Lets talk more about permissions management in jxmpp-bot.
When user enters chat room all we know about him is his JID (jabber user identifier) and nickname. User can change his nickname during session, but JID is persistent.
Of course user can register additional JID and chat inside room using several ones. But this is exotical situation I guess.
So generally JID is unique thing and can be used to identify person owning it.
Our database structure takes into account situation when user can have multiple JIDs (permissions table is the key). It also handles those cases when user is chatting in several rooms simultaneously.
But there is one problem. Imagine situation, when in one room user has administrator privileges (or even room’s owner ones) and in another room he is simply participant. So in one room user can use advanced bot’s commands (e.g. user is administrator of this room) and inside another one user can perform only basic actions (e.g. ping, time etc).
Here is an example: user ‘John Doe‘ is administrator of ‘Own chat‘ (his own room), participant of ‘Musics‘ and guest of ‘General chat‘. Inside his own room user can perform any administrative tasks using bot (e.g. kick, ban etc with logging). Inside other rooms user can’t perform kick/ban commands and many other actions.
TODO: Replace Jid with UserPermissions in diagram
Let’s see how bot reacts on John Doe’s commands. Note: commands are sent from different chat rooms but by the same user (owning the same jid, firstname.lastname@example.org)
In order to perform some action user (John Doe in our example) accesses Muc Manager. Client passes chat room name and user’s jid value (e.g. email@example.com as string) to this manager.
Manager itself gets access level using room name and jid. Then manager finds corresponding service (which can perform action needed to client) and requests access level needed to invoke this service.
If user has low access level, he can’t invoke service and permission denied answer is sent back.
If user has enough access rights, manager invokes service, performs actions using this service and sends results to user.