PNArchives/Memoh
1
0
Fork 0
mirror of https://github.com/memohai/Memoh.git synced 2026-04-25 07:00:48 +09:00
Code Issues Packages Projects Releases Wiki Activity
Files
gh-pages
Memoh/assets/getting-started_access.md.YqNM6CpY.js
T
sheepbox8646 0819336279 deploy: e127146791
2026-04-23 13:02:42 +00:00

2 lines
12 KiB
JavaScript
Raw Permalink Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
import{_ as t,o,c as a,ag as r}from"./chunks/framework.CAXxHpAX.js";const p=JSON.parse('{"title":"Bot Access Control","description":"","frontmatter":{},"headers":[],"relativePath":"getting-started/access.md","filePath":"getting-started/access.md","lastUpdated":1776332711000}'),s={name:"getting-started/access.md"};function l(n,e,i,c,d,h){return o(),a("div",null,[...e[0]||(e[0]=[r('<h1 id="bot-access-control" tabindex="-1">Bot Access Control <a class="header-anchor" href="#bot-access-control" aria-label="Permalink to &quot;Bot Access Control&quot;"></a></h1><p>Memoh uses an ACL (Access Control List) system to control who can interact with your bot. You can define prioritized rules to allow or deny specific users, channel identities, or entire channel types — all from the bot&#39;s <strong>Access</strong> tab.</p><hr><h2 id="quick-start-acl-presets" tabindex="-1">Quick Start: ACL Presets <a class="header-anchor" href="#quick-start-acl-presets" aria-label="Permalink to &quot;Quick Start: ACL Presets&quot;"></a></h2><p>When you create a bot, Memoh lets you start from an <strong>ACL preset</strong>. Presets are just a shortcut for common access patterns.</p><table tabindex="0"><thead><tr><th>Preset</th><th>Result</th></tr></thead><tbody><tr><td><code>allow_all</code></td><td>Default effect is <code>allow</code>; anyone can chat unless you add deny rules later</td></tr><tr><td><code>private_only</code></td><td>Default effect is <code>deny</code>; private conversations are allowed</td></tr><tr><td><code>group_only</code></td><td>Default effect is <code>deny</code>; group conversations are allowed</td></tr><tr><td><code>group_and_thread_only</code></td><td>Default effect is <code>deny</code>; groups and threads are allowed</td></tr><tr><td><code>deny_all</code></td><td>Default effect is <code>deny</code>; nobody except the owner/admin path can chat until you add allow rules</td></tr></tbody></table><p>These presets only define the starting point. After creation, you can refine everything from the <strong>Access</strong> tab.</p><hr><h2 id="concepts" tabindex="-1">Concepts <a class="header-anchor" href="#concepts" aria-label="Permalink to &quot;Concepts&quot;"></a></h2><h3 id="default-effect" tabindex="-1">Default Effect <a class="header-anchor" href="#default-effect" aria-label="Permalink to &quot;Default Effect&quot;"></a></h3><p>Each bot has a <strong>default effect</strong> (<code>allow</code> or <code>deny</code>) that applies when no ACL rule matches an incoming message. Configure this from the bot&#39;s <strong>Access</strong> tab.</p><ul><li><strong>Allow</strong>: Anyone can chat with the bot unless explicitly denied by a rule.</li><li><strong>Deny</strong>: Only the bot owner, admins, and explicitly allowed subjects can chat.</li></ul><h3 id="subject-types" tabindex="-1">Subject Types <a class="header-anchor" href="#subject-types" aria-label="Permalink to &quot;Subject Types&quot;"></a></h3><p>ACL rules can target three kinds of subjects:</p><table tabindex="0"><thead><tr><th>Subject</th><th>Description</th></tr></thead><tbody><tr><td><strong>All</strong></td><td>Matches every incoming message regardless of sender. Use this for global allow/deny rules.</td></tr><tr><td><strong>Channel Identity</strong></td><td>A specific identity on an external channel (e.g., a Telegram user, a Discord member). Useful for controlling access at the individual level.</td></tr><tr><td><strong>Channel Type</strong></td><td>An entire channel platform (e.g., all Telegram users, all Discord users). Useful for platform-level access control.</td></tr></tbody></table><h3 id="rule-effects" tabindex="-1">Rule Effects <a class="header-anchor" href="#rule-effects" aria-label="Permalink to &quot;Rule Effects&quot;"></a></h3><p>Each rule has an <strong>effect</strong>:</p><ul><li><strong>Allow</strong> — Grants the subject permission to chat with the bot.</li><li><strong>Deny</strong> — Blocks the subject from chatting with the bot.</li></ul><h3 id="priority-based-evaluation" tabindex="-1">Priority-Based Evaluation <a class="header-anchor" href="#priority-based-evaluation" aria-label="Permalink to &quot;Priority-Based Evaluation&quot;"></a></h3><p>Rules are evaluated in <strong>priority order</strong> (top to bottom). The first matching rule determines the outcome:</p><ol><li>Bot owner or system admin → <strong>Always allowed</strong> (bypasses ACL).</li><li>Rules are checked from highest priority (top) to lowest (bottom).</li><li>The first rule whose subject matches the sender is applied.</li><li>If no rule matches → the <strong>default effect</strong> is applied.</li></ol><p>This means rule ordering matters. A deny rule placed above an allow rule will take precedence for matching subjects.</p><hr><h2 id="managing-access" tabindex="-1">Managing Access <a class="header-anchor" href="#managing-access" aria-label="Permalink to &quot;Managing Access&quot;"></a></h2><p>Open a bot&#39;s <strong>Access</strong> tab to configure its access control.</p><h3 id="start-with-a-preset-then-refine" tabindex="-1">Start With A Preset, Then Refine <a class="header-anchor" href="#start-with-a-preset-then-refine" aria-label="Permalink to &quot;Start With A Preset, Then Refine&quot;"></a></h3><p>Recommended workflow:</p><ol><li>Pick an ACL preset when creating the bot.</li><li>Open the <strong>Access</strong> tab.</li><li>Confirm the resulting <strong>Default Effect</strong>.</li><li>Add or reorder rules only where the preset is too broad or too narrow.</li></ol><h3 id="adding-rules" tabindex="-1">Adding Rules <a class="header-anchor" href="#adding-rules" aria-label="Permalink to &quot;Adding Rules&quot;"></a></h3><ol><li>Click <strong>Add Rule</strong>.</li><li>Select a subject type: <ul><li><strong>All</strong>: Applies to everyone.</li><li><strong>Channel Identity</strong>: Search and select a specific channel identity the bot has seen before.</li><li><strong>Channel Type</strong>: Select an entire channel platform.</li></ul></li><li>Choose the <strong>effect</strong>: <code>allow</code> or <code>deny</code>.</li><li>Optionally set <strong>source scope</strong> to restrict the rule to a specific context: <ul><li><strong>Channel</strong>: Only applies when the message comes from a specific channel config.</li><li><strong>Conversation Type</strong>: <code>private</code>, <code>group</code>, or <code>thread</code>.</li><li><strong>Conversation ID</strong>: A specific chat/group ID.</li><li><strong>Thread ID</strong>: A specific thread within a conversation (requires Conversation ID).</li></ul></li><li>Click <strong>Save</strong>.</li></ol><h3 id="reordering-rules" tabindex="-1">Reordering Rules <a class="header-anchor" href="#reordering-rules" aria-label="Permalink to &quot;Reordering Rules&quot;"></a></h3><p>Rules can be <strong>drag-and-dropped</strong> to change their priority. Higher rules (closer to the top) are evaluated first. After reordering, click <strong>Save</strong> to persist the new order.</p><h3 id="source-scope" tabindex="-1">Source Scope <a class="header-anchor" href="#source-scope" aria-label="Permalink to &quot;Source Scope&quot;"></a></h3><p>Source scope lets you create fine-grained rules. For example:</p><ul><li>Allow a user to chat only via Telegram, but not Discord.</li><li>Block an entire channel type only in group conversations.</li><li>Restrict access to a specific thread in a specific group.</li></ul><p>Scope fields form a hierarchy: <strong>Channel → Conversation Type → Conversation ID → Thread ID</strong>. Each level is optional, but a Thread ID requires a Conversation ID.</p><hr><h2 id="what-the-presets-actually-mean" tabindex="-1">What The Presets Actually Mean <a class="header-anchor" href="#what-the-presets-actually-mean" aria-label="Permalink to &quot;What The Presets Actually Mean&quot;"></a></h2><p>This is the most useful mental model:</p><ul><li><code>allow_all</code> is best for open bots and public demos.</li><li><code>private_only</code> is best when the bot should only answer in direct chats.</li><li><code>group_only</code> is best for bots intended to live only in shared rooms.</li><li><code>group_and_thread_only</code> is best for bots that should work in group spaces and threaded sub-conversations, but not in private DMs.</li><li><code>deny_all</code> is best for highly restricted bots where you want to add every allow rule manually.</li></ul><p>If you are unsure, start with <code>allow_all</code> for a personal test bot or <code>deny_all</code> for anything sensitive.</p><hr><h2 id="examples" tabindex="-1">Examples <a class="header-anchor" href="#examples" aria-label="Permalink to &quot;Examples&quot;"></a></h2><h3 id="open-bot-anyone-can-chat" tabindex="-1">Open Bot (Anyone Can Chat) <a class="header-anchor" href="#open-bot-anyone-can-chat" aria-label="Permalink to &quot;Open Bot (Anyone Can Chat)&quot;"></a></h3><ol><li>Choose preset <code>allow_all</code>, or set <strong>ACL Default Effect</strong> to <code>allow</code>.</li><li>No rules needed — everyone is allowed by default.</li></ol><h3 id="private-bot-with-selected-users" tabindex="-1">Private Bot with Selected Users <a class="header-anchor" href="#private-bot-with-selected-users" aria-label="Permalink to &quot;Private Bot with Selected Users&quot;"></a></h3><ol><li>Choose preset <code>deny_all</code>, or set <strong>ACL Default Effect</strong> to <code>deny</code>.</li><li>Add <strong>allow</strong> rules for each authorized channel identity.</li><li>Only listed subjects (plus the bot owner and admins) can trigger the bot.</li></ol><h3 id="open-bot-with-blocked-users" tabindex="-1">Open Bot with Blocked Users <a class="header-anchor" href="#open-bot-with-blocked-users" aria-label="Permalink to &quot;Open Bot with Blocked Users&quot;"></a></h3><ol><li>Choose preset <code>allow_all</code>, or set <strong>ACL Default Effect</strong> to <code>allow</code>.</li><li>Add <strong>deny</strong> rules for problematic channel identities at the top of the list.</li><li>Everyone except denied subjects can chat with the bot.</li></ol><h3 id="platform-specific-access" tabindex="-1">Platform-Specific Access <a class="header-anchor" href="#platform-specific-access" aria-label="Permalink to &quot;Platform-Specific Access&quot;"></a></h3><ol><li>Start from preset <code>deny_all</code> or <code>private_only</code>, depending on your goal.</li><li>Add an <strong>allow</strong> rule with subject type <strong>Channel Type</strong> set to <code>telegram</code>.</li><li>Only Telegram users can chat with the bot — messages from other channels are denied.</li></ol><h3 id="channel-scoped-access" tabindex="-1">Channel-Scoped Access <a class="header-anchor" href="#channel-scoped-access" aria-label="Permalink to &quot;Channel-Scoped Access&quot;"></a></h3><ol><li>Add an <strong>allow</strong> rule for a specific channel identity.</li><li>Set the <strong>Source Scope</strong> channel to your Telegram channel config.</li><li>The user can only chat with the bot via that specific Telegram channel.</li></ol><hr><h2 id="debugging-access-decisions" tabindex="-1">Debugging Access Decisions <a class="header-anchor" href="#debugging-access-decisions" aria-label="Permalink to &quot;Debugging Access Decisions&quot;"></a></h2><p>When ACL behavior is confusing, use:</p><ul><li>the <strong>Access</strong> tab to inspect rule order and default effect</li><li>the <code>/access</code> slash command to inspect the current identity, role, and ACL evaluation context</li></ul><p>This is especially helpful when a user is linked across multiple channels or when group/thread scoping is involved.</p>',58)])])}const g=t(s,[["render",l]]);export{p as __pageData,g as default};
Reference in New Issue View Git Blame Copy Permalink