Basic Permissions Setup

As mentioned previously, PEX supports a rich chat/console command interface allowing you to do almost everything in-game or from the server console. test Note: The following page and tutorial assumes that you have access to the server console and are entering the commands in-game. All commands can be used in-game or at the server console. Commands used in-game must start with a /, while commands entered at the server console do not use the /.

Contents

• Permission Nodes
  • Important Information on the '*' node
  • Important File Back-end Notes
• Tutorial Goals
• Preparation
  • Setup a basic and simple permissions infrastructure
    • If you do not have access to the console
  • Create additional groups
  • Setup rank order
  • Add fancy prefixes!
  • Add permissions to each group
• Testing your environment
• Test the ranks
• File Back-end Example

Permission Nodes (top)

PEX works on the general principal that permission to run a command is not allowed unless the permission node is specifically listed. For those commands and events that are allowed by default, PEX allows for denying access to those commands with permission node negation.

Giving or denying access to a permission node is as simple as using the pex group <group> add <node> command. Negating a permission node uses the same command, you just need to add a dash (-) to the beginning of the node name.

For example, lets look at the /give and /plugins commands as they are part of bukkit.

• /give has a permission node of bukkit.command.give and is normally limited to players listed in the ops.txt file
• /plugins has a permission node of bukkit.command.plugins and is normally given to everyone on the server

The commands to add or deny access to these commands are:

• To allow a group access to /give, the command for PEX is pex group foo add bukkit.command.give
• To deny a group access to /plugins, the command for PEX is pex group foo add -bukkit.command.plugins

Important Information on the '*' Node (top)

• PEX does support a 'give all permissions' node with '*'. However, before using this, read and understand how it works and it's possible side affects. (This subject generates a lot of traffic on the forums. Due to this, it's not recommended to use '*'.)
  • At first glance, it seems simple, giving a group '*' gives it access to all permission nodes. The catch is that there may be permission nodes that you normally would not want a group to have. To illustrate, consider the plugin VanishNoPacket (Referred to as VNP. Note that we are not picking on this plugin, it just happens to be one of the more commonly mentioned plugins in the forums). VNP offers the node vanish.silentjoin which makes anyone with the node log into the server invisible and without any announcement, which often is not what is wanted. This behavior can be dealt with by negating the nodes in question, but it still catches a lot of people off guard.

Important File Back-end Notes (top)

If you are going to edit the permissions file by hand, make sure to read, understand and follow these rules:

• Permission node groupings must start with a dash and a space.
  • - modifyworld.chat and - -modifyworld.mobtarget.* are valid entries in the file back-end
  • modifyworld.chat and -modifyworld.mobtarget.* are invalid entries in the file back-end
• All formatting rules listed in the YAML notes section on the PEX Basics page must be strictly followed. Failure to do this can and often does cause PEX to fail on startup, as well as filling your log files with great amounts of error message text.
• PEX reads the file in a 'top to bottom' manner when checking group and user permission nodes. Similar to a network firewall, once it finds a node that matches what it is looking for, it stops searching. What this means in practice is that if a node gives access to a main group and all subgroups, PEX will find the node that allows access then stop checking, never reaching the negation node.

Consider the following (incorrect!) example:

default:
    default: true
    permissions:
    - modifyworld.*
    - -modifyworld.blocks.interact.23

With this node layout, if a player tried to open a dispenser (data value 23), the first match would be modifyworld.*, causing PEX to stop checking at this point and allow access!

However, if the two lines were reversed (-modifyworld.blocks.interact.23 came before the modifyworld.*), the player would be denied when trying to open the dispenser (node check modifyworld.blocks.interact.23) as the negation node for block ID 23 is the first one to be matched. If the player tried to open a furnace (block ID 61), it would be allowed as the modifyworld.* node would match a check of modifyworld.blocks.interact.61

Tutorial Goals (top)

• Setup a basic and simple permissions infrastructure
  • Create additional groups: Member, VIP, Moderator
    • "Default" is able to chat but cannot modify anything and doesn't have a prefix
    • "Member" is Trusted group. Those players can modify the world and have a colored prefix ("&0(&8M&7ember&0)&7 ")
    • "VIP" is able to modify the world and is not targeted by creepers. Those players will have a prefix "&0(&eVIP&0)&7 ".
    • "Moderator" is able to modify the world and is not targeted by any mobs.
  • "Admins" are Superusers and have access to all PEX commands. They get a fancy prefix like "&0(&4Admins&0)&7 ".
  • OPTIONAL: Remove modifyworld.* permission from "default" group
  • OPTIONAL: Add modifyworld.chat permission to "default" group
• Testing your environment

Preparations (top)

• Install (Installation) and configure (Plugin Configuration) PermissionsEx.
• OPTIONAL: Activate ModifyWorld. See Modifyworld, Configuration for more.
• Start your server.
• Open up the Commands section in a separate web browser window
• Open the YAML Notes in the PEX Basics page in a separate web browser window

Setup a basic and simple permissions infrastructure (top)

These commands must be entered at the console

• Create the "Admins" group with pex group Admins create
• Add the permissions.* permission to this group with pex group Admins add permissions.*.
• Add yourself to this group with pex user YourPlayerName group set Admins, replacing YourPlayerName with your in game name.
• Give yourself permissions to access all PEX commands regardless of the group you are in with pex user YourPlayerName add permissions.*

####If you do not have access to the console (top) Create a permissions.yml file as follows and upload it to the PermissionsEx directory, making sure that the formatting is exact and correct! See the YAML Notes in the PEX Basics page page for details.

groups:
    default:
        default: true
        permissions:
        - modifyworld.*
    Admins:
        prefix: '&0(&4Admins&0)&7 '
        permissions:
        - permissions.*
users:
    YourPlayerName:
        group:
        - Admins
        permissions:
        - permissions.*

Now connect to your server to create groups Member, VIP and Moderator.

Create additional groups: Member, VIP, Moderator (top)

• Create the Member group with /pex group Member create
• Create the VIP group with /pex group VIP create
• Create the Moderator group with /pex group Moderator create

Next, we will assign ranks to those groups and set the Rank order to Member -> VIP -> Moderator -> Admins. See Ranks (Promotion and Demotion) for more.

Set rank order (top)

• /pex group default set rank 1000
• /pex group Member set rank 900
• /pex group VIP set rank 800
• /pex group Moderator set rank 100
• /pex group Admins set rank 1

Rank 100 is now the highest promotion status. Be aware that you can't promote/demote a player above your rank or player below you up to your own group (in this example, Admins, rank 0). This will prevent you from accidentally promoting a user to Admins. If you wish to assign a player to the Admins group, set it directly via the command /pex user PlayerName group set Admins.

Add fancy prefixes! (top)

• /pex group Member prefix "&0(&8M&7ember&0)&7 "
• /pex group VIP prefix "&0(&eVIP&0)&7 "
• /pex group Moderator prefix "&0(&1Moderator&0)&7 "
• /pex group Admins prefix "&0(&4Admins&0)&7 "

Add permissions to each group (top)

NOTE: If you have not enabled ModifyWorld, the modifyworld.* lines can be skipped.

• OPTIONAL: /pex group default remove modifyworld.*
• OPTIONAL: /pex group default add modifyworld.chat (Only needed if modifyworld.* has been removed)
• /pex group Member add modifyworld.*
• /pex group VIP add modifyworld.*
• /pex group VIP add -modifyworld.mobtarget.monster.creeper
• /pex group Moderator add modifyworld.*
• /pex group Moderator add -modifyworld.mobtarget.*
• /pex group Admins add permissions.*
• /pex group Admins add modifyworld.*
• /pex group Admins add -modifyworld.mobtarget.*

Now it's time to test your setup

Testing your environment (top)

For each section, change your group to the specified group with /pex user YourPlayerName group set GroupName ####Default

• Verify that you can chat
• Verify that the right prefix is shown in the chat window
• Verify that you can modify the world by breaking a block outside of the spawn area
  • NOTE: If modifyworld was enabled and the modifyworld.* node was removed, you should not be able to
• If you have enabled modifyworld and the modifyworld.* node was removed, find and run into a creeper! (Don't be afraid, it will not be able to target you, nor can you harm it)

####Member

• Verify that you can chat
• Verify that the right prefix is shown in chat window
• Verify that you can modify the world by breaking a block outside of the spawn area

####VIP

• Verify that you can chat
• Verify that the right prefix is shown in chat window
• Verify that you can modify the world by breaking a block outside of the spawn area
• If you have enabled modifyworld and the modifyworld.* node was removed, find and run into a creeper! (Don't be afraid, it will not be able to target you, but should be able to hurt it)

####Admins

• Verify that you can chat
• Verify that the right prefix is shown in chat window
• Verify that you can modify the world by breaking a block outside of the spawn area (if you have put your player name in the ops.txt and set allowOps to true in the PEX Configuration File, you will be able to break blocks in the spawn area).
• Verify that you have access to all PEX commands (Run /pex reload as a test, it should respond with "Permissions Reloaded")
• Verify that you are not targeted by any mobs

For the next step, you will be creating a "virtual" user. Alternately, have a friend join the server and use them as the test subject (It's for Science!)

Test the ranks (top)

• /pex user AnotherPlayer group set default
• Verify that the promotion/demotion queue is working by using /pex promote AnotherPlayer. You should see "User AnotherPlayer promoted to NextGroup"
• Keep doing this until you see "Promotion error: User is not promotable". Running /pex user AnotherPlayer should show the following:

  foo are member of:
  Moderator (rank 100 @ default)
  

foo's permissions: -modifyworld.mobtarget.* (from Moderator) modifyworld.* (from Moderator) foo's options:

• Demotion is the same as promotion, just change the word promote with demote
• If the player was virtual, remove them afterwards with /pex user AnotherPlayer delete if you want
• If the player was real, check every group to verify that it is working as it should (see the Goals list)

File Backend Example (top)

For reference, following the example above will result in the following permissions.yml file. If you use this as an example for making your permissions file, make note of the indenting and capitalization of the various header names:

groups:
    default:
        default: true
        options:
            rank: '1000'
        permissions:
        - modifyworld.chat
    Member:
        prefix: '&0(&8M&7ember&0)&7 '
        permissions:
        - modifyworld.*
        options:
            rank: '900'
    VIP:
        prefix: '&0(&eVIP&0)&7 '
        permissions:
        - -modifyworld.mobtarget.monster.creeper
        - modifyworld.*
        options:
            rank: '800'
    Moderator:
        prefix: '&0(&1Moderator&0)&7 '
        permissions:
        - -modifyworld.mobtarget.*
        - modifyworld.*
        options:
            rank: '100'
    Admins:
        prefix: '&0(&4Admins&0)&7 '
        permissions:
        - -modifyworld.mobtarget.*
        - modifyworld.*
        - permissions.*
        options:
            rank: '1'
users:
    AnotherPlayer:
        group:
        - default
    YourPlayerName:
        group:
        - Admins

And this is how the file looks to PEX after being parsed. Use an on-line YAML checker to verify your permissions file looks similar. If it does not, PEX will not work as expected and may throw all kinds of exception errors!

{
  "users": {
    "AnotherPlayer": {
      "group": [
        "default"
      ]
    },
    "YourPlayerName": {
      "group": [
        "Admins"
      ]
    }
  },
  "groups": {
    "default": {
      "default": true,
      "options": {
        "rank": "1000"
      },
      "permissions": [
        "modifyworld.chat"
      ]
    },
    "Member": {
      "prefix": "&0(&8M&7ember&0)&7 ",
      "options": {
        "rank": "900"
      },
      "permissions": [
        "modifyworld.*"
      ]
    },
    "VIP": {
      "prefix": "&0(&eVIP&0)&7 ",
      "options": {
        "rank": "800"
      },
      "permissions": [
        "-modifyworld.mobtarget.monster.creeper",
        "modifyworld.*"
      ]
    },
    "Moderator": {
      "prefix": "&0(&1Moderator&0)&7 ",
      "options": {
        "rank": "100"
      },
      "permissions": [
        "-modifyworld.mobtarget.*",
        "modifyworld.*"
      ]
    },
    "Admins": {
      "prefix": "&0(&4Admins&0)&7 ",
      "options": {
        "rank": "0"
      },
      "permissions": [
        "-modifyworld.mobtarget.*",
        "modifyworld.*",
        "permissions.*"
      ]
    }
  }
}

Previous: Plugin Configuration, Next: Advanced Permissions Setup