add the user to automatic rights groups

[NotAFile]

add the team's user type and also a generic all user type

This allows you to give permissions to run certain, usually restricted
commands to anyone or to a certain team

closes #475

[samuelallan72]

It would be nice to document the behaviour of this - at least a comment in the example config.toml and details in the sphinx docs.

[samuelallan72]

Perhaps we could use team1 and team2 to be consistent with the toml config sections?

[NotAFile]

That's a good point. Kind of unfortunate that our config and code differ now.

[samuelallan72]

If no team_usertype, shouldn't all the special usertypes still be removed?

[NotAFile]

That's true. team_usertype will never be None in the forseeable future, so the if is pretty pointless anyway.

[samuelallan72]

Change to if not self.user_types: since it might be an empty set rather than None.

[NotAFile]

Hm, you're right, we have a problem here. But it's a different one. on_join is called multiple times for the lifetime of a connection, once per match. We probably don't want to login the users as admin every time when a new match starts. But we need the user to be joined to be able to execute on_user_login as it might send chat messages.

Easiest thing is probably to defer initialization of the sets to on_join after all.

[samuelallan72]

Something else to consider: server config shouldn't allow giving passwords for built-in roles such as team_1, and users should not be able to /login team_1

relevant code:

piqueserver/piqueserver/core_commands/social.py

Lines 4 to 26 in b673305

	@command()
	def login(connection, password):
	"""
	Log in if you're staff or a trusted member of this server
	/login <password>
	You will be kicked if a wrong password is given 3 times in a row
	"""
	if connection not in connection.protocol.players:
	raise KeyError()
	for user_type, passwords in connection.protocol.passwords.items():
	if password in passwords:
	if user_type in connection.user_types:
	return "You're already logged in as %s" % user_type
	return connection.on_user_login(user_type, True)
	if connection.login_retries is None:
	connection.login_retries = connection.protocol.login_retries - 1
	else:
	connection.login_retries -= 1
	if not connection.login_retries:
	connection.kick('Ran out of login attempts')
	return
	return 'Invalid password - you have %s tries left' % (
	connection.login_retries)

[NotAFile]

server config shouldn't allow giving passwords for built-in roles such as team_1, and users should not be able to /login team_1

Why not? I don't see any harm in this technically being possible. It should work fine, but it'd be pretty pointless... I don't think we need to protect our users from being able to do something pointless?

[samuelallan72]

Why not? I don't see any harm in this technically being possible. It should work fine, but it'd be pretty pointless... I don't think we need to protect our users from being able to do something pointless?

I guess. I was thinking just a check that rejected logging in with a message about it being an automatic/dynamic role.