The Permissions
How do the permissions work?
Permissions are the authorities that are permitted to the user. It allows the kernel user to gain slightly more power than the absolute normal user.
When the kernel starts up, it reads the permissions
array in the configuration for each user. If it finds a permission in the array, it calls the PermissionsTools.GrantPermission()
function under the Nitrocid.Security.Permissions
namespace.
The call to the above function requires the ManagePermissions
permission to be granted in the current user.
This function gets all the permissions that may have been fused together by the call to this function (adding multiple permissions at once) and checks them one by one to see if it's granted. If not yet granted, it adds the permission to the granted permissions list. It then saves the changes to the configuration file.
In the case of a user being part of a group that is granted several permissions, a user is automatically granted permissions from that group. This is called inheritance, since it's basically an inheritance of permissions from a group to all the users that are members of that group.
The function that does the reverse operation of granting permissions (revoking the permission) is RevokePermission()
.
If you want your mod to request additional permissions, we prefer to use the Demand()
function which handles multiple permissions at once.
You can also manually demand one permission type by issuing the IsPermissionGranted()
function like this:
...where the type
is one of the following types:
ManagePower
: Allows the user to manage powerFlag value is 1
ManagePermissions
: Allows the user to manage permissionsFlag value is 2
RunStrictCommands
: Allows the user to run strict commandsFlag value is 4
ManageFilesystem
: Allows the user to perform the filesystem operationsFlag value is 8
ManipulateSettings
: Allows the user to manipulate with the kernel settingsFlag value is 16
ExecuteScripts
: Allows the user to execute UESH scriptsFlag value is 32
ExecuteProcesses
: Allows the user to execute processesFlag value is 64
ManageUsers
: Allows the user to manage the usersFlag value is 128
ManageMods
: Allows the user to manage the kernel modsFlag value is 256
ManageGroups
: Allows the user to manage the user groupsFlag value is 512
IntermodCommunication
: Allows the user to run mod commands that depend on inter-mod communicationFlag value is 1024
OpenAdminShell
: Allows the user to open an administrative shellFlag value is 2048
OpenDebugShell
: Allows the user to open a debug shellFlag value is 4096
InteraddonCommunication
: Allows the user to run commands that depend on inter-addon communicationFlag value is 8192
UseSudo
: Allows the user to use the sudo commandFlag value is 16384