Allows with Inheritance

[iViscosity]

I was wondering, how are permissions given through inheritance? Reading through my groups.txt, I don't see every command in "superadmin", for example, and only the onces that appear to be manually given. Therefore my question is, how can I get everything that group is allowed to do even through inheritance and not just what it is explicitly allowed to do (through ULib.ucl.groups[ group ].allow)?

[BlueNova]

Looking through documentation I didn't really see anything but you could do it the old fashioned (but tedious way)

Or something I've considered doing in the past. Just create a lua file that's purely a massive table of all ULX perms and then just create a function to loop through them and search if the group is allowed and do what you will with them. Considered doing that before. You may be more successful with it than me. One time on a server I was setting up I tried to do it on my "super" but not super admins and root users to differentiate permissions and sometimes got an overload.


TL;DR - I don't see anything in documentation but with elbow grease you could do what you're asking just may take a bit of work.

[JamminR]

ULib has lots of magic, but the command names are mostly here.
http://ulyssesmod.net/docs/files/lua/ulib/shared/sh_ucl-lua.html
You can dig into the code behind those functions more if you wish within the TeamUlysses ULib github repo.

Additionally, ULib hooks(basically overwriting) the IsAdmin, IsSuperAdmin and IsUserGroup default checks for non-ULib aimed addons, then adds our own magic using shared UCL commands for those meant for ULib/ULX.
Another popular gamemode's admin system does this too, hence why ULX gets lots of conflict reports which we explain are difficult to fix due to conflicting addons.

[iViscosity]

So I've been doing some looking and I think the easiest way for me to do this is use getInheritanceTree() and then taking all the explicit allows from the groups under it and storing it in a table.

[JamminR]

No.
If you need to see if anyone can do anything in ULib, ULX, or any permission stored in the groups and user tables, query them. It takes into count the possibility they may have been explicitly denied (or allowed) in their user table, which, your idea won't fully check.

[iViscosity]

The issue with that is I'm not trying to get permissions from a player, I'm trying to get it from the group in general.

[JamminR]

Oh, From the group, sorry, missed that detail.
Fine, make life more difficult.

Might check out the looping in server/ucl.lua for pointers.
Perhaps more specifically, https://github.com/TeamUlysses/ulib/blob/master/lua/ulib/server/ucl.lua#L368
I _think_ we check to ensure a (specific, not inherited) group doesn't already have access before we add access to a group.
You could then use your tree idea to loop through each group.

Or, we just don't care and duplicate it anyway, then call hooks to let every user know they now have access.
It's late, I'm getting tired - I didn't look that close.

[iViscosity]

Too late for me too. I'll take a look tomorrow. Thanks

Sent using Tapatalk. Owner of iViscosity Gaming.

[Stickly Man!]

Unfortunately, groupAllow does not check up the inheritance chain, as it is possible to give multiple levels access to the same command (with different restrictions, or even with a deny somewhere between the two groups).


I'm not sure if this is the most optimized approach (given that XGUI was a separate entity from ULX when I originally wrote all of this), but here's how XGUI does it:

XGUI starts with a list of access tags that is populated from the server, and sent down to admins who have access to the groups tab.
https://github.com/TeamUlysses/ulx/blob/master/lua/ulx/xgui/server/sv_groups.lua#L290-L300

Then, once a group is selected on the groups tab clientside, I iterate through each access to determine whether or not it has direct access, or inherited access (since I make a distinction in the UI for both cases). The helper methods I created to check that are here:
https://github.com/TeamUlysses/ulx/blob/master/lua/ulx/xgui/groups.lua#L586-L608

.. But basically, for you to use this method, you would need to loop through each access you care about, then make a recursive function that checks a given group for access, and if it doesn't have access, then run the function again with the groups' inherited group, until there isn't one. (Note: this method does not factor in denies at all)

[iViscosity]

Interesting. I can filter out permissions that are denied, but that would be helpful. I was having issues using getInheritanceTree() because each value contains a table all the way until the end. I kept trying to go from bottom (user) up (superadmin) but that would make it a lot easier. I plan to store all of these permissions in a text file anyways, so getting them again won't be too hard, unless they're updated.

Thanks for that.