modulatingforce/forcebot_rs

Fork 0

Review Listeners validating user Roles #57

New issue

Open

opened 2024-04-02 21:01:02 -04:00 by modulatingforce · 2 comments

modulatingforce commented

2024-04-02 21:01:02 -04:00

Owner

I believe I wanted the roles validation primarily for commands . I think I also wanted it to validate anything coming from routines or listeners to ensure the user has appropriately roles to send between channels.

However, I didn't intend for this to validate at listener level

I need to flesh this out a bit though on what would be recommended

![image](/attachments/4be8b719-84dd-4e9d-b1a2-90ecfefd4db3) I believe I wanted the roles validation primarily for commands . I _think_ I also wanted it to validate anything coming from routines or listeners to ensure the user has appropriately roles to send between channels. However, I didn't intend for this to validate at listener level I need to flesh this out a bit though on what would be recommended

image.png

34 KiB

modulatingforce added the

Requirements > Drafting

labels 2024-04-02 21:01:02 -04:00

modulatingforce self-assigned this 2024-04-02 21:01:02 -04:00

modulatingforce commented

2024-04-03 09:14:40 -04:00

Author

Owner

When I think about it , I think the following may be best in terms of Listener , but would apply to all BotAction :

If a Chat message is sent to the Source Channel , Chat.say() should Allow the Send to go without Additional User Access Validation
- BotCommand is already user access permissible at that channel level before the BotCommand is ran, so this check would be redundant when checking against Source Channel
Otherwise (e.g., in scenarios where is it not sent to the Source Channel), validate that user first before sending the message

The change would probably be made somewhere after this point

[x] !! => 03.24 - Would be nice if around here , validate the user has at least some special roles in target channel

Here in Chat.botmsg() specifically it can be Source channel can be checked (ofc, whatever needs to unwrap the Source channel needs to be done first)

https://git.flake.sh/modulatingforce/forcebot_rs/src/branch/main/src/core/chat.rs#L254-L257

	            if !(user_roles.contains(&identity::UserRole::Mod(Channel(channel_login.clone()))) 
            || user_roles.contains(&identity::UserRole::SupMod(Channel(channel_login.clone()))) 
            || user_roles.contains(&identity::UserRole::Broadcaster)
            || user_roles.contains(&identity::UserRole::VIP(Channel(channel_login.clone())))

When I think about it , I think the following may be best in terms of `Listener` , but would apply to all `BotAction` : - If a `Chat` message is sent to the Source Channel , `Chat.say()` should Allow the Send to go without Additional User Access Validation - `BotCommand` is already user access permissible at that channel level before the `BotCommand` is ran, so this check would be redundant when checking against Source Channel - Otherwise (e.g., in scenarios where is it not sent to the Source Channel), validate that user first before sending the message --- The change would probably be made somewhere after this point https://git.flake.sh/modulatingforce/forcebot_rs/src/commit/d7634663fe32dceebde14c1569449127fec3203e/src/core/chat.rs#L210 Here in `Chat.botmsg()` specifically it can be Source channel can be checked (ofc, whatever needs to unwrap the Source channel needs to be done first) https://git.flake.sh/modulatingforce/forcebot_rs/src/branch/main/src/core/chat.rs#L254-L257 ```rust if !(user_roles.contains(&identity::UserRole::Mod(Channel(channel_login.clone()))) || user_roles.contains(&identity::UserRole::SupMod(Channel(channel_login.clone()))) || user_roles.contains(&identity::UserRole::Broadcaster) || user_roles.contains(&identity::UserRole::VIP(Channel(channel_login.clone()))) ```

modulatingforce added this to the Forcebot Prototype 1.0 Push project 2024-04-03 09:15:35 -04:00

modulatingforce added

Phase 2.0

Design > Research & Analysis

and removed

Phase 1.0

Requirements > Drafting

labels 2024-04-03 09:16:01 -04:00

modulatingforce added

and removed

labels 2024-04-03 09:39:37 -04:00

modulatingforce commented

2024-04-03 09:49:02 -04:00

Author

Owner

#todo - need to correct this comment

// If the BotMsg a Say/SayInReplyTo (from Developer or Chatter) , and the Sender does not have Specific Roles in the Source Channel Sent

	                        // If the BotMsg a Say/SayInReplyTo (from Developer or Chatter) , and the Sender does not have Specific Roles in the Source Channel Sent

	                        // If the BotMsg a Say/SayInReplyTo (from Developer or Chatter) , and the Sender does not have Specific Roles in the Target Channel

- [ ] #todo - need to correct this comment https://git.flake.sh/modulatingforce/forcebot_rs/src/commit/d7634663fe32dceebde14c1569449127fec3203e/src/core/chat.rs#L270 ```rust // If the BotMsg a Say/SayInReplyTo (from Developer or Chatter) , and the Sender does not have Specific Roles in the Source Channel Sent ``` to ```rust // If the BotMsg a Say/SayInReplyTo (from Developer or Chatter) , and the Sender does not have Specific Roles in the Target Channel ```