User management – permissions issues

Lets talk more about permissions management in jxmpp-bot.

When user enters chat room all we know about him is his JID (jabber user identifier)  and nickname. User can change his nickname during session, but JID is persistent.

Of course user can register additional JID and chat inside room using several ones. But this is exotical situation I guess.

So generally JID is unique thing and can be used to identify person owning it.

Our database structure takes into account situation when user can have multiple JIDs (permissions table is the key). It also handles those cases when user is chatting in several rooms simultaneously.

But there is one problem. Imagine situation, when in one room user has administrator privileges (or even room’s owner ones) and in another room he is simply participant. So in one room user can use advanced bot’s commands (e.g. user is administrator of this room) and inside another one user can perform only basic actions (e.g. ping, time etc).

Here is an example: user ‘John Doe‘ is administrator of ‘Own chat‘ (his own room), participant of ‘Musics‘ and guest of ‘General chat‘. Inside his own room user can perform any administrative tasks using bot (e.g. kick, ban etc with logging). Inside other rooms user can’t perform kick/ban commands and many other actions.

TODO: Replace Jid with UserPermissions in diagram

Jid

Let’s see how bot reacts on John Doe’s commands. Note: commands are sent from different chat rooms but by the same user (owning the same jid, john_doe@xmpp.com)

Permissions

In order to perform some action user (John Doe in our example) accesses Muc Manager. Client passes chat room name and  user’s jid value (e.g. john_doe@xmpp.com as string) to this manager.

Manager itself gets access level using room name and jid. Then manager finds corresponding service (which can perform action needed to client) and requests access level needed to invoke this service.

If user has low access level, he can’t invoke service and permission denied answer is sent back.

If user has enough access rights, manager invokes service, performs actions using this service and sends results to user.

Advertisements

2 Responses to “User management – permissions issues”

  1. Extenze Says:

    As a Newbie, I am always searching online for articles that can help me. Thank you

  2. Schedule Says:

    Best you should make changes to the blog title User management – permissions issues Tillias's Blog to something more generic for your webpage you write. I loved the blog post nevertheless.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: