Role based access control (RBAC) for bot functions #7
Description
Summary
To implement an RBAC system, similar to how AWS roles are used.
Add tier-wise roles to every user (admin > moderator > everyone (or no-role)), each users/user ID's is mapped to one of these roles (for persistence during restarts, requires a DB).
Every user invokable function should have some identification (a decorator, perhaps?) - which checks if the invoker has enough permissions to invoke the function. The body of the function itself should only contain the business logic pertaining to that function and not related to permissions.
Implementation
Examples speak for themselves,
@everyone
def xkcd(update, context):
...
@moderator
def kick(...):
...
New roles can be made by creating its decorator function, and adding the role name to the priority list. Role to permission(s) mapping is something to be thought of as well.
rolePriorityList = ['admin', 'moderator', 'everyone']
Additional (optional) enhancements,
- HIgher priority role should have permissions of all roles below?
- An admin only function for giving roles (like
/addrole @tag moderator)