OP myself
7. Check my access (I couldn't see any bukkit/essentialsX commands, which is desirable, however I still see "lp", luckperms:*, and perm-like commands)

Expected Behaviour

When * is set to false on the default user.
The correct behavior should be that no commands are visible/accessible (unless there are additional permissions in that group, but this wasn't added for my tests).

Server Details

Paper version git-Paper-17 (MC: 1.20) (Implementing API version 1.20-R0.1-SNAPSHOT) (Git: c287e92)

LuckPerms Version

v5.4.102

Logs and Configs

No response

Extra Details

No response

The root /lp command (and it's various aliases) have no permission associated with it, and will always be runnable. However, unless the player has permissions for a subcommand, it simply returns the LP version.

It's worth noting that (with a few, plugin-defined exceptions), all permissions default to false anyways. Setting * to false on default usually causes more problems than it solves, and we generally discourage it. Plugins can explicitly declare a permission to default to everyone (which LP respects), but this is rare, and is much better handled by setting that specific permission to false.

Okay, if I'm interpreting this correctly, its not best practice to be excluding * from default, and /lp can't be excluded normally from LuckPerms.

However, that raises another question. If /lp is not allowed to be hidden, how does the LuckPerms tool handle the use-case of a regular user only seeing the commands assigned to them (e.g. A user only has access to /sethome, /home, and /delhome).

I've tried looking at the Wiki and guides online to do so. The only leads are some variation of explicitly excluding all commands' permissions, and include commands that the admin wants on default (or some other group that a regular user is assigned to). Do we just accept that luckperms commands can be visible for regular players?
I would like to hear your thoughts on this.

(correctly written) plugins will hide their commands if users do not have permission to use them. luckperms itself does not control this. luckperms does hide its subcommands if you dont have permission to use them, but since there is no permission for just /lp, luckperms does not hide it as the player is allowed to run that command.

Dang, that's unfortunate. I was kinda hoping to make a clean command interface on my MC server.
I guess this may or may not be an issue from certain people's perspectives.

As a little suggestion for the dev team, would it be possible to make an option in the config.yml where only OP-ed users in a server can see and use /lp?
That way it gets around the issue of having Admins try to outright disable luckperms.* or * on their permission settings for default, and allowing Admins to have an easy way to hide luckperms from regular users.

Just something for you guys to consider.