Solved How do permissions work?

Discussion in 'Spigot Plugin Development' started by finnbon, Oct 31, 2018.

  1. Hello all,

    Lately I've gotten quite confused about the inner workings of permissions. Mainly on the subject of wildcards. Let me show an example.

    Let's say we have the permission 'plugin.function.option'. I want people who have access to 'plugin' and 'plugin.function' to have access to the previously mentioned permission too, like a hierarchy structure. However, I don't know whether I'm supposed to implement this myself or not?

    Now that I write this, I'm not sure about the proper way of handling permissions al together. Do parent permissions go by wildcard (plugin.function.* would grant access to anything that starts with plugin.function)? Or is a permission without wildcard enough (plugin.function would grant access to anything that starts with plugin.function)?

    If anyone could tell me about common practices for permissions and the proper way to handle them, I'd be grateful. Please note that I must be able to add new permissions at runtime, so I must create all my permissions through code, not through the plugin.yml (but using the plugin.yml as an example is fine!)

    Thanks in advance!

    - Finn
  2. md_5

    Administrator Developer

    Permissions are just strings.
    They have no special meaning.

    The convention however is to have a hierarchy separated by .
    And a * permission to allocate all reasonable permissions in that hierarchy.

    Its up to you the developer to to then create reasonable permissions for your users.

    Often this boils down to say:

    or something like that - hopefully what each does is obvious from the name.

    This falls apart with certain plugins (cough PEX) because they hack the Bukkit API to add wildcards (and even regex permissions)...

    Yes you should.
    Whatever you choose.
    * would likely be more natural, but note that:

    1) You have to manually add children
    2) People using perms plugins that define * as wildcard may have different behaviour

    Looks at essentials for inspiration

    Note it generally only uses * from runtime defined permissions, e.g essentials.spawnmob.*
    but generally doesn't have any other groupings
    • Informative Informative x 1
  3. Thanks! This is the exact information I needed.