Jump to content

ACL rights


Recommended Posts

Hi, i have the ACL functions false on this ACL, but has resources functions, but why this ACL can still add / remove objects from ACL / Group?

<group name="L4 Staff">
<acl name="L1 Staff"></acl>
<acl name="L2 Staff"></acl>
<acl name="L3 Staff"></acl>
<acl name="L4 Staff"></acl>
<object name="user.testacl"></object>
</group>


<acl name="L4 Staff">
        <right name="function.addBan" access="true"></right>
        <right name="function.setUnbanTime" access="true"></right>
        <right name="function.setBanAdmin" access="true"></right>
        <right name="function.setBanReason" access="true"></right>
        <right name="function.setBanNick" access="true"></right>
        <right name="function.removeBan" access="true"></right>
        <right name="function.reloadBans" access="true"></right>
        <right name="function.refreshResources" access="true"></right>
        <right name="function.setPlayerScriptDebugLevel" access="true"></right>
        <right name="general.adminpanel" access="true"></right>
        <right name="general.tab_players" access="true"></right>
        <right name="general.tab_resources" access="true"></right>
        <right name="general.tab_maps" access="true"></right>
        <right name="general.tab_server" access="true"></right>
        <right name="general.tab_bans" access="true"></right>
        <right name="general.tab_adminchat" access="true"></right>
        <right name="command.kick" access="true"></right>
        <right name="command.freeze" access="true"></right>
        <right name="command.mute" access="true"></right>
        <right name="command.setnick" access="true"></right>
        <right name="command.shout" access="true"></right>
        <right name="command.spectate" access="true"></right>
        <right name="command.slap" access="true"></right>
        <right name="command.sethealth" access="true"></right>
        <right name="command.setarmour" access="true"></right>
        <right name="command.setmoney" access="true"></right>
        <right name="command.setskin" access="true"></right>
        <right name="command.setteam" access="true"></right>
        <right name="command.giveweapon" access="true"></right>
        <right name="command.setstat" access="true"></right>
        <right name="command.jetpack" access="true"></right>
        <right name="command.warp" access="true"></right>
        <right name="command.setdimension" access="true"></right>
        <right name="command.setinterior" access="true"></right>
        <right name="command.givevehicle" access="true"></right>
        <right name="command.repair" access="true"></right>
        <right name="command.blowvehicle" access="true"></right>
        <right name="command.destroyvehicle" access="true"></right>
        <right name="command.customize" access="true"></right>
        <right name="command.setcolor" access="true"></right>
        <right name="command.setpaintjob" access="true"></right>
        <right name="command.listmessages" access="true"></right>
        <right name="command.readmessage" access="true"></right>
        <right name="command.listresources" access="true"></right>
        <right name="command.start" access="true"></right>
        <right name="command.stop" access="true"></right>
        <right name="command.restart" access="true"></right>
        <right name="command.setweather" access="true"></right>
        <right name="command.setwaveheight" access="true"></right>
        <right name="command.settime" access="true"></right>
        <right name="command.clearchat" access="true"></right>
        <right name="command.ban" access="true"></right>
        <right name="command.unban" access="true"></right>
        <right name="command.banip" access="true"></right>
        <right name="command.unbanip" access="true"></right>
        <right name="command.banserial" access="true"></right>
        <right name="command.unbanserial" access="true"></right>
        <right name="command.listbans" access="true"></right>
        <right name="command.setgroup" access="false"></right>
        <right name="command.createteam" access="false"></right>
        <right name="command.destroyteam" access="false"></right>
        <right name="command.stopall" access="false"></right>
        <right name="command.delete" access="false"></right>
        <right name="command.execute" access="false"></right>
        <right name="command.setpassword" access="false"></right>
        <right name="command.setwelcome" access="true"></right>
        <right name="command.setgame" access="false"></right>
        <right name="command.setmap" access="false"></right>
        <right name="command.blendweather" access="false"></right>
        <right name="command.setblurlevel" access="false"></right>
        <right name="command.setskygradient" access="false"></right>
        <right name="command.setgamespeed" access="false"></right>
        <right name="command.setgravity" access="false"></right>
        <right name="command.setfpslimit" access="false"></right>
        <right name="function.shutdown" access="false"></right>
        <right name="function.aclReload" access="false"></right>
        <right name="function.aclSave" access="false"></right>
        <right name="function.aclCreate" access="false"></right>
        <right name="function.aclDestroy" access="false"></right>
        <right name="function.aclSetRight" access="false"></right>
        <right name="function.aclRemoveRight" access="false"></right>
        <right name="function.aclCreateGroup" access="false"></right>
        <right name="function.aclDestroyGroup" access="false"></right>
        <right name="function.aclGroupAddACL" access="false"></right>
        <right name="function.aclGroupAddObject" access="false"></right>
        <right name="function.aclGroupRemoveObject" access="false"></right>
    </acl>

 

Link to post
  • Moderators
Posted (edited)
28 minutes ago, Bean666 said:

Hi, i have the ACL functions false on this ACL, but has resources functions, but why this ACL can still add / remove objects from ACL / Group?

That is because the function is executed by the admin resource and not by an user. Users in general can't execute functions, since functions are not part of the user API.

The user API only exist out of commands and events>indirect (and maybe something else ???).

 

If you want those functions to be scoped by the ACL, I am afraid that you will have to modify the admin resource or disable the resource tab for those users.

 

Note: This is information based on my knowledge of how resources work. I am not entirely sure if there is a way for a user to execute a function, since there is no Lua environment created for each player, it is created based on each resource. Maybe it could be possible, outside of the Lua environment.

 

Edited by IIYAMA
Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...