-
Notifications
You must be signed in to change notification settings - Fork 4
Permissions
Modmail-Viewer uses a Role Based Access Control system (RBAC) with the same roles as your modmail bot. For instance, if you assign a user to the Administrator role with modmail, your Modmail-Viewer frontend will reflect this and grant you access to administrator only pages. Modmail-Viewer will always use your highest available role.
In order to grant a user access to Modmail-Viewer, you must first assign them a role, either by manually assigning a role to their discord account, or by giving them a Discord Role which has been set as having a certain modmail role (i.e. a Discord role named "supporter" which you have added to the supporter role group via [p]permissions add level supporter @supporter).
Some endpoints (most API endpoints) require at least admin level permissions. Most of these endpoints do not function when authentication is disabled to prevent easy abuse.
Below is a table describing the minimum
| Endpoint | Role |
|---|---|
| /logout | Anyone |
| / | Supporter |
| /logs/{id} | Supporter |
| /dashboard | Supporter |
| /admin | Administrator |
| /audit/{id} | Administrator |
| /api/logs/{id} | Supporter |
| /api/config | Moderator |
| /api/logs | Administrator |
There are some potentially important quirks you should keep in mind when configuring your users' permissions.
- A user's Discord roles are stored within their auth token (a JWT) after login. This means that if you change a user's Discord roles (for instance, making them a moderator), they will need to log out of and back into Modmail-Viewer to gain their new permissions. Modmail roles manually assigned to users are not subject to this.
- The modmail config may take up to 5 minutes to update.
- Auth tokens are stateless and not easily revocable. (you may rotate your secret key to invalidate all granted tokens)
- Authentication is valid for 3 hours from login.
I am looking to fix most (1, 3, & 4) of these issues for v1.0 with a major refactor of the auth system