Role-based authorization model.

Programmers discuss here anything related to FreeOrion programming. Primarily for the developers to discuss.

Moderator: Committer

Post Reply
Message
Author
o01eg
Space Kraken
Posts: 175
Joined: Sat Dec 10, 2011 5:46 am

Role-based authorization model.

#1 Post by o01eg » Mon Oct 16, 2017 1:29 pm

I'm preparing authorization model of the game after authentication was implemented and accepted.

I could distinguish several roles:
  • ROLE_HOST - Can save and load games. Edit other player settings. Stop server.
  • ROLE_MODERATOR - Can attend game as a Moderator.
  • ROLE_PLAYER - Can attend game as a Player.
  • ROLE_OBSERVER - Can attend game as a Observer.
  • ROLE_GALAXY_SETUP - Can change galaxy and AI settings in lobby.
Currently the game have those roles in normal mode:
  • Host:
    • ROLE_HOST
    • ROLE_MODERATOR
    • ROLE_PLAYER
    • ROLE_OBSERVER
    • ROLE_GALAXY_SETUP
  • Other players
    • ROLE_MODERATOR
    • ROLE_PLAYER
    • ROLE_OBSERVER
In the hostless mode all players have equal roles:
  • ROLE_MODERATOR
  • ROLE_PLAYER
  • ROLE_OBSERVER
  • ROLE_GALAXY_SETUP
Next I'm going to customize role for player based on authentication information or default settings for unauthenticated guest players.

Is it complete model? Maybe there should be more detailed roles or they supposed to have different distribution on players?
Gentoo Linux x64, gcc-7.3, boost-1.65.0
Ubuntu Server 18.04 x64, gcc-7.3, boost-1.65.1
Welcome to multiplayer server at freeorion-test.dedyn.io.Version 0.4.8
Donates are welcome: BTC:14XLekD9ifwqLtZX4iteepvbLQNYVG87zK

User avatar
Vezzra
Release Manager, Design
Posts: 4673
Joined: Wed Nov 16, 2011 12:56 pm
Location: Sol III

Re: Role-based authorization model.

#2 Post by Vezzra » Tue Oct 17, 2017 7:44 am

On a quick glance, sounds like a reasonable start.

dbenage-cx
Programmer
Posts: 389
Joined: Sun Feb 14, 2016 12:08 am

Re: Role-based authorization model.

#3 Post by dbenage-cx » Thu Nov 02, 2017 10:21 pm

Looking at #1834, are the roles planned to be restricted to specific capabilities (or assigned some new capability flags)?
e.g. CanKickPlayer() might check for one explicit role or capability flag, without some complicated checking (host || (moderator && player) || ...)

Not sure of the implication of using enum as bit flag without offsets. Seems like there would be some clashes between flags.
Would something akin to the following be preferred?

Code: Select all

constexpr std::size_t NUM_ROLETYPES { 5 };
enum RoleType : std::size_t {
    ROLE_HOST      = ( 1u << 0 ),
    ROLE_MODERATOR = ( 1u << 1 ),
   ...
}
typedef std::bitset<NUM_ROLETYPES> role_set_type
Any content posted should be considered licensed GNU GPL 2.0 and/or CC-BY-SA 3.0 as appropriate.

o01eg
Space Kraken
Posts: 175
Joined: Sat Dec 10, 2011 5:46 am

Re: Role-based authorization model.

#4 Post by o01eg » Fri Nov 03, 2017 4:43 am

Yes, roles are restricted and any capabilities are going to be tested against only one role.

I thought that way but I ended up with using enum's integer value as a offset in a bit flag.
Gentoo Linux x64, gcc-7.3, boost-1.65.0
Ubuntu Server 18.04 x64, gcc-7.3, boost-1.65.1
Welcome to multiplayer server at freeorion-test.dedyn.io.Version 0.4.8
Donates are welcome: BTC:14XLekD9ifwqLtZX4iteepvbLQNYVG87zK

o01eg
Space Kraken
Posts: 175
Joined: Sat Dec 10, 2011 5:46 am

Re: Role-based authorization model.

#5 Post by o01eg » Mon Nov 06, 2017 2:05 pm

I want to add availability to join to a playing game as a Observer or a Moderator. Should I use ROLE_OBSERVER and ROLE_MODERATOR or I need to add new roles to distinguish observers and moderators since a game started and those who connected after it.
Gentoo Linux x64, gcc-7.3, boost-1.65.0
Ubuntu Server 18.04 x64, gcc-7.3, boost-1.65.1
Welcome to multiplayer server at freeorion-test.dedyn.io.Version 0.4.8
Donates are welcome: BTC:14XLekD9ifwqLtZX4iteepvbLQNYVG87zK

User avatar
Geoff the Medio
Programming, Design, Admin
Posts: 12272
Joined: Wed Oct 08, 2003 1:33 am
Location: Munich

Re: Role-based authorization model.

#6 Post by Geoff the Medio » Mon Nov 06, 2017 3:24 pm

o01eg wrote:I want to add availability to join to a playing game as a Observer or a Moderator. Should I use ROLE_OBSERVER and ROLE_MODERATOR or I need to add new roles to distinguish observers and moderators since a game started and those who connected after it.
The point of the roles is to control what the player connection can do in game, right? So if there is no difference in what they can do, I don't see why they'd need a separate role label.

Post Reply