Command Visibility
The permissions module filters the command list the client uses for tab completion: players only see the commands they are actually allowed to use with their permissions. In addition, namespaced variants like bukkit:tp, minecraft:gamemode or coreengine:home disappear from the suggestion list. For even stricter filtering, enable whitelist mode: players then only see the commands released for their group. The module is disabled by default and is enabled in plugins/CoreEngine/modules/permissions..
Note: Permission filtering is cosmetic, it affects tab completion and command highlighting in the client. Whether a command may be executed is still decided by that command's own permission check. Exceptions: entries from always-hidden and, in whitelist mode, all unlisted commands are also blocked at execution time with block-hidden-execution.
How it works #
- On login and on every refresh of the command list, the module checks the player's permission for each command. Commands without authorization do not appear in tab completion.
- Commands that declare no permission or a permission every player has (that is decided by the respective plugin) stay visible under permission filtering. Example: CoreProtect ships
/cowith a permission that every player has by default, so regular players see/coin the suggestion list. Hide such commands specifically viaalways-hidden, or use whitelist mode. - The module's only fixed permission is
commandvisibility.(default: OP): holders are exempt from all restrictions of the module, they see everything and may execute everything.bypass
Namespaced variants (bukkit:, minecraft:, plugin:) #
The same command often exists multiple times: once in plain form (/tp) and once with a namespace (minecraft:tp, bukkit:tp). hide-namespaced controls what stays visible:
| Mode | Behavior |
|---|---|
all (default) | Every namespaced variant is hidden as long as a plain form of the same name is visible. Nobody sees bukkit:plugins while /plugins exists. If the plain form is completely absent, the namespaced form stays visible so every command keeps at least one reachable name. |
duplicates | A namespaced variant only disappears when the visible plain form really is the same command. If two plugins register the same name, both forms stay visible. |
off | Namespaced variants are never hidden. |
Individual namespaced forms can be kept visible via always-visible (e.g. coreprotect:core).
Whitelist mode: only show listed commands #
With whitelist. the logic flips: instead of hiding unwanted commands, players ONLY see the commands on their groups' lists. Everything else disappears from tab completion and, with block-hidden-execution, is also blocked at execution time. This is the only way to hide commands of other plugins that declare no permission or a permission everyone has (like CoreProtect's /co).
How the groups work:
- The group
defaultapplies to EVERY player. - Every other group applies to players with the permission
commandvisibility.. Example: the groupgroup.<name> vipapplies to all players withcommandvisibility., granted for example via LuckPerms withgroup. vip /lp group vip permission set commandvisibility..group. vip true - A player may see and use the COMBINED lists of all their groups.
- Players with
commandvisibility.(default: OP) continue to see everything.bypass
Important when filling the lists:
- Aliases count as separate names: to allow
/msgand/r, list both. - Clickable chat buttons run real commands. If you allow
/tpa, addtpacceptandtpdenyto the list too, otherwise the accept/deny buttons stop working. - A listed command is still permission checked:
flyon the list only shows/flyto players who also haveutil..fly - CoreEngine's internal confirmation commands (
coreconfirm,shopconfirm,shopcancel,shopedit) always keep working, even without being listed. They just stay invisible. Shop purchases and confirm dialogs continue undisturbed.
Also block hidden commands #
always-hidden entries and, in whitelist mode, all unlisted commands do not just disappear from tab completion: with block-hidden-execution: true (default), execution is blocked as well. The player receives the permissions. message from messages., which looks like the normal unknown-command message, so the command does not reveal its existence. A plain entry like plugins automatically also blocks all namespaced forms (bukkit:plugins). Players with commandvisibility. are exempt, the console is never affected.
Name conflicts with other plugins #
When two plugins register the same command name, the plugin that loads first gets the plain name, the later one is only reachable through its namespace. CoreEngine avoids such conflicts: the web interface is deliberately called /cweb because CoreProtect occupies the name /core. If another plugin does hit a CoreEngine command name, the CoreEngine command always stays reachable via /coreengine:<name>.
LuckPerms live updates #
When a permission changes in LuckPerms, whether directly on the player or on a group, CoreEngine immediately refreshes the command list of all affected players. If the group default loses the warp right via /lp group default permission set warps., /warp instantly disappears from tab completion for all members, without any relog. When the right is granted again, the command reappears just as quickly. This also applies to whitelist groups: as soon as a player receives commandvisibility., they see the VIP commands immediately.
Configuration #
# Main switch of the module, disabled by default
enabled: false
permissions:
# Handling of namespaced variants: all, duplicates or off (see above)
hide-namespaced: all
# Blocks the execution of hidden commands (always-hidden and, in whitelist
# mode, everything unlisted), not just their display. Bypass via the
# commandvisibility.bypass permission.
block-hidden-execution: true
# Commands that are always hidden (and blocked). Names without slash,
# entries like bukkit:plugins are also allowed.
always-hidden: []
# Commands that always stay visible, even if permission, namespaced mode
# or the whitelist would hide them.
always-visible: []
# Whitelist mode: players only see the commands of their groups.
whitelist:
enabled: false
groups: {}Complete example config #
# Enables or disables the module for permission-based command visibility.
enabled: true
permissions:
# No bukkit:/minecraft: variants in tab completion.
hide-namespaced: all
# Hidden commands are not executable either.
block-hidden-execution: true
# These commands declare no permission and are hidden and blocked here
# manually (without whitelist mode).
always-hidden:
- plugins
- icanhasbukkit
# /spawn always stays visible.
always-visible:
- spawn
# Only show listed commands: everyone sees the default list, players
# with commandvisibility.group.vip additionally see the vip list.
whitelist:
enabled: true
groups:
default:
- help
- spawn
- home
- sethome
- warp
- warps
- tpa
- tpaccept
- tpdeny
- msg
- r
- team
- jobs
- cweb
vip:
- fly
- hat