Restrict Metadata to OPER #2287
Description
I downloaded and played around with the Ergo Master branch today. It was great. I really like the metadata functionality and the improved API. I had a question about the metadata command, and I notice users can set their own metadata even if they aren't an OPER (+o).
Metadata is great for categorization of chat rooms and also storing arbitrary profile data. I would like to make a request though, if possible can we have an option to disable any SET command to OPERs only? Anyone can GET or LIST but I would prefer in my use case to have non opers not be able to set any metadata so that we can centralize that to MySQL where I store the user profile data.
This would also help to make sure that if we set some metadata on the channel such as channel/type OFFICIAL users cant't overwrite that themselves. I plan to have standardized metadata for users/channels and need to make sure users can't mess with it or arbitrarily change it themselves.
A few follow up questions:
- Any planned snow mask for METADATA?
- Any planned config/yaml file ability to either define or restrict metadata per user role? The IRCv3 metadata has some interesting language "Server administrators can setup lists of allowed or blocked keys, and may also restrict the setting/viewing of keys depending on whether the user is an admin, what kind of admin they are, etc (see the Visibility field)."
perhaps something like:
metadata:
Define metadata keys and their permissions
keys:
"profile/realname":
type: user
allow-set: authenticated # or: all, self, opers, none
allow-get: all # who can read this key
"profile/avatar":
type: user
allow-set: self
allow-get: all
"profile/topic-extra":
type: channel
allow-set: chanops
allow-get: all
"room/flag":
type: channel
allow-set: opers
allow-get: opers
"room/status":
type: channel
allow-set: opers
allow-get: opers