| | 18 | |
| | 19 | == Permissions == |
| | 20 | Since WebAndMapRendering v7 this mod uses Steam login. This means that the permission level is calculated like this: |
| | 21 | 1. Client has logged in with his Steam account |
| | 22 | a. Client does have an explicitly set permission level in serveradmin.xml: Use the permission level from serveradmin.xml |
| | 23 | a. Client does not have an explicit permission level: permission level is 1000 (same as it would be in game) |
| | 24 | 1. Client is not logged in |
| | 25 | a. A valid web token is passed to the request: Use permission level as set for that web token (see below) |
| | 26 | a. Otherwise permission level is 2000 |
| | 27 | |
| | 28 | The permission level is used to check to which features the client is allowed access. By default only permission level 0 has access to everything, every higher permission level does not have any access. This can be changed by assigning different permission levels to the web modules with the ''webpermission'' command. |
| | 29 | |
| | 30 | For example in order to give everyone access to the map but not any of the map features like player tracking set the permission level of the ''web.map'' module to 2000: |
| | 31 | webpermission add web.map 2000 |
| | 32 | To allow those that have logged in with their Steam accounts access to the server time in addition to the basic map set the permission level of the ''webapi.getstats'' module to 1000: |
| | 33 | webpermission add webapi.getstats 1000 |
| | 34 | |
| | 35 | == Web Tokens == |
| | 36 | As tools like server managers obviously can not identify themselves with Steam login a token system has been added. That way those tools can provide a predefined token on ''each'' request to the webserver and those requests will be handled with the permission level given to that specific token. Web tokens are set up with the ''webtokens'' command. |
![(please configure the [header_logo] section in trac.ini)](/chrome/site/your_project_logo.png){kind=logo}
