Is there a possibility to sort the permissions/nodes automatically? With 100+ permissions it becomes very messy. I'm using a database, so I don't care about storage. I'm only interested in displaying the list in the console and, if possible, in the web editor.

These views are sorted by priority, and then alphabetically.

Tested this against a bigger set of permissions.

It more or less works like you said. It's a bit weird for permissions containing wildcards but I have in idea why. Nevertheless I would prefer an only alphabetically sort. When editing permissions, I don't want to search in different places first.

Is it possible to implement something in this direction in the form of a general change or additional sort order option?

@Androkai - be careful with posting that url where the permissions are. There is NO security preventing people from adding or removing anything in that list. @lucko - this should be a page that is only allowed by either the server it resides on, UUID of the person who generated it or password protected so that only the person who created this page can edit/view/add on it.

@smmmadden You need to run a command in-game or in console to apply changes

These views are sorted by priority, and then alphabetically.

Valid request and I agree. There are two scenarios here.

1. The order/priority that permissions need to be validated by to control the outcome
2. The order of the permissions to know if something is duplicated, ignored or missing
   So having an option or switch to use to sort alphabetically ASC or DESC would help server owners and for the console, it doesn't make sense to use pagination. So looking at this result from the server - there is no way to tell what's permissions are missing as there is no logical sort order and I'd have to page it 15 times to get the results. :-)

this is true - but it still exposes someones server settings which is a no-no for security.

@smmmadden Publishing in-game permissions is not a security threat. I suggest you read up a little on how the web editor actually works. This issue is about sorting nodes, please keep it on-topic.

this is true - but it still exposes someones server settings which is a no-no for security.

https://en.wikipedia.org/wiki/Security_through_obscurity

Wikipedia is not the authority on the topic, sorry. :-) Anyone can post to wiki even without any experience in the topic. I mean no disrespect. While there are controls in place to make the LP Editor site keeping the owner's details ambiguous, I would hope that none of my server data would be accessible by anyone but myself especially UUID's, minecraft names or anything that can be reversed engineered to get more information. So using /lp user smmmadden editor will show my permissions, my minecraft id and UUID. That's just one step closer to someone's identity.

Back on topic, the editor does provide all the permissions in an ordered way by priority as you stated clearly. The top header where you can search for Permission, Expiry etc can be used to get a true sorted list of permissions. However, there appears to be two problems with using this.

The list is showing permissions (I'm assuming) that the list is both available to set, and already set which makes it a bit more difficult to know by looking which is or isn't set. If you could indicate by an asterisks or color or even a second column in the results which one is set and which isn't, that would be a plus!

The second problem with the Permission drop down is it does not list all the results. So there must be some limit restriction being imposed on the results. For mine, it stopped in the M's and I have many more after that. This would be an ideal solution to the sorting problem if you're able to addressed the two issues. Will that make it easier to implement, by using the same API you've already created?
Also, how long will the url for the Web Permissions Editor remain available for? Does it expire after xx minutes/hours or days?

Thanks!

@smmmadden If you find the "security" part of the web editor then please make a separate issue about that. The web editor is written entirely in JavaScript. There is no backend. All information is hosted on Secret anonymous Github Gists. They do not expire. The server uploads the necessary information to Gist. The ID of the gist is then passed to the URL of the editor. Once you have edited it the new information is uploaded to a new Gist. The ID of that gist is then passed to the server with the command you execute when you are saving the changes.

While already talking about the editor. I think a separate issue about node/permission-sorting should be opened on Lucko/LuckPermsWeb for the sake of keeping track of progress, as well as separating the discussion about implementation to the correct platform.

@smmmadden Then who is the authority in the topic? :p
Wikipedia is as good as any other source to be honest. It isn't suited for academic work as the content can change to quickly and break footnotes etc. but it's entirely valid to show you a very very very common idiom used in computer security.

Also if you are concerned about anyone finding out your uuid beware of sites like this and the official mojang api:
https://mcuuid.net/?q=smmmadden

You know there isn't a single company, corporation or entity that is the foremost expert on security. Security loosely covers a variety of mediums and topics. Wiki allows anyone to post an article on their site which is why it would be the last source I'd consider. There are thousands of books, journals and online documents devoted to every aspect of security.

Doing a quick search, here is what one site refers to as the Top 25 IT Cyber Security Companies for 2017.
https://www.cioapplications.com/vendors/top-25-cyber-security-companies-2017-rid-20.html It too isn't the foremost authority but some of those companies are the experts in their field.

My point was that every region in the world has its own laws around what can and cannot be shared for privacy protection, cyber security, identity theft and due diligence in protecting user data. I merely point out that just because something is open source, does not necessarily mean users data from their private servers is as well. Hope that clarifies the intent around what I stated previously.

This has become very off topic.

You completely dismissed the concept of “security by obscurity” on the grounds that the source I linked to explain the concept was wikipedia.

If you think the data exposed in the editor pages pose a risk to your servers security, then it sounds like you have bigger problems on your hands.

If you want to discuss this further, please open a new issue.