Add alumni to accessbot

By design, accessbot doesn't *remove* access when you remove yourself
from the access lists; you are just limited to a lower level.  This is
noted in the configuration file:

 # The label 'mask' is special: anyone with perms on a channel that
 # isn't otherwise listed for the channel or in the global list will
 # have their access limited to the mask but otherwise left alone.

However I'm feel like it's reasonable to assume that when you remove
yourself you are giving up your permissions; and in the *very*
unlikely case of a bad actor, we would want to know we did actually
remove them from all channels.

To make this clearer, but still allow for unlisted users to maintain
whatever permissions they have, this adds an "alumni" section to the
configuration, and allows for alumni to be set on individual channels.
If your nick appears in this list, your access is removed.

Obviously once this has run once, people could be removed from alumni
if there is a need to cater for something tricky like removing global
access but then adding permissions.  But in general I think it will
work to just keep a record of contributors in the common case of
"moved on from openstack work and no longer want to admin things".

Change-Id: I0858e963cdf4bc90c30f9d60ea524d778ae3d150
This commit is contained in:
Ian Wienand 2018-08-02 11:50:13 +10:00
parent 2ebab74d16
commit 4e23eb18a0
1 changed files with 11 additions and 2 deletions

View File

@ -92,6 +92,7 @@ class SetAccess(irc.client.SimpleIRCClient):
def _get_access_list(self, channel_name):
ret = {}
alumni = []
channel = None
for c in self.config['channels']:
if c['name'] == channel_name:
@ -104,12 +105,15 @@ class SetAccess(irc.client.SimpleIRCClient):
if access == 'mask':
mask = self.config['access'].get(nicks)
continue
if access == 'alumni':
alumni += nicks
continue
flags = self.config['access'].get(access)
if flags is None:
continue
for nick in nicks:
ret[nick] = flags
return mask, ret
return mask, ret, alumni
def _get_access_change(self, current, target, mask):
remove = ''
@ -136,13 +140,18 @@ class SetAccess(irc.client.SimpleIRCClient):
return change
def _get_access_changes(self):
mask, target = self._get_access_list(self.current_channel)
mask, target, alumni = self._get_access_list(self.current_channel)
self.log.debug("Mask for %s: %s" % (self.current_channel, mask))
self.log.debug("Target for %s: %s" % (self.current_channel, target))
all_nicks = set()
global_alumni = self.config.get('alumni', {})
current = {}
changes = []
for nick, flags, msg in self.current_list:
if nick in global_alumni or nick in alumni :
self.log.debug("%s is an alumni; removing access", nick)
changes.append('access #%s del %s' % (self.current_channel, nick))
continue
all_nicks.add(nick)
current[nick] = flags
for nick in target.keys():