Whenever another entity wants that kind of access the lock will analyze that entity in different
ways to determine if access should be granted or not. Evennia implements a “lockdown” philosophy - all entities are inaccessible unless you explicitly define a lock that allows some or full access.</p>
<p>Let’s take an example: An object has a lock on itself that restricts how people may “delete” that
object. Apart from knowing that it restricts deletion, the lock also knows that only players with
the specific ID of, say, <codeclass="docutils literal notranslate"><spanclass="pre">34</span></code> are allowed to delete it. So whenever a player tries to run <codeclass="docutils literal notranslate"><spanclass="pre">delete</span></code>
on the object, the <codeclass="docutils literal notranslate"><spanclass="pre">delete</span></code> command makes sure to check if this player is really allowed to do so.
It calls the lock, which in turn checks if the player’s id is <codeclass="docutils literal notranslate"><spanclass="pre">34</span></code>. Only then will it allow <codeclass="docutils literal notranslate"><spanclass="pre">delete</span></code>
<p>The <codeclass="docutils literal notranslate"><spanclass="pre"><lockstring></span></code> is a string of a certain form that defines the behaviour of the lock. We will go
into more detail on how <codeclass="docutils literal notranslate"><spanclass="pre"><lockstring></span></code> should look in the next section.</p>
<p>Code-wise, Evennia handles locks through what is usually called <codeclass="docutils literal notranslate"><spanclass="pre">locks</span></code> on all relevant entities.
This is a handler that allows you to add, delete and check locks.</p>
<p>One can call <codeclass="docutils literal notranslate"><spanclass="pre">locks.check()</span></code> to perform a lock check, but to hide the underlying implementation all
objects also have a convenience function called <codeclass="docutils literal notranslate"><spanclass="pre">access</span></code>. This should preferably be used. In the
example below, <codeclass="docutils literal notranslate"><spanclass="pre">accessing_obj</span></code> is the object requesting the ‘delete’ access whereas <codeclass="docutils literal notranslate"><spanclass="pre">obj</span></code> is the
object that might get deleted. This is how it would look (and does look) from inside the <codeclass="docutils literal notranslate"><spanclass="pre">delete</span></code>
<spanclass="n">accessing_obj</span><spanclass="o">.</span><spanclass="n">msg</span><spanclass="p">(</span><spanclass="s2">"Sorry, you may not delete that."</span><spanclass="p">)</span>
<p>Defining a lock (i.e. an access restriction) in Evennia is done by adding simple strings of lock
definitions to the object’s <codeclass="docutils literal notranslate"><spanclass="pre">locks</span></code> property using <codeclass="docutils literal notranslate"><spanclass="pre">obj.locks.add()</span></code>.</p>
<p>Here are some examples of lock strings (not including the quotes):</p>
<divclass="highlight-python notranslate"><divclass="highlight"><pre><span></span><spanclass="n">delete</span><spanclass="p">:</span><spanclass="nb">id</span><spanclass="p">(</span><spanclass="mi">34</span><spanclass="p">)</span><spanclass="c1"># only allow obj #34 to delete</span>
<spanclass="n">edit</span><spanclass="p">:</span><spanclass="nb">all</span><spanclass="p">()</span><spanclass="c1"># let everyone edit</span>
<spanclass="c1"># only those who are not "very_weak" or are Admins may pick this up</span>
<p>where <codeclass="docutils literal notranslate"><spanclass="pre">[]</span></code> marks optional parts. <codeclass="docutils literal notranslate"><spanclass="pre">AND</span></code>, <codeclass="docutils literal notranslate"><spanclass="pre">OR</span></code> and <codeclass="docutils literal notranslate"><spanclass="pre">NOT</span></code> are not case sensitive and excess spaces are
ignored. <codeclass="docutils literal notranslate"><spanclass="pre">lockfunc1,</span><spanclass="pre">lockfunc2</span></code> etc are special <em>lock functions</em> available to the lock system.</p>
<p>So, a lockstring consists of the type of restriction (the <codeclass="docutils literal notranslate"><spanclass="pre">access_type</span></code>), a colon (<codeclass="docutils literal notranslate"><spanclass="pre">:</span></code>) and then an
expression involving function calls that determine what is needed to pass the lock. Each function
returns either <codeclass="docutils literal notranslate"><spanclass="pre">True</span></code> or <codeclass="docutils literal notranslate"><spanclass="pre">False</span></code>. <codeclass="docutils literal notranslate"><spanclass="pre">AND</span></code>, <codeclass="docutils literal notranslate"><spanclass="pre">OR</span></code> and <codeclass="docutils literal notranslate"><spanclass="pre">NOT</span></code> work as they do normally in Python. If the
total result is <codeclass="docutils literal notranslate"><spanclass="pre">True</span></code>, the lock is passed.</p>
<p>You can create several lock types one after the other by separating them with a semicolon (<codeclass="docutils literal notranslate"><spanclass="pre">;</span></code>) in
the lockstring. The string below yields the same result as the previous example:</p>
<p>An <codeclass="docutils literal notranslate"><spanclass="pre">access_type</span></code>, the first part of a lockstring, defines what kind of capability a lock controls,
such as “delete” or “edit”. You may in principle name your <codeclass="docutils literal notranslate"><spanclass="pre">access_type</span></code> anything as long as it is
unique for the particular object. The name of the access types is not case-sensitive.</p>
<p>If you want to make sure the lock is used however, you should pick <codeclass="docutils literal notranslate"><spanclass="pre">access_type</span></code> names that you (or
the default command set) actually checks for, as in the example of <codeclass="docutils literal notranslate"><spanclass="pre">delete</span></code> above that uses the
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">control</span></code> - who is the “owner” of the object. Can set locks, delete it etc. Defaults to the creator of the object.</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">call</span></code> - who may call Object-commands stored on this Object except for the Object itself. By default, Objects share their Commands with anyone in the same location (e.g. so you can ‘press’ a <codeclass="docutils literal notranslate"><spanclass="pre">Button</span></code> object in the room). For Characters and Mobs (who likely only use those Commands for themselves and don’t want to share them) this should usually be turned off completely, using something like <codeclass="docutils literal notranslate"><spanclass="pre">call:false()</span></code>.</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">view</span></code> - if the <codeclass="docutils literal notranslate"><spanclass="pre">look</span></code> command will display/list this object in descriptions
and if you will be able to see its description. Note that if
you target it specifically by name, the system will still find it, just
not be able to look at it. See <codeclass="docutils literal notranslate"><spanclass="pre">search</span></code> lock to completely hide the item.</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">search</span></code> - this controls if the object can be found with the
<codeclass="docutils literal notranslate"><spanclass="pre">DefaultObject.search</span></code> method (usually referred to with <codeclass="docutils literal notranslate"><spanclass="pre">caller.search</span></code>
in Commands). This is how to create entirely ‘undetectable’ in-game objects.
If not setting this lock explicitly, all objects are assumed searchable.
Note that if you are aiming to make some _permanently invisible game system,
using a <aclass="reference internal"href="Scripts.html"><spanclass="doc std std-doc">Script</span></a> is a better bet.</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">get</span></code>- who may pick up the object and carry it around.</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">puppet</span></code> - who may “become” this object and control it as their “character”.</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">attrcreate</span></code> - who may create new attributes on the object (default True)</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">control</span></code> - who is administrating the channel. This means the ability to delete the channel,
<p>So to take an example, whenever an exit is to be traversed, a lock of the type <em>traverse</em> will be checked. Defining a suitable lock type for an exit object would thus involve a lockstring <codeclass="docutils literal notranslate"><spanclass="pre">traverse:</span><spanclass="pre"><lock</span><spanclass="pre">functions></span></code>.</p>
<p>As stated above, the <codeclass="docutils literal notranslate"><spanclass="pre">access_type</span></code> part of the lock is simply the ‘name’ or ‘type’ of the lock. The text is an arbitrary string that must be unique for an object. If adding a lock with the same <codeclass="docutils literal notranslate"><spanclass="pre">access_type</span></code> as one that already exists on the object, the new one override the old one.</p>
<p>This will create a ‘read’ access type for Characters having the <codeclass="docutils literal notranslate"><spanclass="pre">Player</span></code> permission or above and a
‘post’ access type for those with <codeclass="docutils literal notranslate"><spanclass="pre">Admin</span></code> permissions or above (see below how the <codeclass="docutils literal notranslate"><spanclass="pre">perm()</span></code> lock
function works). When it comes time to test these permissions, simply check like this (in this
example, the <codeclass="docutils literal notranslate"><spanclass="pre">obj</span></code> may be a board on the bulletin board system and <codeclass="docutils literal notranslate"><spanclass="pre">accessing_obj</span></code> is the player
<spanclass="n">accessing_obj</span><spanclass="o">.</span><spanclass="n">msg</span><spanclass="p">(</span><spanclass="s2">"Sorry, you may not read that."</span><spanclass="p">)</span>
<spanclass="k">return</span>
</pre></div>
</div>
</section>
<sectionid="lock-functions">
<h3>Lock functions<aclass="headerlink"href="#lock-functions"title="Permalink to this headline">¶</a></h3>
<p>A <em>lock function</em> is a normal Python function put in a place Evennia looks for such functions. The
modules Evennia looks at is the list <codeclass="docutils literal notranslate"><spanclass="pre">settings.LOCK_FUNC_MODULES</span></code>. <em>All functions</em> in any of those
modules will automatically be considered a valid lock function. The default ones are found in
<codeclass="docutils literal notranslate"><spanclass="pre">evennia/locks/lockfuncs.py</span></code> and you can start adding your own in <codeclass="docutils literal notranslate"><spanclass="pre">mygame/server/conf/lockfuncs.py</span></code>.
You can append the setting to add more module paths. To replace a default lock function, just add
your own with the same name.</p>
<p>A lock function must always accept at least two arguments - the <em>accessing object</em> (this is the
object wanting to get access) and the <em>accessed object</em> (this is the object with the lock). Those
two are fed automatically as the first two arguments to the function when the lock is checked. Any
arguments explicitly given in the lock definition will appear as extra arguments.</p>
<divclass="highlight-python notranslate"><divclass="highlight"><pre><span></span><spanclass="c1"># A simple example lock function. Called with e.g. `id(34)`. This is</span>
<spanclass="c1"># defined in, say mygame/server/conf/lockfuncs.py</span>
<p>We could check if the “edit” lock is passed with something like this:</p>
<divclass="highlight-python notranslate"><divclass="highlight"><pre><span></span><spanclass="c1"># as part of a Command's func() method, for example</span>
<spanclass="n">caller</span><spanclass="o">.</span><spanclass="n">msg</span><spanclass="p">(</span><spanclass="s2">"You don't have access to edit this!"</span><spanclass="p">)</span>
<spanclass="k">return</span>
</pre></div>
</div>
<p>In this example, everyone except the <codeclass="docutils literal notranslate"><spanclass="pre">caller</span></code> with the right <codeclass="docutils literal notranslate"><spanclass="pre">id</span></code> will get the error.</p>
<div><p>(Using the <codeclass="docutils literal notranslate"><spanclass="pre">*</span></code> and <codeclass="docutils literal notranslate"><spanclass="pre">**</span></code> syntax causes Python to magically put all extra arguments into a list
<codeclass="docutils literal notranslate"><spanclass="pre">args</span></code> and all keyword arguments into a dictionary <codeclass="docutils literal notranslate"><spanclass="pre">kwargs</span></code> respectively. If you are unfamiliar with
how <codeclass="docutils literal notranslate"><spanclass="pre">*args</span></code> and <codeclass="docutils literal notranslate"><spanclass="pre">**kwargs</span></code> work, see the Python manuals).</p>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">false()/none()/superuser()</span></code> - give access to none. Superusers bypass the check entirely and are
thus the only ones who will pass this check.</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">perm(perm)</span></code> - this tries to match a given <codeclass="docutils literal notranslate"><spanclass="pre">permission</span></code> property, on an Account firsthand, on a
Character second. See <aclass="reference internal"href="Permissions.html"><spanclass="doc std std-doc">below</span></a>.</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">perm_above(perm)</span></code> - like <codeclass="docutils literal notranslate"><spanclass="pre">perm</span></code> but requires a “higher” permission level than the one given.</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">id(num)/dbref(num)</span></code> - checks so the access_object has a certain dbref/id.</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">attr(attrname)</span></code> - checks if a certain <aclass="reference internal"href="Attributes.html"><spanclass="doc std std-doc">Attribute</span></a> exists on accessing_object.</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">attr(attrname,</span><spanclass="pre">value)</span></code> - checks so an attribute exists on accessing_object <em>and</em> has the given
value.</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">attr_gt(attrname,</span><spanclass="pre">value)</span></code> - checks so accessing_object has a value larger (<codeclass="docutils literal notranslate"><spanclass="pre">></span></code>) than the given
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">attr_ge,</span><spanclass="pre">attr_lt,</span><spanclass="pre">attr_le,</span><spanclass="pre">attr_ne</span></code> - corresponding for <codeclass="docutils literal notranslate"><spanclass="pre">>=</span></code>, <codeclass="docutils literal notranslate"><spanclass="pre"><</span></code>, <codeclass="docutils literal notranslate"><spanclass="pre"><=</span></code> and <codeclass="docutils literal notranslate"><spanclass="pre">!=</span></code>.</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">holds(objid)</span></code> - checks so the accessing objects contains an object of given name or dbref.</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">inside()</span></code> - checks so the accessing object is inside the accessed object (the inverse of
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">pperm(perm)</span></code>, <codeclass="docutils literal notranslate"><spanclass="pre">pid(num)/pdbref(num)</span></code> - same as <codeclass="docutils literal notranslate"><spanclass="pre">perm</span></code>, <codeclass="docutils literal notranslate"><spanclass="pre">id/dbref</span></code> but always looks for
permissions and dbrefs of <em>Accounts</em>, not on Characters.</p></li>
<li><p><codeclass="docutils literal notranslate"><spanclass="pre">serversetting(settingname,</span><spanclass="pre">value)</span></code> - Only returns True if Evennia has a given setting or a
<p>Sometimes you don’t really need to look up a certain lock, you just want to check a lockstring. A
common use is inside Commands, in order to check if a user has a certain permission. The lockhandler
has a method <codeclass="docutils literal notranslate"><spanclass="pre">check_lockstring(accessing_obj,</span><spanclass="pre">lockstring,</span><spanclass="pre">bypass_superuser=False)</span></code> that allows this.</p>
<spanclass="bp">self</span><spanclass="o">.</span><spanclass="n">caller</span><spanclass="o">.</span><spanclass="n">msg</span><spanclass="p">(</span><spanclass="s2">"You must be an Admin or higher to do this!"</span><spanclass="p">)</span>
<p>Note here that the <codeclass="docutils literal notranslate"><spanclass="pre">access_type</span></code> can be left to a dummy value since this method does not actually do a Lock lookup.</p>
<p>Evennia sets up a few basic locks on all new objects and accounts (if we didn’t, noone would have
any access to anything from the start). This is all defined in the root <aclass="reference internal"href="Typeclasses.html"><spanclass="doc std std-doc">Typeclasses</span></a>
of the respective entity, in the hook method <codeclass="docutils literal notranslate"><spanclass="pre">basetype_setup()</span></code> (which you usually don’t want to
edit unless you want to change how basic stuff like rooms and exits store their internal variables).
This is called once, before <codeclass="docutils literal notranslate"><spanclass="pre">at_object_creation</span></code>, so just put them in the latter method on your
child object to change the default. Also creation commands like <codeclass="docutils literal notranslate"><spanclass="pre">create</span></code> changes the locks of
objects you create - for example it sets the <codeclass="docutils literal notranslate"><spanclass="pre">control</span></code> lock_type so as to allow you, its creator, to
<p>You are only allowed to do <em>examine</em> on this object if you have ‘excellent’ eyesight (that is, has
an Attribute <codeclass="docutils literal notranslate"><spanclass="pre">eyesight</span></code> with the value <codeclass="docutils literal notranslate"><spanclass="pre">excellent</span></code> defined on yourself) or if you have the
<p>This could be called by the <codeclass="docutils literal notranslate"><spanclass="pre">open</span></code> command on a “door” object. The check is passed if you are a
Builder or has the right key in your inventory.</p>
<p>Evennia’s command handler looks for a lock of type <codeclass="docutils literal notranslate"><spanclass="pre">cmd</span></code> to determine if a user is allowed to even
call upon a particular command or not. When you define a command, this is the kind of lock you must
set. See the default command set for lots of examples. If a character/account don’t pass the <codeclass="docutils literal notranslate"><spanclass="pre">cmd</span></code>
lock type the command will not even appear in their <codeclass="docutils literal notranslate"><spanclass="pre">help</span></code> list.</p>
<p>“Permissions” can also be used to block users or implement highly specific bans. The above example
would be be added as a lock string to the <codeclass="docutils literal notranslate"><spanclass="pre">tell</span></code> command. This will allow everyone <em>not</em> having the
“permission” <codeclass="docutils literal notranslate"><spanclass="pre">no_tell</span></code> to use the <codeclass="docutils literal notranslate"><spanclass="pre">tell</span></code> command. You could easily give an account the “permission”
<codeclass="docutils literal notranslate"><spanclass="pre">no_tell</span></code> to disable their use of this particular command henceforth.</p>
<spanclass="n">lockstring</span><spanclass="o">=</span><spanclass="s2">"control:id(</span><spanclass="si">%s</span><spanclass="s2">);examine:perm(Builders);delete:id(</span><spanclass="si">%s</span><spanclass="s2">) or perm(Admin);get:all()"</span><spanclass="o">%</span>
<p>This is how the <codeclass="docutils literal notranslate"><spanclass="pre">create</span></code> command sets up new objects. In sequence, this permission string sets the
owner of this object be the creator (the one running <codeclass="docutils literal notranslate"><spanclass="pre">create</span></code>). Builders may examine the object
whereas only Admins and the creator may delete it. Everyone can pick it up.</p>
<h3>A complete example of setting locks on an object<aclass="headerlink"href="#a-complete-example-of-setting-locks-on-an-object"title="Permalink to this headline">¶</a></h3>
<p>Assume we have two objects - one is ourselves (not superuser) and the other is an <aclass="reference internal"href="Objects.html"><spanclass="doc std std-doc">Object</span></a>
called <codeclass="docutils literal notranslate"><spanclass="pre">box</span></code>.</p>
<p>Ok, so for testing we made ourselves strong, but not strong enough. Now we need to look at what
happens when someone tries to pick up the the box - they use the <codeclass="docutils literal notranslate"><spanclass="pre">get</span></code> command (in the default set).
This is defined in <codeclass="docutils literal notranslate"><spanclass="pre">evennia/commands/default/general.py</span></code>. In its code we find this snippet:</p>
<spanclass="n">caller</span><spanclass="o">.</span><spanclass="n">msg</span><spanclass="p">(</span><spanclass="s2">"You can't get that."</span><spanclass="p">)</span>
<p>So the <codeclass="docutils literal notranslate"><spanclass="pre">get</span></code> command looks for a lock with the type <em>get</em> (not so surprising). It also looks for an
<aclass="reference internal"href="Attributes.html"><spanclass="doc std std-doc">Attribute</span></a> on the checked object called <em>get_err_msg</em> in order to return a customized
error message. Sounds good! Let’s start by setting that on the box:</p>
<p>Next we need to craft a Lock of type <em>get</em> on our box. We want it to only be passed if the accessing
object has the attribute <em>strength</em> of the right value. For this we would need to create a lock
function that checks if attributes have a value greater than a given value. Luckily there is already
such a one included in Evennia (see <codeclass="docutils literal notranslate"><spanclass="pre">evennia/locks/lockfuncs.py</span></code>), called <codeclass="docutils literal notranslate"><spanclass="pre">attr_gt</span></code>.</p>
<p>So the lock string will look like this: <codeclass="docutils literal notranslate"><spanclass="pre">get:attr_gt(strength,</span><spanclass="pre">50)</span></code>. We put this on the box now:</p>
<p>Try to <codeclass="docutils literal notranslate"><spanclass="pre">get</span></code> the object and you should get the message that we are not strong enough. Increase your
strength above 50 however and you’ll pick it up no problem. Done! A very heavy box!</p>
<spanclass="n">box</span><spanclass="o">.</span><spanclass="n">db</span><spanclass="o">.</span><spanclass="n">desc</span><spanclass="o">=</span><spanclass="s2">"This is a very big and heavy box."</span>
<spanclass="n">box</span><spanclass="o">.</span><spanclass="n">db</span><spanclass="o">.</span><spanclass="n">get_err_msg</span><spanclass="o">=</span><spanclass="s2">"You are not strong enough to lift this box."</span>
<spanclass="c1"># one heavy box, ready to withstand all but the strongest...</span>
<p>Django also implements a comprehensive permission/security system of its own. The reason we don’t use that is because it is app-centric (app in the Django sense). Its permission strings are of the form <codeclass="docutils literal notranslate"><spanclass="pre">appname.permstring</span></code> and it automatically adds three of them for each database model in the app - for the app evennia/object this would be for example ‘object.create’, ‘object.admin’ and ‘object.edit’. This makes a lot of sense for a web application, not so much for a MUD, especially when we try to hide away as much of the underlying architecture as possible.</p>
<p>The django permissions are not completely gone however. We use it for validating passwords during login. It is also used exclusively for managing Evennia’s web-based admin site, which is a graphical front-end for the database of Evennia. You edit and assign such permissions directly from the web interface. It’s stand-alone from the permissions described above.</p>
