python-telegram-bot/python-telegram-botPublic

NotificationsYou must be signed in to change notification settings
Fork5.9k
Star28.4k

Roles#1789

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Jump to bottom

Closed

Bibo-Joshi wants to merge22 commits intomasterfromroles

Closed

Roles#1789

Bibo-Joshi wants to merge22 commits intomasterfromroles

Conversation

Copy link

Member

Bibo-Joshi commentedFeb 21, 2020•
edited
Loading

This PR adds the functionality of restricting access to handlers to

specified users (by id)
specified chats (by id)
chat admins
chat creators

Builds upon#1757 (see below)
Closes#1151,#1562

Example usage:

updater=Updater('TOKEN')dp=updater.dispatcherroles=updater.dispatcher.rolesroles.add_admin('authors_user_id')roles.add_role(name='my_role_1')my_role_1=roles['my_role_1']roles.add_role(name='my_role_2',parent_roles=roles['my_role_1'])my_role_2=roles['my_role_2']defadd_to_my_role_2(update,context):user=update.effective_usercontext.roles['my_role_2'].add_member(user.id)defadd_to_my_role_1(update,context):user_id=update.message.textcontext.roles['my_role_1'].add_member(user_id)....# Anyone can add themself to my_role_2dp.add_handler(TypeHandler(Update,add_to_my_role_2))# Only the admin can add users to my_role_1dp.add_handler(MessageHandler(Filters.message,add_to_my_role_1,roles=roles.ADMINS))# This will be accessable by my_role_2, my_role_1 and the admindp.add_handler(SomeHandler(...,roles=my_role_2))# This will be accessable by my_role_1 and the admindp.add_handler(SomeHandler(...,roles=my_role_1))# This will be accessable by anyone except my_role_1 and my_role_2dp.add_handler(SomeHandler(...,roles=~my_role_1))# This will be accessable by users, who are in my_role_2 bot not in my_role_1dp.add_handler(SomeHandler(...,roles=~my_role_1&my_role_2))# This will be accessable only by the admins of the group the update was sent indp.add_handler(SomeHandler(...,roles=roles.CHAT_ADMINS))# This will be accessable only by the creator of the group the update was sent indp.add_handler(SomeHandler(...,roles=roles.CHAT_CREATOR))# You can compare the roles regarding hierarchy:roles.ADMINS>=roles['my_role_1']#Trueroles.ADMINS>=roles['my_role_2']#Trueroles['my_role_1']<roles['my_role_2']#Falseroles.ADMINS>=Role(...)#False, since neither of those is a parent of the other

How does it work

Added Classes

Role

Inherits fromFilters.user (This is, whereAllow updating user_ids/usernames of a running filters.user #1757 comes in. Can be changed to inherinting fromBaseFilter if the reviewer want that)
Can be combined by bitwise operations (This is why I'm Inheriting fromFilters)
Can be compared w.r.t. hierarchy. E.g. in above example:my_role_1 > my_role_2
Dynamically add/kick members

Roles

A container for multiple roles

Inherits fromdict to allow accessing the roles byroles['role_name']
Roles.ADMINS is parent to every role
Roles.CHAT_ADMINS,Roles.CHAT_CREATOR as shortcuts for restricting acces in group chats
Dynamically add/remove admins and roles

Integration with handlers

The base classHandler now has a__new__ method that makes sure, thatcheck_update is called only, if the roles checked out. Alternatives approaches would be

MakeHandler.check_update check the roles directly and callsuper().check_updater in all the specific handlers. This means that custom handlers would have to change theircheck_update implementation. Then again, they may have to be adjusted to accept theroles argument anyway
Add a methoHandler.check_update_with_roles that callesHandler.check_update after checking the roles. In the current code base, replace all calls tocheck_update withcheck_update_with_role. This would leave current implementation ofcheck_update untouched.

Integration with dispatcher

Dispatcher.roles is theRoles instance managing the roles
Dispatcher.roles is available ascontext.roles to allow editing roles in callbacks
store_roles is added to persistence to allow keeping track of roles over restarts. I know that adding stuff to persistence should be done with care. But if we want dynamic access control (and I do), we need persistence here.

ToDo

Add roles to newPollAnswerHandler. AsPoll updates have neither user nor chat, we don't need roles withPollHandler
Cache chat admins and creators (timeout is customizable viaroles.CHAT_ADMINS.timeout = ...)
Handle private chats correctly withroles.CHAT_ADMINS/CHAT_CREATOR (this is as easy if checkingchat.id == user.id)
When merged, we should create a wiki page. Important points to mention there:
- Hard codingdp.roles.add_admin(id) willalways add the user to admins on start up with persistence, even if they are removed by dynamic access control. Thus, only the author of the bot should be hard coded as admin.
- Admins shouldonly be inroles.ADMINS, else they might be excluded byroles=~roles['my_role'], if they are inmy_role
- Hard codingdp.roles.add_role(name='my_group') will lead toValueError on restart with persistence because after restoring the data, the rolemy_group will already be set. Use'my_group' in dp.roles to check for that before adding the group.
Depending on how long it will take to merge this:
- Don't useall in persistence (seeDon't use builtin function names as variables #1766)
- Usetempfile module in persistence tests (seeUse tempfile module in tests #1765)
- Add type hinting (seeType-hinting for IDEs #1373)

Bibo-Joshi added the enhancement label

Feb 21, 2020

Bibo-Joshi added this to the12.5 milestone

Feb 21, 2020

Copy link

MemberAuthor

Bibo-Joshi commentedFeb 21, 2020

Codacy mainly complains about missing docs for methods which are intended for internal use only. IMHO we can ignore that.

Bibo-Joshi requested a review fromPoolitzer

February 21, 2020 23:00

Bibo-Joshi mentioned this pull request

Mar 23, 2020

Arbitrary callback data#1844

Merged

6 tasks

Bibo-Joshiand others added21 commits

April 7, 2020 14:44

Make Filters.user attrs mutable

b9d271a

Add test_filters_user_empty_args

8b9c977

Add test_filters_user_empty_args

67ac027

fix locks

cc7ead6

Make codecov happy

eab517f

First go on roles

cdf202a

Add roles to all handlersmake roles name a property to ensure its up to dateAdd roles to PrefixHandlerMake Roles inherit from dictAdjust tests for rolesAdjust handlers __new__ to work with conversationhandlerRemove roles from StringCommand/RegexHandler - doesnt make sense thereRemove roles from TypeHandler - doesnt make sense thereadd handler tests

Make user_ids and usernames sets

242b9ce

Adjust equality for roles, override deepcopy

4e08848

Remove child_roles from role

Improve equality handling

9b0658f

Rework equality stuff once againImprove equality tests for role

Add JSON encoding to Roles

41eb8fb

Allow chat ids in role

2b23091

Add set_bot to roles

0b8b346

Fixes for chat_ids handlingAdjust CH test for chat_ids

Add Roles to dispatcher and persistence

f769b13

Minor changes

Add tests to messagehandler

a4ed899

Improve negation of roles, elaborate docs

6453074

Adjust tests for py3.5 (dicts are not ordered there)Adjust tests for py3.5 V2Just skip on py3.5 …

Readd child_roles, improve equals() and hierarchy, adjust tests

0cc09c3

Make Codacy a bit happier

cache chat admins and creators

f3c98e9

Add docs about cache timeout for Roles.CHAT_ADMINS

Improve codecoverage

cf4bee9

Use __repr__ instead of name property

Enhance ChatAdmins/CreatorRole

402916c

Update BasePersistence docstringRefine handler tests

Roles for PollAnswerHandler

4e942fb

Make Codacy happier

d87ee38

Bibo-Joshi force-pushed theroles branch from13041ca tod87ee38Compare

April 7, 2020 13:10

Merge branch 'master' into roles

7c58a01

# Conflicts:#telegram/ext/dispatcher.py#tests/test_persistence.py

Bibo-Joshi mentioned this pull request

Apr 20, 2020

[FEATURE] Contrib repository#1912

Closed

Copy link

MemberAuthor

Bibo-Joshi commentedApr 25, 2020

As suggested by@tsnoam I had a look at third party ACL and RBAC implementations. Though there are some libraries that seem well maintained, they mostly seem

tailored for website applications
not to allow for easy dynamic editing of roles
have rather involved persistence integrations

My impression may well be based on lack of expertise, but to me it seems cleaner to have a custom implementation tailored to our needs than to rely on those third party implementations.

Bibo-Joshi removed this from the12.6 milestone

Jun 12, 2020

Copy link

Member

tsnoam commentedOct 15, 2020

just a thought:
would it be possible to implement roles using decorators?
user who wants a handler with a certain role, can just decorate it with something to do that magic.

classic for a contrib repo, btw ;-)

Copy link

MemberAuthor

Bibo-Joshi commentedOct 15, 2020

classic for a contrib repo, btw ;-)

decorators? yeah, sounds about right

just a thought:
would it be possible to implement roles using decorators?
user who wants a handler with a certain role, can just decorate it with something to do that magic.

one would need to decorate every callback … We just made a point not to use decorators on callbacks with deprecating @run_async :D
but one could think of a Handler-Wrapper:

class RolesHandlerWrapper:    def __init__(base_class, roles, *args, **kwargs):        super().__init__(*args, **kwargs)        self.roles = roles    def check_update(update):       if self.roles(update):            return super().check_update(update)       return False