The limitation for the access to the driver stand is again broken.
This is a very dangerous problem, as everyone can now "play" with any trains, be it public lines or private lines.
Currently are on the server I play several subway lines broken since a few days after someone decoupled several 3 wagon trains in station. Repairing and then restarting stopps after a few minutes, because then other broken trains block again the lines.
On the priority level of syslog I give this problem a level of "alert", one more problem or griefing attack and advtrains becomes unusable on multiplayer servers.
(a few months ago the limitations worked: I was able to lock myself out from the driver stand)
I know that the current security system in its totality is broken, does
not work, and kills cute little kittens. This is an issue I clearly have
to spend time on, and completely reimplement everything, because fixing
it would be very hard. I reverted the privilege system change I wrote
half a year ago, because it did introduce more bugs than it fixed, until
I (or someone else) come up with a better solution.
Leaving this issue open as a reminder.
The current situation leaves all trains open to serious sabotaging - I'm shutting down all lines I controll after hit with such sabotage.
IMHO is advtrains therefore currently unusable / totally broken.
Here is the offending snippet from trainlogic.lua in the master branch.
Decoupling only checks if coupling is locked and if player has
train_operator priv. Couples should be locked to non-owners by default,
with the option of adding a list of names that may uncouple the wagons.
function advtrains.safe_decouple_wagon(w_id, pname)
if not minetest.check_player_privs(pname, "train_operator") then
minetest.chat_send_player(pname, "Missing train_operator privilege")
local data = advtrains.wagons[w_id]
if data.dcpl_lock then
minetest.chat_send_player(pname, "Couple is locked (ask owner or admin to unlock it)")
atprint("wagon:discouple() Splitting train", data.train_id)
local train = advtrains.trains[data.train_id]
advtrains.log("Discouple", pname, train.last_pos, train.text_outside)
I think that changing the behaviour on (de)coupling is a pointless and dangerous working on symptoms - and as long as this serious bug is not fixed it even makes coupling for other players - even when asked to do it - impossible. (not able to add players to a whitelist -> no other players able to (de)couple )
Exactly, a whitelist should be added.