Use standard permission systems

    TL;DR: TFM is bad cuz we need to rewrite every single plugin we use to be compatible with it. We should remove or rewrite it to use standard perms.

    Right now, we use a custom permission system for our ranks. This "feature" makes it necessary for devs to rewrite plugins to use TFM's perms instead of the standard superperms.

    This, (I believe) also causes TFM to depend on a lot of other plugins (e.g. TFGuilds, BukkitTelnet) to just compile, and makes it a hard process to do so as there's lacking documentation click here to see the API bridges and stuff
    CORRECTION: According to Telesphoreo, it doesn't matter if they are custom or not, as TFM needs to pull and push data to/from them. However, there should be more docs for people who want to compile it.
    We shouldn't have to rewrite every single plugin just to work on this server. I've also tested this on a local Paper server, I can just remove some permissions from OP.

    When suggesting this in the Discord where a bunch of people were talking about TFM and stuff, I got the response that some plugins check if the player has OP and lets them bypass perms checks. However, most of those have something in their config about it, and for those that don't, you can rewrite it, it'll be better than rewriting every single plugin just to work with TFM's customized rank system.

    I know this will take manpower to do (rewriting a plugin is no easy feat) but it'll surely be much better than having to rewrite every plugin.

    TFM already has a permission system. This has been discussed a thousand times and it came down to that it goes against the core values of the server. When you switch to permissions you "fake op" a player and they don't actually get op. Commodore had this idea years ago and it's been done with Converse. Ultimately it takes a crap ton of time to actually add every single permission from every plugin.

    Also this would not actually get rid of the customised plugins. We have to use a custom LibsDisguises for /dtoggle and /uall. Same with EssentialsX and the vanish system. It's not all about permissions.

    Finally, TFM uses those dependencies for bridges. It's so that TFM can use data from BukkitTelnet and TFGuilds within TFM. Yes you need it to compile TFM but it's so we can use their APIs. Making those plugins non custom would not remove them as a dependency from TFM.

    @Telesphoreo#3861 My definition of "True" OP is when someone is added to the file ops.yml, the list of operators on the server. What I'm suggesting is that we keep true-OPing people, but remove their Bukkit permissions, allowing for plugins to not have to be rewritten just to work with TFMod. They are still truly opped, can place command blocks and do other op stuff while still not being able to ban each other or abuse.

    EDIT: A bit more clear what I'm trying to say. Edits are made in italics.

    This may sound silly, but I like the fact that players have OP because it makes you less inclined to limit freedom. When a player has OP, they can do anything by default. With a normal permission system, however, the player can do nothing by default, and each permission that is given becomes a deliberation. In my opinion, it follows from the freedom spirit that it is better to err on the side of more access, which fits the OP system.

    @StevenNL2000#3868 Then you can just remove the ones that you feel aren't good and allow operators to have everything else, instead of removing all of them and adding back those you like! This can be done using a simple LuckPerms group, "/lp group default permission set abusive.permission.here false"

    Plugins usually default to giving operator all the permissions, however if the OP has a negative permission, they won't be able to do that command.

    @OperatorTheDope#3895 that is exactly how Wave worked. And let me tell you it didn't work.

    https://github.com/Telesphoreo/Wave

    Try running this on a test server and see how many plugins you can get it to work with (hint: it's only EssentialsX and LibsDisguises which we still need a custom version for regardless if we used standard permissions or TFMs system)

    This is a limitation of the Bukkit permission system. The plugins will not cooperate with taking away permission regardless of what you fancy. Whether it's TFMs, LuckPerms, or Wave, it's all based on Bukkit methods and you will have the same issues no matter what. Hell, some plugins like CoreProtect ignore permission plugins entirely when a player is OP. Again, this could be solved by fake opping people but then we're back to square one all over again.

    @OperatorTheDope#3966

    Modern TFM builds can be found at https://github.com/AtlasMediaGroup/TotalFreedomMod

    Compiling TFM is pretty simple and there should be some tutorials on YouTube. The reason the compiled jars are not released are because they are against the TFM license. TFM will not bridge into any permission plugins (as far as I am aware), so LuckPerms will not work.

    @Telesphoreo#3958 Tested with LuckPerms and used most of the plugins the TF server uses. (Some were removed because they were premium, for BungeeCord or for some other reason I couldn't use them)

    Edit: These are non-custom.

    I granted myself OP and "*" false, removing all my perms. I also worked with config, because some plugins (looking at you W/E) ignore perm checks by default for ops.

    Plugins without commands are not counted.

    Results:
    Plugins that follow permissions: (8) AWE/WorldEdit, CoreProtect, EssentialsX + EssXSpawn, HolographicDisplays, ProjectKorra, OpenInv, spark, VulnerabilityPatcher
    Plugins that partly follow permissions: (3) Carz, Lift, WorldGuard
    Plugins that ignore permissions when OP (1): Vivecraft-Spigot-Extensions

    @OperatorTheDope#3993 Half of those aren't even custom. And the ones that are, are modified for different reasons.

    ProjectKorra is modified to make you invincible by default. That is already handled by permissions. Same with OpenInv, that just has the radius on the commands capped which cannot be done with permissions. Spark is already done via command blocking and has no need for permissions. Same with vulnerability patcher.

    WorldEdit and WorldGuard use WEPIF or some shit, which doesn't work consistently in taking away permissions. This is a Bukkit issue that cannot be solved no matter what plugin you use.

    Plugins to add to ignore permissions when OP: CoreProtect (you listed it wrong)

    No idea why BetterChairs is on there, that's not custom nor uses permissions. I already mentioned EssentialsX in an above post

    @OperatorTheDope#4237 Well, duh, if you remove every permission node you won't have access to the commands. The problem TF faces is that OPs should be allowed to do /co i, but no other command. You only showed an opped player doing inspect (not any malicious commands like /co purge) and then you removed every permission and it didn't work. TFM's permission system does the exact same thing. The problem that any and all permission plugins have is that you can't unblock specific CoreProtect commands for admins. That's why TFM now has an inspect command separately

    @Telesphoreo#4270

    Quote

    that's not possible. it's hardcoded in the plugin itself that anyone who is op automatically gets full permissions to all commands no matter what

    But, you do have a point about not being able to unblock specific CP commands for admins.

    @OperatorTheDope#4272 ...or block specific commands for ops.

    There's literally no point in arguing, I've tried it before and it doesn't work with half of the plugins and I've already summed it up in above posts. You're also not in the best testing environment, as you don't even have TFM running on the server you demonstrated it on. If you did you would have seen that the functionality you're suggesting quite literally exists. The problem is what plugins work with it and which don't, which is at the mercy of Bukkit

    I remember back in the original days when Pramire and I were building the NovelMC idea, we decided that we wanted to have a permissions system that didn't require finicking and suggestions for every single permissions issue that happened to exist on the server. There is a misconception that the server still uses Converse, but we actually moved on from it a while ago. The permissions are managed by LuckPerms, which is a really nice plugin that allows you to change plugins in-game, and even features a web panel that allows you to manage permissions. I get that people like the idea of being opped and having every permission until it is blocked, but frankly, there are plenty of servers that aren't "freedom" or "free op" servers that trust their users with many more permissions than we do with users on TotalFreedom. With an actual permissions plugin, we don't have to bend over every single time we want to implement a plugin like PlotSquared or CoreProtect or WorldGuard into the server. The truth is that it is running based on workarounds, and even then there are still quirks, like players being able to block each others' commands because they are given access to all the plot flags. And don't even get started on what would happen if we decided to re-introduce paid ranks...last time that happened I figured out a way to give myself store credit, which worked since I was automatically given every permission to the payment plugin. There are also permissions that straight up don't work or are impossible to implement without a permissions plugin, and some of them could definitely come in handy for tightening security on the Total Freedom game server.

    I know that it's been traditional on TotalFreedom to defend the idea of "op" and "freedom" at all costs, but I think if this server actually wants to become a competent server network (which it is obviously trying to, by connecting the SMP, hub, and possibly more servers via BungeeCord,) it's going to need to move on to a permissions system that isn't full of holes. Permissions errors are going to become a bigger issue if the playerbase grows and more people are trying to screw around on the server with permissions. It is so much easier to manage these stupid permissions errors in a matter of a five-second command in game rather than a suggestion that could take god knows how long to get approved.

    @Telesphoreo#4354

    My point is that it'll be harder to make changes and add more plugins if we still use the shitty TFM permission system.

    Quote

    @Telesphoreo#4354 If you did you would have seen that the functionality you're suggesting quite literally exists.

    Yes, it does exist (because that's not what I'm trying to say), but it's a huge hacky workaround to just using normal permissions and doing it the normal Bukkit way. OP does not override permissions, if we just used OP + permissions, almost all plugins would work with it. TF wouldn't need TFM anymore (or most of its features, at least)
    Even if some plugins don't give you the ability to block specific commands using permissions, TF could still use a simple plugin that blocks that specific command.