Permissions
Permissions
Section titled “Permissions”Bazaar reads permissions through the standard me.lucko.fabric.api.permissions.v0.Permissions API, so any Fabric permissions provider works (LuckPerms, ForgeConfigAPIPort’s built-in, etc.).
Player Permissions
Section titled “Player Permissions”| Node | Gates | Default |
|---|---|---|
bazaar.gts.browse | Opening /gts and the GTS GUI. | everyone |
bazaar.gts.sell | /gts sell and cancelling own GTS listings. | everyone |
bazaar.gts.buy | Buying BIN GTS listings and placing bids. | everyone |
bazaar.gts.buyorder | Creating and cancelling GTS buy orders. | everyone |
bazaar.ah.browse | Opening /ah (the default channel). | everyone |
bazaar.ah.sell | /ah sell. | everyone |
Channel-Specific Permissions
Section titled “Channel-Specific Permissions”Every channel declares a base permission node in channels.conf. Two subnodes are derived from it:
<base>.browse– open the channel’s browse GUI and view listings.<base>.sell– list items in the channel.
Example: the shipped premium channel has permission: "bazaar.ah.premium", so you need:
bazaar.ah.premium.browseto run/premiumbazaar.ah.premium.sellto list an item in it
Use these nodes to build tiers: bazaar.ah.premium.browse on everyone but bazaar.ah.premium.sell only on a ranked group, for example.
Admin Permission
Section titled “Admin Permission”| Node | Gates |
|---|---|
bazaar.admin | All /bazaar admin subcommands and admin-only endpoints on the web dashboard. |
If you don’t set this node explicitly it falls back to Minecraft’s op level 2 (/op <player>).
Dashboard Access
Section titled “Dashboard Access”Login uses /bazaar link to produce a one-time code. The dashboard then:
- Issues a JWT signed with
web.jwtSecretfromconfig.conf. - Reads the player’s permissions every request to decide which pages and actions are available.
The admin panel on the dashboard checks bazaar.admin exactly the same way the in-game commands do.
Permission Patterns
Section titled “Permission Patterns”- Keep
bazaar.gts.*andbazaar.ah.*on everyone; they’re how players interact with the mod at all. - Gate premium channels through
<base>.sellif you want only staff or ranked players to list there. - Give
bazaar.adminonly to staff. Admin commands and dashboard pages are destructive. - There is no separate “view admin panel” permission. Anyone with
bazaar.adminsees every admin feature.