Custom usergroup only to allow admin SWEPs?

[Custom SWEP usergroup?]

Hi, I have done some searching, and I haven't found anything to tell we what I should do... See, I have this friend who wants the admin weapons. But I don't want to give him complete admin access. Is there any way to make a custom user group that only allows them to get the admin weapons and nothing else?

By the way, sorry about the name of this topic; I couldn't think of a better way to explain it in such a short box.

Thanks...

-RynO

[RynO-SauruS]

Sorry, when I saw the box that said "Name", I thought it meant the the name of the topic!  Silly me.

[JamminR]

Technically, yes, there is a way.
However, it would take more time to explain the full details step by step than I wish to give at this point and time.
Short summary for anyone else out there who might wish to help.
Create a new ULib user group. realadmin (Real Admin, or some other name like that that you know is 'original').
That newly created usergroup should inherit from admin user group.
Manually edit ULib groups.txt, changing superadmin inheritance from "admin" to "<newly created group realadmin>"
Manually edit ULib groups.txt, moving the admin group "allows" to the newly created group "realadmin".
Make sure any admins you have now are moved/upgraded to realadmin
Add the user to the admin group.

Garry's check for admin status simply looks for a groupname "admin", it doesn't care what ULX commands are given to the player at admin access.
The above steps, in summary, just make the new group the same as what is now default called admin.


Hopefully, we will soon have ULX capability to give 'admin only' access weapons to players, without any other special need than them being in a group aptly named "weps" or similiar.

[RynO-SauruS]

Thanks for the reply, sounds like that might work. But there might be a problem. Will that make it where the "RealAdmins" don't have access to the admin weapons anymore? I thought that might happen because you said GMod looks for the word "Admin". Now its gonna find "RealAdmins". Will that mess it up?

[JamminR]

Good question, and no, it won't mess it up.
We override the default behavior of Gmod's check for groups.

Normally, Gmod would check if and only if player was an admin.
Anything else but superadmin or admin would be "false"

With ULib groups, the check also follows inheritance so therefore would work.
Following the logic in the previous summary, superadmin inherits realadmin inherits admin inherits operator
(and unstated, all groups inherit user)
Gmod would check "is player an admin?" ULib would answer, "well, he's a real admin, which inherits admin, so, yes, he's an admin"

The only drawback to this method, if you have other addons that check for admin access that you wouldn't want them to have, well, they would have it.
It probably wouldn't be difficult to find in the addon where the access check is, and change "admin" to "realadmin" (or whatever you name it)

[RynO-SauruS]

Thanks so much for your help. I tested it, and it works. And you were also right about what other addons would do; The Simple Prop Protection addon let my friend into the admin settings for it. Thankfully, it was only for test purposes. And now that I understand the ULib group system so much better (thanks to you  ), I would like to propose another idea. Could I revert the changes, create another group called "adminweapons", have it inherit "admin", and add all the admin commands to the "deny" list? Would it work like that?

Thanks again...

-RynO

[JamminR]

Geez. Yes, I believe so.
I'm pretty sure we (well, Megiddo) wrote the ACL like most.. deny takes precedence over allow, even if the group inherits another one that allows.
Your idea works better than mine, as it allows no modification to other scripts.
Glad I could get you pointed in the right direction though.
As you might tell, I usually do things the hard way, THEN figure out the easy way.

[RynO-SauruS]

Thanks so much for your help. Your the best... I'm also hoping that this way, other addons won't take him as a real admin. I haven't gotten around to testing it yet.

[JamminR]

Welcome.
ULib would tell other scripts he's an admin. That's what you wanted the weapons to do.
Again, I'm not sure denying him the ULX stuff, then inheriting admin, would prevent him access to the ULX commands for admin though. Test it.
I'm sure it would tell other scripts he's an admin though.
I believe Megiddo and I had a discussion when he was designing the access control list that denies should take precedence. At least, in firewall exceptions lists they do and I recommended it. He may have written it differently.

Let me know how it works out.

[Megiddo]

Denies take precedence over allows.

[JamminR]

Denies take precedence over allows.

Thanks for the confirmation. I thought it did.