Sponge’s permission handling provides an implicit inheritance. As the java-docs of the Subject state:
Inheritance is implicit; that is, if a subject has been granted
example, then the subject should have also be automatically granted
example.deeper.nesting, and so on. However, implementations may allow administrators to configure “negation” such that
exampleand all child levels would granted but
example.accesswould denied (for example).
I am unsure how to handle this inheritance in the following example (taken from my MyWarp plugin): The command
/warp give [-df] <player> <name> gives a warp to another player. It comes with two optional flags:
d gives the warp directly,
f ignores any limit checks of the receiving player. Permissions are defined as:
mywarp.warp.soc.give- to use the command without any flags,
mywarp.warp.soc.give.direct- to use
mywarp.warp.soc.dive.force- to use
While it seems natural that (2) or (3) also give the permission to use the command without any flags, it is (1) I worry about. Due to Sponge’s implicit inheritance it would also provide access to (2) and (3) with is not intended.
So how am I supposed to define the permissions in such a case? What is the best practise as required by Sponge’s permission handling? Must I enforce explicit negation by end-users (sound like a usability nightmare)? Should I use something like
mywarp.soc.give.usage instead of (1)?