Role-based authorization model.

Programmers discuss here anything related to FreeOrion programming. Primarily for the developers to discuss.

Moderator: Committer

Post Reply
Message
Author
o01eg
Programmer
Posts: 1998
Joined: Sat Dec 10, 2011 5:46 am

Role-based authorization model.

#1 Post by o01eg »

I'm preparing authorization model of the game after authentication was implemented and accepted.

I could distinguish several roles:
  • ROLE_HOST - Can save and load games. Edit other player settings. Stop server.
  • ROLE_MODERATOR - Can attend game as a Moderator.
  • ROLE_PLAYER - Can attend game as a Player.
  • ROLE_OBSERVER - Can attend game as a Observer.
  • ROLE_GALAXY_SETUP - Can change galaxy and AI settings in lobby.
Currently the game have those roles in normal mode:
  • Host:
    • ROLE_HOST
    • ROLE_MODERATOR
    • ROLE_PLAYER
    • ROLE_OBSERVER
    • ROLE_GALAXY_SETUP
  • Other players
    • ROLE_MODERATOR
    • ROLE_PLAYER
    • ROLE_OBSERVER
In the hostless mode all players have equal roles:
  • ROLE_MODERATOR
  • ROLE_PLAYER
  • ROLE_OBSERVER
  • ROLE_GALAXY_SETUP
Next I'm going to customize role for player based on authentication information or default settings for unauthenticated guest players.

Is it complete model? Maybe there should be more detailed roles or they supposed to have different distribution on players?
Gentoo Linux x64, gcc-11.2, boost-1.78.0
Ubuntu Server 22.04 x64, gcc-12, boost-1.74.0
Welcome to the slow multiplayer game at freeorion-lt.dedyn.io.Version 2024-01-30.0dd6806.
Donations're welcome:BTC:bc1q007qldm6eppqcukewtfkfcj0naut9njj7audnm

User avatar
Vezzra
Release Manager, Design
Posts: 6090
Joined: Wed Nov 16, 2011 12:56 pm
Location: Sol III

Re: Role-based authorization model.

#2 Post by Vezzra »

On a quick glance, sounds like a reasonable start.

dbenage-cx
Programmer
Posts: 389
Joined: Sun Feb 14, 2016 12:08 am

Re: Role-based authorization model.

#3 Post by dbenage-cx »

Looking at #1834, are the roles planned to be restricted to specific capabilities (or assigned some new capability flags)?
e.g. CanKickPlayer() might check for one explicit role or capability flag, without some complicated checking (host || (moderator && player) || ...)

Not sure of the implication of using enum as bit flag without offsets. Seems like there would be some clashes between flags.
Would something akin to the following be preferred?

Code: Select all

constexpr std::size_t NUM_ROLETYPES { 5 };
enum RoleType : std::size_t {
    ROLE_HOST      = ( 1u << 0 ),
    ROLE_MODERATOR = ( 1u << 1 ),
   ...
}
typedef std::bitset<NUM_ROLETYPES> role_set_type
Any content posted should be considered licensed GNU GPL 2.0 and/or CC-BY-SA 3.0 as appropriate.

o01eg
Programmer
Posts: 1998
Joined: Sat Dec 10, 2011 5:46 am

Re: Role-based authorization model.

#4 Post by o01eg »

Yes, roles are restricted and any capabilities are going to be tested against only one role.

I thought that way but I ended up with using enum's integer value as a offset in a bit flag.
Gentoo Linux x64, gcc-11.2, boost-1.78.0
Ubuntu Server 22.04 x64, gcc-12, boost-1.74.0
Welcome to the slow multiplayer game at freeorion-lt.dedyn.io.Version 2024-01-30.0dd6806.
Donations're welcome:BTC:bc1q007qldm6eppqcukewtfkfcj0naut9njj7audnm

o01eg
Programmer
Posts: 1998
Joined: Sat Dec 10, 2011 5:46 am

Re: Role-based authorization model.

#5 Post by o01eg »

I want to add availability to join to a playing game as a Observer or a Moderator. Should I use ROLE_OBSERVER and ROLE_MODERATOR or I need to add new roles to distinguish observers and moderators since a game started and those who connected after it.
Gentoo Linux x64, gcc-11.2, boost-1.78.0
Ubuntu Server 22.04 x64, gcc-12, boost-1.74.0
Welcome to the slow multiplayer game at freeorion-lt.dedyn.io.Version 2024-01-30.0dd6806.
Donations're welcome:BTC:bc1q007qldm6eppqcukewtfkfcj0naut9njj7audnm

User avatar
Geoff the Medio
Programming, Design, Admin
Posts: 13586
Joined: Wed Oct 08, 2003 1:33 am
Location: Munich

Re: Role-based authorization model.

#6 Post by Geoff the Medio »

o01eg wrote:I want to add availability to join to a playing game as a Observer or a Moderator. Should I use ROLE_OBSERVER and ROLE_MODERATOR or I need to add new roles to distinguish observers and moderators since a game started and those who connected after it.
The point of the roles is to control what the player connection can do in game, right? So if there is no difference in what they can do, I don't see why they'd need a separate role label.

Post Reply