Roles And Authentication

In most cases this may be not necessary, but you may want to restrict more sensitive Hubot actions to a handful of people that can trigger them. The cleanest way to do this is using Hubot’s Auth, which with your Hubot instance. You can find the script at scripts/auth.coffee.

Setting Hubot Auth Admin

Every adapter implementation has different way of recognizing users. There is a handy command that shows you how Hubot sees users with your adapter - hubot show users. This is how it looks like in Campfire:

Tomas V.  hubot show users Hubot     1502861 Tomas Varaneckas <[email protected]>           1502862 Hubot <[email protected]>           1522958 Jesse Pinkman <[email protected]> 

It may look a little different with other chat adapters, but all you need from this output is the ID of every user you want to be able to administer Hubot roles, and that ID is the first number. You should set HUBOT_AUTH_ADMIN environmental variable to comma separated list of admin user IDs.

To illustrate futher examples, I’ll just set my own Campfire ID, since I don’t really trust Jesse Pinkman:

# Comma separated list of users who administer Hubot Auth export HUBOT_AUTH_ADMIN=1502861 

After restarting Hubot, I should be able to see myself having Admin role:

Tomas V.  hubot who has admin role? Hubot     Tomas Varaneckas: The following people have the 'admin' role: Tomas\  Varaneckas 

Assigning Roles

Only Admin users can assign roles. You don’t have to create a role before assigning. All you have to do is tell Hubot who is who using hubot <user> has <role> role. And you no longer have to use those cryptic IDs anymore:

Tomas V.  hubot Jesse Pinkman has developer role Hubot     Tomas Varaneckas: Ok, Jesse Pinkman has the 'developer' role. 

Check the assigned roles using hubot what roles does <user> have?:

Tomas V.  hubot what roles does Jesse Pinkman have? Hubot     Tomas Varaneckas: Jesse Pinkman has the following roles: developer. 

To remove the role from somebody, use hubot <user> does not have <role> role:

Tomas V.  hubot Jesse Pinkman does not have developer role Hubot     Tomas Varaneckas: Ok, Jesse Pinkman doesn't have the 'developer' ro\ le. 

You can assign multiple roles to multiple users.

Applying Roles

Now, time to break the bad news. While Hubot Auth is pretty flexible, you will have to edit your scripts to apply those roles. Luckily, there is not much to edit. There is a simple function that checks if user has a role - robot.Auth.hasRole(msg.envelope.user, '<role>'). This is how you use it in a script:

module.exports = (robot) ->   robot.respond /do dangerous stuff/i, (msg) ->     if robot.auth.hasRole(msg.envelope.user, 'developer')       doDangerousStuff(msg)     else       msg.reply "Sorry, you don't have 'developer' role"    doDangerousStuff = (msg) ->     msg.send "Doing dangerous stuff" 

This is how it looks in action:

Tomas V.  hubot do dangerous stuff Hubot     Tomas Varaneckas: Sorry, you don't have 'developer' role Jesse P.  hubot do dangerous stuff Hubot     Doing dangerous stuff