Page 1 of 1

Role-based authorization model.

Posted: Mon Oct 16, 2017 1:29 pm
by o01eg
I'm preparing authorization model of the game after authentication was implemented and accepted.

I could distinguish several roles:
  • ROLE_HOST - Can save and load games. Edit other player settings. Stop server.
  • ROLE_MODERATOR - Can attend game as a Moderator.
  • ROLE_PLAYER - Can attend game as a Player.
  • ROLE_OBSERVER - Can attend game as a Observer.
  • ROLE_GALAXY_SETUP - Can change galaxy and AI settings in lobby.
Currently the game have those roles in normal mode:
  • Host:
    • ROLE_HOST
    • ROLE_MODERATOR
    • ROLE_PLAYER
    • ROLE_OBSERVER
    • ROLE_GALAXY_SETUP
  • Other players
    • ROLE_MODERATOR
    • ROLE_PLAYER
    • ROLE_OBSERVER
In the hostless mode all players have equal roles:
  • ROLE_MODERATOR
  • ROLE_PLAYER
  • ROLE_OBSERVER
  • ROLE_GALAXY_SETUP
Next I'm going to customize role for player based on authentication information or default settings for unauthenticated guest players.

Is it complete model? Maybe there should be more detailed roles or they supposed to have different distribution on players?

Re: Role-based authorization model.

Posted: Tue Oct 17, 2017 7:44 am
by Vezzra
On a quick glance, sounds like a reasonable start.

Re: Role-based authorization model.

Posted: Thu Nov 02, 2017 10:21 pm
by dbenage-cx
Looking at #1834, are the roles planned to be restricted to specific capabilities (or assigned some new capability flags)?
e.g. CanKickPlayer() might check for one explicit role or capability flag, without some complicated checking (host || (moderator && player) || ...)

Not sure of the implication of using enum as bit flag without offsets. Seems like there would be some clashes between flags.
Would something akin to the following be preferred?

Code: Select all

constexpr std::size_t NUM_ROLETYPES { 5 };
enum RoleType : std::size_t {
    ROLE_HOST      = ( 1u << 0 ),
    ROLE_MODERATOR = ( 1u << 1 ),
   ...
}
typedef std::bitset<NUM_ROLETYPES> role_set_type

Re: Role-based authorization model.

Posted: Fri Nov 03, 2017 4:43 am
by o01eg
Yes, roles are restricted and any capabilities are going to be tested against only one role.

I thought that way but I ended up with using enum's integer value as a offset in a bit flag.

Re: Role-based authorization model.

Posted: Mon Nov 06, 2017 2:05 pm
by o01eg
I want to add availability to join to a playing game as a Observer or a Moderator. Should I use ROLE_OBSERVER and ROLE_MODERATOR or I need to add new roles to distinguish observers and moderators since a game started and those who connected after it.

Re: Role-based authorization model.

Posted: Mon Nov 06, 2017 3:24 pm
by Geoff the Medio
o01eg wrote:I want to add availability to join to a playing game as a Observer or a Moderator. Should I use ROLE_OBSERVER and ROLE_MODERATOR or I need to add new roles to distinguish observers and moderators since a game started and those who connected after it.
The point of the roles is to control what the player connection can do in game, right? So if there is no difference in what they can do, I don't see why they'd need a separate role label.