Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2025-12-18 06:45:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add blacklist for groups and ignore blacklisted roles in Discord service

Browse Source
This commit is contained in:
Erik Kalkoken
2021-11-28 14:48:49 +00:00
committed by Ariel Rin
parent 025c824fbb
commit 4c0683c484
19 changed files with 483 additions and 140 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
docs/features/core/groupmanagement.md
View File

@@ -1,73 +0,0 @@
# Group Management
In order to access group management, users need to be either a superuser, granted the `auth | user | group_management ( Access to add members to groups within the alliance )` permission or a group leader (discussed later).
## Group Requests
When a user joins or leaves a group which is not marked as "Open", their group request will have to be approved manually by a user with the `group_management` permission or by a group leader of the group they are requesting.
## Group Membership
The group membership tab gives an overview of all of the non-internal groups.
![Group overview](/_static/images/features/core/groupmanagement/group-membership.png)
### Group Member Management
Clicking on the blue eye will take you to the group member management screen. Here you can see a list of people who are in the group, and remove members where necessary.
![Group overview](/_static/images/features/core/groupmanagement/group-member-management.png)
### Group Audit Log
Whenever a user Joins, Leaves, or is Removed from a group, this is logged. To find the audit log for a given group, click the light-blue button to the right of the Group Member Management (blue eye) button.
These logs contain the Date and Time the action was taken (in EVE/UTC), the user which submitted the request being acted upon (requestor), the user's main character, the type of request (join, leave or removed), the action taken (accept, reject or remove), and the user that took the action (actor).
![Audit Log Example](/_static/images/features/core/groupmanagement/group_audit_log.png)
## Group Leaders
Group leaders have the same abilities as users with the `group_management` permission, _however_, they will only be able to:
- Approve requests for groups they are a leader of.
- View the Group Membership and Group Members of groups they are leaders of.
This allows you to more finely control who has access to manage which groups.
## Settings
Here is a list of available settings for Group Management. They can be configured by adding them to your AA settings file (``local.py``).
Note that all settings are optional and the app will use the documented default settings if they are not used.
```eval_rst
+---------------------------------------------+-------------------------------------------------------------------------------------------+------------+
| Name | Description | Default |
+=============================================+===========================================================================================+============+
| ``GROUPMANAGEMENT_AUTO_LEAVE`` | Group members can leave their group without needing confirmation from their group leaders | ``False`` |
+---------------------------------------------+-------------------------------------------------------------------------------------------+------------+
| ``GROUPMANAGEMENT_REQUESTS_NOTIFICATION`` | Send Auth notifications to all group leaders for join and leave requests. | ``False`` |
+---------------------------------------------+-------------------------------------------------------------------------------------------+------------+
```
## Permissions
Group Management should be mostly done using group leaders, a series of permissions are included below for thoroughness.
```eval_rst
+--------------------------------+-------------------+------------------------------------------------------------------------------------+
| Permission | Admin Site | Auth Site |
+================================+===================+====================================================================================+
| auth.group_management | None | Can Approve and Deny all Group Requests, Can view and manage all group memberships |
+--------------------------------+-------------------+------------------------------------------------------------------------------------+
| groupmanagement.request_groups | None | Can Request Non-Public Groups |
+--------------------------------+-------------------+------------------------------------------------------------------------------------+
| groupmanagement.add_group | Can Add Models | None |
+--------------------------------+-------------------+------------------------------------------------------------------------------------+
| groupmanagement.change_group | Can Edit Models | None |
+--------------------------------+-------------------+------------------------------------------------------------------------------------+
| groupmanagement.delete_group | Can Delete Models | None |
+--------------------------------+-------------------+------------------------------------------------------------------------------------+
| groupmanagement.view_group | Can View Models | None |
+--------------------------------+-------------------+------------------------------------------------------------------------------------+
```

92
docs/features/core/groups.md
View File

@@ -1,8 +1,8 @@
# Groups
Group Management is one of the core tasks of Alliance Auth. Many of Alliance Auth's services allow for synchronising of group membership, allowing you to grant permissions or roles in services to access certain aspects of them.
Group Management is one of the core tasks of Alliance Auth. Many of Alliance Auth's services allow for synchronizing of group membership, allowing you to grant permissions or roles in services to access certain aspects of them.
## User Organized Groups
## Creating groups
Administrators can create custom groups for users to join. Examples might be groups like `Leadership`, `CEO` or `Scouts`.
@@ -38,7 +38,81 @@ The key difference is that the group is completely unmanaged by Auth. **Once a m
Most people won't have a use for public groups, though it can be useful if you wish to allow public access to some services. You can grant service permissions on a public group to allow this behavior.
## Permission
```eval_rst
.. _ref-reserved-group-names:
```
## Reserved group names
When using Alliance Auth to manage external services like Discord, Auth will automatically duplicate groups on those services. E.g. on Discord Auth will create roles of the same name as groups. However, there may be cases where you want to manage groups on external services by yourself or by another bot. For those cases you can define a list of reserved group names. Auth will ensure that you can not create groups with a reserved name. You will find this list on the admin site under groupmanagement.
```eval_rst
.. note::
While this feature can help to avoid naming conflicts with groups on external services, the respective service component in Alliance Auth also needs to be build in such a way that it knows how to prevent these conflicts. Currently only the Discord service has this ability.
```
## Managing groups
In order to access group management, users need to be either a superuser, granted the `auth | user | group_management ( Access to add members to groups within the alliance )` permission or a group leader (discussed later).
### Group Requests
When a user joins or leaves a group which is not marked as "Open", their group request will have to be approved manually by a user with the `group_management` permission or by a group leader of the group they are requesting.
### Group Membership
The group membership tab gives an overview of all of the non-internal groups.
![Group overview](/_static/images/features/core/groupmanagement/group-membership.png)
#### Group Member Management
Clicking on the blue eye will take you to the group member management screen. Here you can see a list of people who are in the group, and remove members where necessary.
![Group overview](/_static/images/features/core/groupmanagement/group-member-management.png)
#### Group Audit Log
Whenever a user Joins, Leaves, or is Removed from a group, this is logged. To find the audit log for a given group, click the light-blue button to the right of the Group Member Management (blue eye) button.
These logs contain the Date and Time the action was taken (in EVE/UTC), the user which submitted the request being acted upon (requestor), the user's main character, the type of request (join, leave or removed), the action taken (accept, reject or remove), and the user that took the action (actor).
![Audit Log Example](/_static/images/features/core/groupmanagement/group_audit_log.png)
### Group Leaders
Group leaders have the same abilities as users with the `group_management` permission, _however_, they will only be able to:
- Approve requests for groups they are a leader of.
- View the Group Membership and Group Members of groups they are leaders of.
This allows you to more finely control who has access to manage which groups.
### Auto Leave
By default in AA, Both requests and leaves for non-open groups must be approved by a group manager. If you wish to allow users to leave groups without requiring approvals, add the following lines to your `local.py`
```python
## Allows users to freely leave groups without requiring approval.
AUTO_LEAVE = True
```
## Settings
Here is a list of available settings for Group Management. They can be configured by adding them to your AA settings file (``local.py``).
Note that all settings are optional and the app will use the documented default settings if they are not used.
```eval_rst
+---------------------------------------------+---------------------------------------------------------------------------+------------+
| Name | Description | Default |
+=============================================+===========================================================================+============+
| ``GROUPMANAGEMENT_REQUESTS_NOTIFICATION`` | Send Auth notifications to all group leaders for join and leave requests. | ``False`` |
+---------------------------------------------+---------------------------------------------------------------------------+------------+
| ``GROUPMANAGEMENT_AUTO_LEAVE`` | Allows users to freely leave groups without requiring approval.. | ``False`` |
+---------------------------------------------+---------------------------------------------------------------------------+------------+
```
## Permissions
In order to join a group other than a public group, the permission `groupmanagement.request_groups` (`Can request non-public groups` in the admin panel) must be active on their account, either via a group or directly applied to their User account.
@@ -48,3 +122,15 @@ When a user loses this permission, they will be removed from all groups _except_
.. note::
By default, the ``groupmanagement.request_groups`` permission is applied to the ``Member`` group. In most instances this, and perhaps adding it to the ``Blue`` group, should be all that is ever needed. It is unsupported and NOT advisable to apply this permission to a public group. See #697 for more information.
```
Group Management should be mostly done using group leaders, a series of permissions are included below for thoroughness:
```eval_rst
+--------------------------------+-------------------+------------------------------------------------------------------------------------+
| Permission | Admin Site | Auth Site |
+================================+===================+====================================================================================+
| auth.group_management | None | Can Approve and Deny all Group Requests, Can view and manage all group memberships |
+--------------------------------+-------------------+------------------------------------------------------------------------------------+
| groupmanagement.request_groups | None | Can Request Non-Public Groups |
+--------------------------------+-------------------+------------------------------------------------------------------------------------+
```

1
docs/features/core/index.md
View File

@@ -9,7 +9,6 @@ Managing access to applications and services is one of the core functions of **A
dashboard
states
groups
groupmanagement
analytics
notifications
```

24
docs/features/services/discord.md
View File

@@ -92,6 +92,28 @@ If you want users to have their Discord nickname changed to their in-game charac
Once users link their accounts youll notice Roles get populated on Discord. These are the equivalent to groups on every other service. The default permissions should be enough for members to use text and audio communications. Add more permissions to the roles as desired through the server management window.
By default Alliance Auth is taking over full control of role assignments on Discord. This means that users on Discord can in general only have roles that correlate to groups on Auth. However, there are two exceptions to this rule.
### Internal Discord roles
First, users will keep their so called "Discord managed roles". Those are internal roles created by Discord e.g. for Nitro.
### Excluding roles from being managed by Auth
Second, it is possible to exclude Discord roles from being managed by Auth at all. This can be useful if you have other bots on your Discord server that are using their own roles and which would otherwise conflict with Auth. This would also allow you to manage a role manually on Discord if you so chose.
To exclude roles from being managed by Auth you only have to add them to the list of reserved group names in Group Management.
```eval_rst
.. note::
Role names on Discord are case sensitive, while reserved group names on Auth are not. Therefore reserved group names will cover all roles regardless of their case. For example if you have reserved the group name "alpha", then the Discord roles "alpha" and "Alpha" will both be persisted.
```
```eval_rst
.. seealso::
For more information see :ref:`ref-reserved-group-names`.
```
## Tasks
The Discord service contains a number of tasks that can be run to manually perform updates to all users.
@@ -159,7 +181,7 @@ This indicates your callback URL doesn't match. Ensure the `DISCORD_CALLBACK_URL
### "Add/Remove" Errors in Discord Service
If you are recieving errors in your Notifications after verifying that your settings are all correct try the following:
If you are receiving errors in your Notifications after verifying that your settings are all correct try the following:
- Ensure that the bot's role in Discord is at the top of the roles list. Each time you add it to your server you will need to do this again.
- Make sure that the bot is not trying to modify the Owner of the discord, as it will fail. A holding discord account added with invite link will mitigate this.