Web UI Login Support and Permissions - webbukkit/dynmap GitHub Wiki
Dynmap offers the option of limiting the availability of the information that can be access through the web user interface. To enable login support, the following setting must be configured in configuration.txt:
login-enabled: true
Once enabled, user accounts can be registered. Registration can be done by users themselves (using the /dynmap webregister command), if the users have the dynmap.webregister
permissions. Alternately, registration can be done by administrators on behalf of users using the /dynmap webregister <userid>
(which requires the dynmap.webregister.other
permission). In either case, the user is supplied with a passcode, which can then be used on the web interface login panel to create a web user account.
Once defined, the web user account will use the permissions associated with the Minecraft user account to control access through the web interface.
If desired, the web interface can be restricted to only logged in users. To do this, set the setting:
login-required: true
Otherwise, guest access to the interface is permitted - which will only allow access to unprotected features.
If the operator wants to restrict access to all map data on a specific world, this can be done by setting the 'protected' attribute on the world in worlds.txt (or, equivalently, by setting it using the command /dmap worldset <world-id> protected:true
). Once set, only logged in users that also have the permission dynmap.world.<world-id>
will be able to see any of the maps for the world .
If the operator wants to restrict access to specific maps on specific worlds, this can be done by setting the 'protected' attribute on the map in worlds.txt (or, equivalently, by setting it using the command /dmap mapset <world-id>:<map-id> protected:true
). Once set, only logged in users that also have the permissions dynmap.map.<world-id>.<map-id>
will be able to see the protected map. Note: if the map and the world are both protected, both permissions are needed.
If the operator wants to restrict access for sending messages from the web interface, this can be done by setting the 'webchat-permissions' setting on the ClientUpdateComponent. Once set to 'true', only logged in users that have the dynmap.webchat
permission are allowed to send chat messages from the web interface.
If the operator wants to restrict visibility of the position and status of players, this can be done by setting the 'protected-player-info' setting on the ClientUpdateComponent. Once set to 'true', only logged in users that have the dynmap.playermarkers.seeall
permission will be able to see the position and/or health information of all visible players. Logged-in players without the permission will only see their own position, while guests will see no players.