Auth overwrite?

[Aaron113]

I know there is the whole "there should never be a group above superadmin" argument, but lets face it that will never hold.  I myself am at least a fan of having the ability to change this.  Superadmin's are considered "top dawg" by default, but what if I don't want confusing groups (ex: superadmin called Owner).  My goal is to merely have the option simplify this.  I'm honestly surprised this hasn't been done for ULib already (I searched and found nothing).

I created this module for ULib that will allow such and want your opinion on making it a release?  I seen this general idea in another admin mod years ago (don't remember the name and don't want to put a name to it anyway).

Code: Lua

1. local meta = FindMetaTable("Player")
2.  
3. if SERVER then
4.         ULib.ucl.registerAccess( "ulx issuperadmin", ULib.ACCESS_SUPERADMIN, "Gives user/group Superadmin status.", "Cmds - User Management" )
5.         ULib.ucl.registerAccess( "ulx isadmin", ULib.ACCESS_ADMIN, "Gives user/group Admin status.", "Cmds - User Management" )
6. end
7.  
8. function meta:IsSuperAdmin()
9.         return self:query("ulx issuperadmin")
10. end
11.  
12. function meta:IsAdmin()
13.         return (self:query("ulx isadmin") or self:query("ulx issuperadmin"))
14. end

Download in Addon format

[Megiddo]

Unfortunately, this is very confusing. What if I'm a superadmin without issuperadmin access? I can just imagine the help requests... *shudder*.

If we named our groups something completely different (like operator for admin and root for superadmin), then it might be alright, but I think we'd still cause confusion and heartache over that.

Overall, I know it's not perfect, but I feel like ULib's approach is the best given how GMod presents groups by default.

[Aaron113]

Unfortunately, this is very confusing. What if I'm a superadmin without issuperadmin access? I can just imagine the help requests... *shudder*.

And there are not already many topics (this, this, this, this, this, and this) related to superadmin access?  I can see where you're coming from, but I'm afraid I still disagree.  There will always be people confused.

I'm not suggesting this be added to ULib by default (unless you change your mind of course), but merely a release for the easy option of it.  If someone is having a problem with superadmin access, it could be as simple as linking them to this addon.

[Aharon Tager]

Personally, I think that there are some people who would benefit greatly for this. I for one don't mind having an owner group that inherits from superadmin and haven't run into any issues with this so far, but I can see someone easily getting confused when there is no owner option in ulx if it's their first time. I say release it and hope people benefit from it.

[MrPresident]

If someone is having a problem with superadmin access, it could be as simple as linking them to this addon.

We are not going to advocate hacky workarounds. Just because you can make something work by altering a core function doesn't mean it's a good idea. I can see this causing more problems than it would solve to be perfectly frank. Instead of detouring the functions, you are overriding them.
What happens if someone uses this, and doesn't have that access flag (maybe they forgot to give it to themselves). Now nothing that uses IsAdmin or IsSuperAdmin works.

It's never a good idea to rely on or use hacky work-around solutions when a proper solution is available. People just need to learn to use groups and teams properly.

Now.. all of that being said.. if you wanted to detour those functions rather than override them.. that might be 'something'.. but I still don't agree that this should be accepted as a viable solution.

[lynx]

I like the idea as an idea. But not in the sense of overriding it to have a group over superadmin, but rather be able to set a group or user to trigger the IsSuperAdmin check without needing to inherit from superadmin.

Like for example, I want an inheritance tree of the following:

superadmin
headadmin
admin
operator
user

I want headadmin to trigger the IsSuperAdmin checks in game, but not have all the ULX powers of a superadmin. With this workaround I'd be able to do just that.

[JamminR]

Lynx, IsSuperadmin has nothing to do with ULX.
God power to your server when IsSuperAdmin is true whether ULib is installed or not.
Deny command access to your groups that inherit superadmin if you don't want them to have ulx commands.
Which, really seems like bad design. superadmin should still be highest. "Head admin"?
Why can't superadmin be highest? r00t.

Garry's Gmod, in all the design challenges we've had to work around over the years, is the foremost reason superadmin is highest group for ULib.
It's the highest group according to Gmod. Without ULib installed, or any other access control, superadmin is still the highest group.
We only added "operator" as a custom group as an example.
Owner, well, I'm not going into the rant I have towards a particular gamemode and it's developer(s) decision to deviate from the norm.
i cringe everytime I see someone using a particular gamemode that apparently provides instructions telling them to make themselves owner.
If Gmod itself understood what the heck owner was, it might be ok. It doesn't. Gmod and 99% of the non-gamemode based scripts will likely have no clue what owner is.
Even the Gmod wiki says, paraphrased, "make yourself superadmin if you're hosting a server"
Aaron, I didn't look at any of those links referenced, but presume every single one of them was due to confusion of someone using that gamemode I hate supporting.
IsSuperadmin will work if any group inherits "superadmin".
If someone doesn't understand inheritance, we have several FAQs and a nice community to support it.
I understand the why of your idea, I just am totally against it.
As stated by others, it goes against default Gmod, while we tried to not break it and still allow isadmin and issuperadmin to work.

[lynx]

Lynx, IsSuperadmin has nothing to do with ULX.
God power to your server when IsSuperAdmin is true whether ULib is installed or not.
Deny command access to your groups that inherit superadmin if you don't want them to have ulx commands.
Which, really seems like bad design. superadmin should still be highest. "Head admin"?
Why can't superadmin be highest? r00t.

I know it has nothing to do with ULX/ULib. What I'm saying is that say you have a custom gamemode running IsSuperAdmin checks for certain administration functions, and you want those functions to be usable by a certain user/group but do not want to change inheritance or make a group based on superadmin. Using Aarons method would allow you to make it so you can specify a group to flag true for IsSuperAdmin checks.

I agree with the debates that superadmin should be the highest. And I understand your stance on why you're against it.  I just see the usefulness in a very very very limited sense that doesn't affect many people

[JamminR]

My TL:DR summary - another gamemode promoting use of "owner" as the highest group in the Gmod world is what's causing confusion; Not Ulib or other admin mods that say "make yourself superadmin"

Aaron, though I would never recommend to people your release, instead recommending they don't give superadmin to anyone, I'm not saying don't make an addon.
I feel it will only add that much more confusion later when people forget they added it and are having access troubles.
Perhaps not as much as owner group in the first place, but it will add complexity.

[Aaron113]

As usual, both sides have good points.  Both sides depend on the user understanding the way groups and/or inheritance work.  My way has more flexibility while the default way makes more sense.  I guess it just comes down to if you want this on Ulysses forums.  If not, I'd be happy to remove it and just keep it as a private addon.

Perhaps the option of override would be better.

Code: Lua

1. if SERVER then
2.         ULib.replicatedWritableCvar( "authoverride", "authoverride", "0", true, false, ULib.ACCESS_SUPERADMIN )
3.  
4.         ULib.ucl.registerAccess( "ulx issuperadmin", ULib.ACCESS_SUPERADMIN, "Gives user/group Superadmin status.", "Cmds - User Management" )
5.         ULib.ucl.registerAccess( "ulx isadmin", ULib.ACCESS_ADMIN, "Gives user/group Admin status.", "Cmds - User Management" )
6. end
7.  
8. local override = GetConVar("authoverride")
9. local meta = FindMetaTable("Player")
10.  
11. local oldIsSuperAdmin = meta.IsSuperAdmin
12. function meta:IsSuperAdmin()
13.         if override:GetBool() then
14.                 return self:query("ulx issuperadmin")
15.         else
16.                 return ( oldIsSuperAdmin(self) or self:query("ulx issuperadmin") )
17.         end
18. end
19.  
20. function meta:IsAdmin()
21.         if override:GetBool() then
22.                 return ( self:query("ulx isadmin") or self:query("ulx issuperadmin") )
23.         else
24.                 return ( oldIsSuperAdmin(self) or self:query("ulx isadmin") or self:query("ulx issuperadmin") )
25.         end
26. end

[JamminR]

I just cringe at the amount of Gmod servers that give people superadmin access because the host considers themselves "owner" and think superadmin is just "for lower staff than owner" members.
Your method just provides one yet slightly easier method to allow security setting nightmare.
Can't fault you for that.
Not your or our fault when someone uses it incorrectly and loses control of their server.

[kaisar123]

Thank you so much for this script. I have been looking for something like this for a long time and now I have it.