Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow dropping and elevating owner permissions #5419

Draft
wants to merge 37 commits into
base: V3/develop
Choose a base branch
from
Draft

Allow dropping and elevating owner permissions #5419

wants to merge 37 commits into from

Conversation

Jackenmen
Copy link
Member

Description of the changes

Supersedes #3999, fixes #3598

New user features

  • --enable-sudo flag that enables this whole functionality
    • This allows the bot owner to, for the most time, act as a regular user while still being able to make some administrative actions when needed
    • Added [p]su/[p]unsu commands that allow the bot owner to elevate/de-elevate their bot owner permissions
      • [p]su command will automatically de-elevate after a configurable timeout (15 minutes by default) passes
    • Added [p]sudo <command> command that allows the bot owner to run a specific command with bot owner permissions while keeping de-elevated permissions for everything else

Implementation

The feature is quite cool, I must say that... I cannot however say the same about the way this is (and probably how it has to be) implemented.
On the high level, this implementation provides 2 separate properties: all_owner_ids and owner_ids. The former is a simple (frozen) set which is pretty much the same as what we have in current stable releases under owner_ids property.
owner_ids in this implementation is where the magic happens. It magically provides you IDs of owners that are elevated in the current context and it is used for all kinds of bot owner checks like bot.is_owner(), @commands.is_owner(), etc. This all sounds relatively straightforward until we dive into how all of this "magic" is done.

Internally, we have a ContextVar that keeps track of owners with elevated privileges in the different contexts. Whenever owner_ids is accessed, we get the current value of that context var, or if it's not set, we use the current "globally" elevated owner IDs (as in the ones that are currently elevated through [p]su command). The context var is set for each processed command which means that within the context of the command, it is a constant, and the changes that are made with [p]su/unsu/sudo while it runs do not affect it. Because asyncio.Tasks have their own context, setting a value of a context var does not set that value in the global context and therefore accessing the global context will keep giving us the current "globally" elevated owner IDs as the default.

So based on this, we can expect that whenever the user runs the command, the command will get the currently elevated owner IDs when it tries to access owner_ids and the changes made to the global context during its runtime will not affect it. For better or worse, this however also means that any tasks spawned within that command will inherit the value of owner_ids that was set for it right before its execution. This is quite intentional for short-lived tasks like waiting for a message or reaction but might not be something that cog creator wants when trying to spawn a long-lived task that needs to access the currently elevated owner ids. Another somewhat similar problem is that the same long-lived tasks can also be created on cog load and they inevitably will inherit the value of owner_ids that was set for [p]load.
Currently, this is a limitation that I have not really tried addressing (and I don't exactly have an idea how to address it) and I'm not sure how much we can do if we don't want to make APIs completely impractical.

Drapersniper and others added 30 commits October 24, 2021 02:25
@Drapersniper @Jackenmen
add new owner logic
efcab43
@Drapersniper @Jackenmen
hmmm not sure what my local branch decided to do here...
afc32c5
@Jackenmen
add --enable-sudo cli and an auto reset to [p]sudo
58578fa
@Drapersniper @Jackenmen
move [p]sudotimer to [p]set sudotimeout
399441f
@Drapersniper @Jackenmen
Update redbot/core/bot.py
1c077cb 
Co-authored-by: jack1142 <[email protected]>
@Drapersniper @Jackenmen
remove this check
06fa356
@Drapersniper @Jackenmen
this
5627cc1
@Drapersniper @Jackenmen
welp
792bc0e
@Drapersniper @Jackenmen
add a timer_unsudo task for better accuracy and expexted behaviour
7693ac7
@Drapersniper @Jackenmen
jack
35175fb
@Drapersniper @Jackenmen
add sudotimeout to set showsettings
95723b2
@Drapersniper @Jackenmen
Update redbot/core/bot.py
6249297
@Drapersniper @Jackenmen
welp
e4919a1
@Drapersniper @Jackenmen
fix sudotimeout docstrings
edd2524
@Drapersniper @Jackenmen
Make use of ContextVar (Thanks Jack for the suggestion and implementa…
4c58b76 
…tion suggestions)
@Drapersniper @Jackenmen
tweaks tweaks
5cf583f
@Drapersniper @Jackenmen
fix some minor mistakes
3a3ba5f
@Drapersniper @Jackenmen
This lookup error didn't set the values properly reverting
82488a3
@Drapersniper @Jackenmen
properly implement _true_owner_ids ands make it a frozenset
604d952
@Drapersniper @Jackenmen
doesnt work without --enable-sudo ... too tired will look at it at …
9291698 
…some other time
@Jackenmen
Fix sudo disabled, simplify/refactor a bit, add comments
f8caa67
@Jackenmen
Add TODO entries
9803e8c
@Jackenmen
Document true_owner_ids and owner_ids properties
547974a
@Jackenmen
This might be a terrible idea...
d58f7f2
@Jackenmen
Rename _sudoed_owner_ids->_elevated_owner_ids
5a40b28 
As I said, this was pseudocode so it wasn't meant to become attr name.
@Drapersniper @Jackenmen
rename [p]sudo to [p]su and [p]unsudo to [p]unsu, `[p]sudotim…
d2c4a25 
…eout` to `[p]sutimeout` to open up space for `[p]sudo` which would be command based akin to `[p]mock`
@Jackenmen
Try to prevent leaks for currently running contexts
dc00850 
NOTE: this is a bit fragile but unless I missed something,
it stops becoming fragile if we successfully get through bot startup
and I made a note about this in the body of `owner_ids` property.
@Jackenmen
Make the owner_ids.setter more robust
8101ba9
@Jackenmen
Add a proper comment for owner_ids.setter
0de1656
@Drapersniper @Jackenmen
add [p]sudo <command> which allows you to run a one off command wit…
8b2d393 
…h bot owner permissions, without enabled this permission globaly.
@Jackenmen Jackenmen added Breaking Change Will potentially break some cogs. Type: Feature New feature or request. Status: Needs Discussion Needs more discussion. labels Oct 24, 2021
@Jackenmen Jackenmen added this to the 3.5.0 milestone Oct 24, 2021
@github-actions github-actions bot added Category: Cogs - Audio This is related to the Audio cog. Category: Bot Core Category: Core - API - Utils Package This is related to stuff in `redbot.core.utils` labels Oct 24, 2021
@Jackenmen Jackenmen changed the title Su and sudo Allow dropping and elevating owner permissions Oct 24, 2021
@Jackenmen Jackenmen modified the milestones: 3.5.0, 3.6.0 Nov 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aikaterna aikaterna Awaiting requested review from aikaterna aikaterna will be requested when the pull request is marked ready for review aikaterna is a code owner

@PredaaA PredaaA Awaiting requested review from PredaaA PredaaA will be requested when the pull request is marked ready for review PredaaA is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Breaking Change Will potentially break some cogs. Category: Cogs - Audio This is related to the Audio cog. Category: Core - API - Utils Package This is related to stuff in `redbot.core.utils` Status: Needs Discussion Needs more discussion. Type: Feature New feature or request.
Projects
None yet
Milestone
3.6.0
Development

Successfully merging this pull request may close these issues.

[Core] Allow dropping and elevating permissions
2 participants
@Jackenmen @Drapersniper