Search

CLANDB_SETUP2

[:: Legends Of The Jedi ::]
This also supports division, empowerment, rank, own_clan and name. Name has
three special keywords, leader, first and second, which always resolve to
whoever the leader, the first, and the second are. For example, you can grant
edit access to /private/leadership/ for the clan leader via `clandb --root
restrict edit add /private/leadership/ allow name eq first`. As these are
chains, you could repeat this with "leader", "first" and "second" and just have
three rules that grant the same permissions to the first and the second as
well. Rules are evaluated in order until a matching one is found, at which
point its "action" is taken.

One further note on the above example. As chains by default deny access unless
otherwise allowed, setting up the /private/leadership/ edit restriction will
actually deny all other users edit permission to this path, even if they have
edit access to /private/. Another practical example may be that you want to
restrict edit to "/public/" just to the clan leader, which would be `clandb
--root restrict edit add /public/ allow name eq leader`.

Similarly, you can restrict view access to the "/private/leadership/" path to
the leader, first, and second by setting up view restrictions as follows
`clandb --root restrict view add /private/leadership/ allow name eq leader`
`clandb --root restrict view add /private/leadership/ allow name eq first`
`clandb --root restrict view add /private/leadership/ allow name eq second`

The system supports equal to, not equal to, greater than, less than, greater
than or equal to, etc. for numeric values. This comes in handy with divisions
and ranks. For example, you could grant everyone with rank above 10 access to
edit /private/ like this `clandb --root restrict edit add /private/ rank gt
10`. Note, this actually grants edit access to those clan members even if they
dont have the "clandb_edit" bestowment.

There are just a few other things to cover in general. First, the default
action of a chain is to deny unless there is a rule that allows. However,
sometimes you want the opposite logic (e.g. allow unless a rule matches). You
can change that default via the "default" subcommand, e.g. `clandb --root
restrict edit default /private/ allow`. Second, you can view restrictions using
the "view" subcommand, which also understands "all", for example, `clandb
--root restrict edit view all`. The command also supports "delete" and
"deleteall". There is no edit for restrictions, just delete and add. You can
also specify a `--position` if you want to add a rule to a particular spot in a
chain. As rules are evaluated in order until one matches, sometimes the order
matters to get the desired behavior.

There are also several built-in restrictions that you cannot delete or modify.
Specifically, they allow read of "/" by anyone, and restrict read of
"/private/" to members of a clan. Additionally, you cant restrict view within
"/public/". What this nets out to is everyone in the clan can view "/private/"
everyone in the game can view "/public/". There are also a few restrictions
that can be edited / deleted, but which are installed by default. For example,
granting blanket edit permission for those with the "clandb_edit" bestowment to
"/".

Here are a few recipes to get you started.

Setup a private space for the clan leaders which other members cant view,
search or edit.
`clandb --root restrict view /private/leadership/ add allow name eq leader`
`clandb --root restrict view /private/leadership/ add allow name eq first`
`clandb --root restrict view /private/leadership/ add allow name eq second`
`clandb --root restrict edit /private/leadership/ add allow name eq leader`
`clandb --root restrict edit /private/leadership/ add allow name eq first`
`clandb --root restrict edit /private/leadership/ add allow name eq second`

Setup a private space for division 1 to be able to view and edit, where anyone
in that division can view but only people of rank 5 or higher can edit. Note in
this example, you dont need to restrict edit by the division, because you
cannot edit what you cannot view.
`clandb --root restrict view /private/security/ add allow division eq 1`
`clandb --root restrict edit /private/security/ add allow rank gte 5`

Tip!
clandb "writes to the datapad" meaning that your datapad log can be used to
save information from the database locally.

See Also: HELP CLANDB_SETUP, HELP CLANDB, HELP SHOWCLAN