From d38658620192a61bbb67c3978a107ff4cc8ed89b Mon Sep 17 00:00:00 2001
From: lhofhansl <lhofhansl@yahoo.com>
Date: Sat, 7 Oct 2017 06:12:09 -0700
Subject: [PATCH] Do not grant all privs to the admin - changes game behavior
 (#6460)

* Do not grant all privs to admins.

* Default give_to_admin to give_to_singleplayer
---
 builtin/game/auth.lua       | 4 +++-
 builtin/game/privileges.lua | 8 ++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/builtin/game/auth.lua b/builtin/game/auth.lua
index 4d5178ba7..bf5bd19a8 100644
--- a/builtin/game/auth.lua
+++ b/builtin/game/auth.lua
@@ -83,7 +83,9 @@ core.builtin_auth_handler = {
 		-- For the admin, give everything
 		elseif name == core.settings:get("name") then
 			for priv, def in pairs(core.registered_privileges) do
-				privileges[priv] = true
+				if def.give_to_admin then
+					privileges[priv] = true
+				end
 			end
 		end
 		-- All done
diff --git a/builtin/game/privileges.lua b/builtin/game/privileges.lua
index e9b2df54c..325340fd2 100644
--- a/builtin/game/privileges.lua
+++ b/builtin/game/privileges.lua
@@ -11,6 +11,9 @@ function core.register_privilege(name, param)
 		if def.give_to_singleplayer == nil then
 			def.give_to_singleplayer = true
 		end
+		if def.give_to_admin == nil then
+			def.give_to_admin = def.give_to_singleplayer
+		end
 		if def.description == nil then
 			def.description = "(no description)"
 		end
@@ -45,6 +48,7 @@ core.register_privilege("settime", {
 core.register_privilege("server", {
 	description = "Can do server maintenance stuff",
 	give_to_singleplayer = false,
+	give_to_admin = true,
 })
 core.register_privilege("protection_bypass", {
 	description = "Can bypass node protection in the world",
@@ -53,10 +57,12 @@ core.register_privilege("protection_bypass", {
 core.register_privilege("ban", {
 	description = "Can ban and unban players",
 	give_to_singleplayer = false,
+	give_to_admin = true,
 })
 core.register_privilege("kick", {
 	description = "Can kick players",
 	give_to_singleplayer = false,
+	give_to_admin = true,
 })
 core.register_privilege("give", {
 	description = "Can use /give and /giveme",
@@ -65,6 +71,7 @@ core.register_privilege("give", {
 core.register_privilege("password", {
 	description = "Can use /setpassword and /clearpassword",
 	give_to_singleplayer = false,
+	give_to_admin = true,
 })
 core.register_privilege("fly", {
 	description = "Can fly using the free_move mode",
@@ -85,6 +92,7 @@ core.register_privilege("rollback", {
 core.register_privilege("debug", {
 	description = "Allows enabling various debug options that may affect gameplay",
 	give_to_singleplayer = false,
+	give_to_admin = true,
 })
 
 core.register_can_bypass_userlimit(function(name, ip)