mirror of
https://github.com/memohai/Memoh.git
synced 2026-04-27 07:16:19 +09:00
sheepbox8646
2 lines
7.9 KiB
JavaScript
2 lines
7.9 KiB
JavaScript
import{_ as t,o as s,c as a,ag as o}from"./chunks/framework.CvgP6Fyv.js";const g=JSON.parse('{"title":"Bot Access Control","description":"","frontmatter":{},"headers":[],"relativePath":"getting-started/access.md","filePath":"getting-started/access.md","lastUpdated":1773501089000}'),n={name:"getting-started/access.md"};function i(r,e,l,c,h,d){return s(),a("div",null,[...e[0]||(e[0]=[o('<h1 id="bot-access-control" tabindex="-1">Bot Access Control <a class="header-anchor" href="#bot-access-control" aria-label="Permalink to "Bot Access Control""></a></h1><p>Memoh uses an ACL (Access Control List) system to control who can interact with your bot. You can configure guest access, whitelist specific users or channel identities, and blacklist others — all from the bot's <strong>Access</strong> tab.</p><hr><h2 id="concepts" tabindex="-1">Concepts <a class="header-anchor" href="#concepts" aria-label="Permalink to "Concepts""></a></h2><h3 id="authorization-layers" tabindex="-1">Authorization Layers <a class="header-anchor" href="#authorization-layers" aria-label="Permalink to "Authorization Layers""></a></h3><p>Bot access is enforced at two levels:</p><ol><li><strong>Management Access</strong>: Only the bot <strong>owner</strong> and system <strong>admins</strong> can edit bot settings, manage ACL rules, and configure the bot. This is not configurable — it is based on ownership.</li><li><strong>Chat Trigger Access</strong>: Controls who can send messages to the bot and trigger a response. This is what the ACL system manages.</li></ol><h3 id="subject-types" tabindex="-1">Subject Types <a class="header-anchor" href="#subject-types" aria-label="Permalink to "Subject Types""></a></h3><p>ACL rules can target three kinds of subjects:</p><table tabindex="0"><thead><tr><th>Subject</th><th>Description</th></tr></thead><tbody><tr><td><strong>Guest (all)</strong></td><td>A global toggle — when enabled, anyone can chat with the bot without being explicitly listed.</td></tr><tr><td><strong>User</strong></td><td>A specific Memoh user account.</td></tr><tr><td><strong>Channel Identity</strong></td><td>A specific identity on an external channel (e.g. a Telegram user, a Discord member). Useful when the person doesn't have a Memoh account.</td></tr></tbody></table><h3 id="evaluation-order" tabindex="-1">Evaluation Order <a class="header-anchor" href="#evaluation-order" aria-label="Permalink to "Evaluation Order""></a></h3><p>When an incoming message arrives, the bot evaluates access in this order:</p><ol><li>Bot owner or system admin → <strong>Allow</strong></li><li>User or channel identity has a <strong>deny</strong> rule → <strong>Deny</strong></li><li>User or channel identity has an <strong>allow</strong> rule → <strong>Allow</strong></li><li>Guest access is enabled → <strong>Allow</strong></li><li>None of the above → <strong>Deny</strong></li></ol><p>Blacklist (deny) rules are always checked before whitelist (allow) rules. This means a blacklisted user cannot bypass the block even if guest access is enabled.</p><hr><h2 id="managing-access" tabindex="-1">Managing Access <a class="header-anchor" href="#managing-access" aria-label="Permalink to "Managing Access""></a></h2><p>Open a bot's <strong>Access</strong> tab to configure its access control.</p><h3 id="guest-access" tabindex="-1">Guest Access <a class="header-anchor" href="#guest-access" aria-label="Permalink to "Guest Access""></a></h3><p>Toggle <strong>Allow Guest Access</strong> to let anyone chat with the bot without an explicit whitelist entry. This is useful for public-facing bots.</p><p>When guest access is disabled, only the bot owner, admins, and explicitly whitelisted users/identities can trigger the bot.</p><h3 id="whitelist" tabindex="-1">Whitelist <a class="header-anchor" href="#whitelist" aria-label="Permalink to "Whitelist""></a></h3><p>The whitelist grants specific users or channel identities permission to chat with the bot.</p><ol><li>Click <strong>Add</strong> in the Whitelist section.</li><li>Select a subject type: <ul><li><strong>User</strong>: Search and select a Memoh user.</li><li><strong>Channel Identity</strong>: Search and select a channel identity (e.g. a Telegram user the bot has seen before).</li></ul></li><li>Optionally set <strong>source scope</strong> to restrict the rule to a specific context: <ul><li><strong>Channel</strong>: Only applies when the message comes from a specific channel (e.g. your Telegram bot channel).</li><li><strong>Conversation Type</strong>: <code>private</code>, <code>group</code>, or <code>thread</code>.</li><li><strong>Conversation ID</strong>: A specific chat/group ID.</li><li><strong>Thread ID</strong>: A specific thread within a conversation (requires Conversation ID).</li></ul></li><li>Click <strong>Save</strong>.</li></ol><p>Without source scope, the rule applies globally — the subject can chat with the bot from any channel.</p><h3 id="blacklist" tabindex="-1">Blacklist <a class="header-anchor" href="#blacklist" aria-label="Permalink to "Blacklist""></a></h3><p>The blacklist denies specific users or channel identities from chatting with the bot. The setup process is the same as the whitelist.</p><p>Blacklist rules take priority over whitelist rules and guest access. Use this to block specific users while keeping the bot open to others.</p><h3 id="source-scope" tabindex="-1">Source Scope <a class="header-anchor" href="#source-scope" aria-label="Permalink to "Source Scope""></a></h3><p>Source scope lets you create fine-grained rules. For example:</p><ul><li>Allow a user to chat only via Telegram, but not Discord</li><li>Block a channel identity only in group conversations</li><li>Restrict access to a specific thread in a specific group</li></ul><p>Scope fields form a hierarchy: <strong>Channel → Conversation Type → Conversation ID → Thread ID</strong>. Each level is optional, but a Thread ID requires a Conversation ID, and a Conversation ID requires a Channel.</p><hr><h2 id="examples" tabindex="-1">Examples <a class="header-anchor" href="#examples" aria-label="Permalink to "Examples""></a></h2><h3 id="public-bot-anyone-can-chat" tabindex="-1">Public Bot (Anyone Can Chat) <a class="header-anchor" href="#public-bot-anyone-can-chat" aria-label="Permalink to "Public Bot (Anyone Can Chat)""></a></h3><ol><li>Open the bot's <strong>Access</strong> tab.</li><li>Enable <strong>Allow Guest Access</strong>.</li><li>Done — anyone on any connected channel can now message the bot.</li></ol><h3 id="private-bot-with-selected-users" tabindex="-1">Private Bot with Selected Users <a class="header-anchor" href="#private-bot-with-selected-users" aria-label="Permalink to "Private Bot with Selected Users""></a></h3><ol><li>Disable <strong>Allow Guest Access</strong>.</li><li>Add each authorized user or channel identity to the <strong>Whitelist</strong>.</li><li>Only listed subjects (plus the bot owner and admins) can trigger the bot.</li></ol><h3 id="public-bot-with-blocked-users" tabindex="-1">Public Bot with Blocked Users <a class="header-anchor" href="#public-bot-with-blocked-users" aria-label="Permalink to "Public Bot with Blocked Users""></a></h3><ol><li>Enable <strong>Allow Guest Access</strong>.</li><li>Add problematic users/identities to the <strong>Blacklist</strong>.</li><li>Everyone except blacklisted subjects can chat with the bot.</li></ol><h3 id="channel-scoped-access" tabindex="-1">Channel-Scoped Access <a class="header-anchor" href="#channel-scoped-access" aria-label="Permalink to "Channel-Scoped Access""></a></h3><ol><li>Add a whitelist rule for a user.</li><li>Set the <strong>Channel</strong> source scope to your Telegram channel.</li><li>The user can only chat with the bot via Telegram — messages from other channels are denied.</li></ol>',41)])])}const b=t(n,[["render",i]]);export{g as __pageData,b as default};
|