Author Topic: flexible security (Read 2604 times)

Tichy · « **on:** November 23, 2007, 01:43:01 pm »

I just wonder how the flexible security extension works.

I have a raidbot running and atm I add any members by hand. The access should be granted to members of "allied" orgs automaticly. All generals of these orgs should have admin user level. Could this be realized by the flexible security extension? And how to do it?

The documentation on this module seems to be incomplete

Alreadythere · « **Reply #1 on:** November 23, 2007, 01:57:34 pm »

Yes, you can do both those things with flexible security - which will take the information out of the whois cache for it.

The basic steps to do this are

Create a security group with the wanted access level. Or you can use one of the pre-defined ones (Admin, Super-Admin, Leader).
Create a flexible extension for those security groups, use the GUI under !flexible for this. Whether you need an AND or OR-combined one depends on what you want to do (see below for your case).
Add the conditions using !flexible condition add group rule

Security groups can be OR-combined, which means at least one of the conditions has to be met, or AND-combined, which means all conditions have to be met.

For your setup you need one OR-combined flexible group for the members setup. Simply create a group with members rights, create the OR-combined extension, and then add all the alliance orgs with !flexible condition groupname org = member, where member is a member of the org you want to add (check whois to make sure the information is correct, or check !flexible GUI afterwards, it lists the org names there).

To give generals/presidents (org_rank <= 1) access as ADMIN you need to create one AND-combined extension per organisation in your alliance, as you want to make sure ADMINs are both members of an org of the alliance and have the neccessary rank. Create a security group with ADMIN access level for each organisation in your alliance, and create for those groups AND-combined extensions. Then add to each of those groups the org rank condition via !flexible condition groupname rank_id <= 1, and add exactly one org condition to each of the ADMIN groups via !flexible condition groupname org = member.

If you add two org conditions to the AND-combined group nobody will be able to meet the conditions, as you can only be member of one org in the whois cache. If you use an OR-combined group for ADMIN anyone with an org rank of 0 or 1 in the whois cache will meet that condition and be admin in your bot. You don't want either of those conditions.

Tichy · « **Reply #2 on:** November 23, 2007, 02:16:45 pm »

Now it's a little bit more clear, I have to use <i>addgroup</i> first to create a new group and after that create the flexible stuff for my new group.

Code: [Select]

To [XXX]: addgroup orgmems foo
[XXX]: Created group orgmems with anonymous level privlages.

But I could not figure out how to raise the level of this group to member privileges.

Quote

Create a security group with the wanted access level. Or you can use one of the pre-defined ones (Admin, Super-Admin, Leader).

Why is there now member group predefined?

Code: [Select]

[XXX]: Member is a default group and cannot be created as a custom group.

But I could not create a flexible extension for members.

Alreadythere · « **Reply #3 on:** November 23, 2007, 04:08:32 pm »

Use !security levels to set the access level. And all names of access levels are locked as group names, though only groups for admin, super-admin and leader actually exist. You can use Members though if you want.

Tichy · « **Reply #4 on:** November 23, 2007, 04:23:48 pm »

Thx for help, now it works as it should

Dracutza · « **Reply #5 on:** March 25, 2008, 03:40:51 am »

To [bot]: flexible condition add admin org = Dracutza
bot: Dracutza is not in any org!

To [bot]: !whois Dracutza
bot: Dancing "Dracutza" Fancypants is a level 220 (AT 24 - Protector) Female Opifex Shade, Clan, General of Paragon Order :: Details

any ideas?

weird thing is it works fine on a different bots on the same machine... be it org or raid bot.