The Permissions
How do the permissions work?
Permissions are the authorities that are permitted to the user. It allows the kernel user to gain slightly more power than the absolute normal user.
How do permissions get read?
When the kernel starts up, it reads the permissions array in the configuration for each user. If it finds a permission in the array, it calls the PermissionsTools.GrantPermission() function under the Nitrocid.Security.Permissions namespace.
The call to the above function requires the ManagePermissions permission to be granted in the current user.
Granting and revoking permissions
This function gets all the permissions that may have been fused together by the call to this function (adding multiple permissions at once) and checks them one by one to see if it's granted. If not yet granted, it adds the permission to the granted permissions list. It then saves the changes to the configuration file.
In the case of a user being part of a group that is granted several permissions, a user is automatically granted permissions from that group. This is called inheritance, since it's basically an inheritance of permissions from a group to all the users that are members of that group.
The function that does the reverse operation of granting permissions (revoking the permission) is RevokePermission().
Requesting permissions
If you want your mod to request additional permissions, we prefer to use the Demand() function which handles multiple permissions at once.
You can also manually demand one permission type by issuing the IsPermissionGranted() function like this:
if (!PermissionsTools.IsPermissionGranted(PermissionTypes.type))
throw new KernelException(KernelExceptionType.PermissionDenied);Permission types
In kernel permissions there are several types that can be fused together with the OR operator with two or more than two enumerations.
ManagePower
1
Allows the user to manage power
ManagePermissions
2
Allows the user to manage permissions
RunStrictCommands
4
Allows the user to run strict commands
ManageFilesystem
8
Allows the user to perform the filesystem operations
ManipulateSettings
16
Allows the user to manipulate with the kernel settings
ExecuteScripts
32
Allows the user to execute UESH scripts
ExecuteProcesses
64
Allows the user to execute processes
ManageUsers
128
Allows the user to manage the users
ManageMods
256
Allows the user to manage the kernel mods
ManageGroups
512
Allows the user to manage the user groups
IntermodCommunication
1024
Allows the user to run mod commands that depend on inter-mod communication
OpenAdminShell
2048
Allows the user to open an administrative shell
OpenDebugShell
4096
Allows the user to open a debug shell
InteraddonCommunication
8192
Allows the user to run commands that depend on inter-addon communication
UseSudo
16384
Allows the user to use the sudo command
Last updated