Browse Source

Add alumni to accessbot

By design, accessbot doesn't *remove* access when you remove yourself
from the access lists; you are just limited to a lower level.  This is
noted in the configuration file:

 # The label 'mask' is special: anyone with perms on a channel that
 # isn't otherwise listed for the channel or in the global list will
 # have their access limited to the mask but otherwise left alone.

However I'm feel like it's reasonable to assume that when you remove
yourself you are giving up your permissions; and in the *very*
unlikely case of a bad actor, we would want to know we did actually
remove them from all channels.

To make this clearer, but still allow for unlisted users to maintain
whatever permissions they have, this adds an "alumni" section to the
configuration, and allows for alumni to be set on individual channels.
If your nick appears in this list, your access is removed.

Obviously once this has run once, people could be removed from alumni
if there is a need to cater for something tricky like removing global
access but then adding permissions.  But in general I think it will
work to just keep a record of contributors in the common case of
"moved on from openstack work and no longer want to admin things".

Change-Id: I0858e963cdf4bc90c30f9d60ea524d778ae3d150
master
Ian Wienand 9 months ago
parent
commit
4e23eb18a0
1 changed files with 11 additions and 2 deletions
  1. 11
    2
      files/accessbot.py

+ 11
- 2
files/accessbot.py View File

@@ -92,6 +92,7 @@ class SetAccess(irc.client.SimpleIRCClient):
92 92
 
93 93
     def _get_access_list(self, channel_name):
94 94
         ret = {}
95
+        alumni = []
95 96
         channel = None
96 97
         for c in self.config['channels']:
97 98
             if c['name'] == channel_name:
@@ -104,12 +105,15 @@ class SetAccess(irc.client.SimpleIRCClient):
104 105
             if access == 'mask':
105 106
                 mask = self.config['access'].get(nicks)
106 107
                 continue
108
+            if access == 'alumni':
109
+                alumni += nicks
110
+                continue
107 111
             flags = self.config['access'].get(access)
108 112
             if flags is None:
109 113
                 continue
110 114
             for nick in nicks:
111 115
                 ret[nick] = flags
112
-        return mask, ret
116
+        return mask, ret, alumni
113 117
 
114 118
     def _get_access_change(self, current, target, mask):
115 119
         remove = ''
@@ -136,13 +140,18 @@ class SetAccess(irc.client.SimpleIRCClient):
136 140
         return change
137 141
 
138 142
     def _get_access_changes(self):
139
-        mask, target = self._get_access_list(self.current_channel)
143
+        mask, target, alumni = self._get_access_list(self.current_channel)
140 144
         self.log.debug("Mask for %s: %s" % (self.current_channel, mask))
141 145
         self.log.debug("Target for %s: %s" % (self.current_channel, target))
142 146
         all_nicks = set()
147
+        global_alumni = self.config.get('alumni', {})
143 148
         current = {}
144 149
         changes = []
145 150
         for nick, flags, msg in self.current_list:
151
+            if nick in global_alumni or nick in alumni :
152
+                self.log.debug("%s is an alumni; removing access", nick)
153
+                changes.append('access #%s del %s' % (self.current_channel, nick))
154
+                continue
146 155
             all_nicks.add(nick)
147 156
             current[nick] = flags
148 157
         for nick in target.keys():

Loading…
Cancel
Save