Overview
Using the documentation
SFS2X platform stack
SFS2X features
SFS2X protocol
Zones/Rooms architecture
Data collection and privacy
White papers
Getting Started
Server installation
Client API setup
The Administration Tool
The BlueBox 2X
Reconnecting with HRC+
Protocol Cryptography
Configuring the logs
Troubleshooting
The RedBox 2X
Development Basics
Introduction
The connection phase
The login phase
Join and create Rooms
Room architecture
Server Variables
SFSObject/SFSArray
HOWTOs
Java Extensions Development
Quick start
In-depth overview
Writing the first Extension
Using the Javadoc
Extension API
Advanced concepts
Extension recipes
The Sign Up Assistant
The Login Assistant
Javadoc
JavaScript Extensions Dev.
Quick start
Extension development
Advanced concepts
JSDoc
Advanced Topics
Buddy List API
Game API
MMO Rooms
Advanced MMO API
Privilege Manager
Using UDP protocol
Class serialization
Client error messages
SystemController Filters
Extension Flood Filter
Room persistence API
File uploads
SFS2X core settings
Troubleshooting live server
Java Runtime Compatibility
Video Tutorials
Official tutorials
Godot tutorials (official)
• Examples (Unity)
Introduction
Connector  
Lobby: Basics  
Lobby: Buddies  
Lobby: Matchmaking  
Tic-Tac-Toe  
MMO Basics  
SpaceWar2  
Shooter  
• Examples (HTML5)
Introduction
Connector  
Connector (variant)  
Simple Chat  
Advanced Chat  
Game Lobby  
Buddy Messenger  
Simple MMO World  
Tris  
• Examples (Godot 4.x)
Introduction
Connector  
Lobby: Basics  
Lobby: Buddies  
Lobby: Matchmaking  
Tic-Tac-Toe  
Shooter  
• Examples (iOS)
Introduction
Connector  
Simple Chat  
Tris  
Sign Up  
• Examples (Java/Android)
Introduction
Java Connector  
Android Connector  
Client API Recipes  
• Examples (Flash/Flex)
Introduction
Connector  
Avatar Chat  
Buddy Messenger  
RedBox A/V streaming  
Tris  
BattleFarm  
Space Race  
Cannon Combat  
Sign Up & Login  
Simple MMO World  
SpaceWar  
• Examples (C++)
Introduction
SpaceWar  
Third-party Tutorials
danscourses
YouTube channel
TutorialToUs.com
Client API Documentation
C# client API
Objective-C client API
JavaScript client API
JavaScript (legacy)
Java client API
AS3 client API
C++ client API
RedBox AS3 API
Server API Documentation
Java server API
JavaScript server API

 

SFS2X Docs / AdvancedTopics / privilege-manager

» User Privilege Manager

One common requirement in online applications is to provide a set of custom permissions for different types of users. Typically online games can handle guest users, registered users and maybe premium users. It is also quite common to have a profile for moderators and/or site administrators.

SmartFoxServer 2X provides a Privilege Manager within each Zone that can be customized to limit the interaction with the server. Each permission profile can set a list of denied API calls for each user from a specific category. For instance, we could prohibit the creation of Rooms and Room Variables for guest users and allow them only for registered users. Moderator and Administrator messages could be denied for everyone except those two privileged categories, etc.

Every profile in the Permission Manager is identified with a unique number. These IDs are freely assignable, however the first 4 are reserved and have a special meaning for the system:

There are no default settings provided for each of these profiles. The developer is free to customize these permissions to his likings. We should simply keep in mind that those four IDs are always recognized in the system as shown in the above list. For example if you are using this in your code:

	User kermit = sfs.UserManager.GetUserByName("KermitTheFrog");
	 
	if (kermit.IsModerator())
	{
		// Allow some special action here...
	}
	var kermit = sfs.userManager.getUserByName("KermitTheFrog");
	 
	if (kermit.isModerator())
	{
		// Allow some special action here...
	}
	var kermit:User = sfs.userManager.getUserByName("KermitTheFrog");
	 
	if (kermit.isModerator())
	{
		// Allow some special action here...
	}

Internally the API will actually check that profileId == 2.

You are also free to add any number of additional profiles and completely ignore the default ones that we have mentioned.

NOTE
The profile IDs are transmitted as a short integer (16 bit) so this means that there is a theoretical limit of 2^16 permission profiles, for each Zone.

» How to configure permission profiles

Configuring the permission profiles is a very simple operation. You just need to run the AdminTool, start the Zone Configurator module and choose the Zone where you want to edit the permissions. Under the Privilege Manager tab you will find the four standard profiles:

You will be able to edit any of these or add new ones:

The dual lists will enable you to add and remove any request from the denied list. In the lower part of the dialogue box you will be able to assign two other special flags:

» How to use permission profiles

Assigning the proper Permission Profile to specific Users requires custom login logic. Usually the developer will manage the user data in a database or similar data source. At login time your Extension will be able to check the user credentials and finally set the proper Permission Id once the client is finally logged in the system.

The flow that we suggest is the following (for more informations check the Custom Login How To):

session.setProperty("$permission", DefaultPermissionProfile.MODERATOR);

Now the User permissions are properly configured. Each time a request will be sent from the client side the Permission Manager will verify it against the user profile and determine if it can should be executed or rejected. In case the request is denied an error will be logged with the details.