CoreEngineWIKI
ESC
NavigateEnter OpenESC Close

Command Visibility

The permissions module filters the command list the client uses for tab completion: players only see the commands they are actually allowed to use with their permissions. In addition, namespaced variants like bukkit:tp, minecraft:gamemode or coreengine:home disappear from the suggestion list. For even stricter filtering, enable whitelist mode: players then only see the commands released for their group. The module is disabled by default and is enabled in plugins/CoreEngine/modules/permissions.yml.

ℹ️

Note: Permission filtering is cosmetic, it affects tab completion and command highlighting in the client. Whether a command may be executed is still decided by that command's own permission check. Exceptions: entries from always-hidden and, in whitelist mode, all unlisted commands are also blocked at execution time with block-hidden-execution.

How it works #

  • On login and on every refresh of the command list, the module checks the player's permission for each command. Commands without authorization do not appear in tab completion.
  • Commands that declare no permission or a permission every player has (that is decided by the respective plugin) stay visible under permission filtering. Example: CoreProtect ships /co with a permission that every player has by default, so regular players see /co in the suggestion list. Hide such commands specifically via always-hidden, or use whitelist mode.
  • The module's only fixed permission is commandvisibility.bypass (default: OP): holders are exempt from all restrictions of the module, they see everything and may execute everything.

Namespaced variants (bukkit:, minecraft:, plugin:) #

The same command often exists multiple times: once in plain form (/tp) and once with a namespace (minecraft:tp, bukkit:tp). hide-namespaced controls what stays visible:

ModeBehavior
all (default)Every namespaced variant is hidden as long as a plain form of the same name is visible. Nobody sees bukkit:plugins while /plugins exists. If the plain form is completely absent, the namespaced form stays visible so every command keeps at least one reachable name.
duplicatesA namespaced variant only disappears when the visible plain form really is the same command. If two plugins register the same name, both forms stay visible.
offNamespaced variants are never hidden.

Individual namespaced forms can be kept visible via always-visible (e.g. coreprotect:core).

Whitelist mode: only show listed commands #

With whitelist.enabled: true the logic flips: instead of hiding unwanted commands, players ONLY see the commands on their groups' lists. Everything else disappears from tab completion and, with block-hidden-execution, is also blocked at execution time. This is the only way to hide commands of other plugins that declare no permission or a permission everyone has (like CoreProtect's /co).

How the groups work:

  • The group default applies to EVERY player.
  • Every other group applies to players with the permission commandvisibility.group.<name>. Example: the group vip applies to all players with commandvisibility.group.vip, granted for example via LuckPerms with /lp group vip permission set commandvisibility.group.vip true.
  • A player may see and use the COMBINED lists of all their groups.
  • Players with commandvisibility.bypass (default: OP) continue to see everything.

Important when filling the lists:

  • Aliases count as separate names: to allow /msg and /r, list both.
  • Clickable chat buttons run real commands. If you allow /tpa, add tpaccept and tpdeny to the list too, otherwise the accept/deny buttons stop working.
  • A listed command is still permission checked: fly on the list only shows /fly to players who also have util.fly.
  • CoreEngine's internal confirmation commands (coreconfirm, shopconfirm, shopcancel, shopedit) always keep working, even without being listed. They just stay invisible. Shop purchases and confirm dialogs continue undisturbed.

Also block hidden commands #

always-hidden entries and, in whitelist mode, all unlisted commands do not just disappear from tab completion: with block-hidden-execution: true (default), execution is blocked as well. The player receives the permissions.command-blocked message from messages.yml, which looks like the normal unknown-command message, so the command does not reveal its existence. A plain entry like plugins automatically also blocks all namespaced forms (bukkit:plugins). Players with commandvisibility.bypass are exempt, the console is never affected.

Name conflicts with other plugins #

When two plugins register the same command name, the plugin that loads first gets the plain name, the later one is only reachable through its namespace. CoreEngine avoids such conflicts: the web interface is deliberately called /cweb because CoreProtect occupies the name /core. If another plugin does hit a CoreEngine command name, the CoreEngine command always stays reachable via /coreengine:<name>.

LuckPerms live updates #

When a permission changes in LuckPerms, whether directly on the player or on a group, CoreEngine immediately refreshes the command list of all affected players. If the group default loses the warp right via /lp group default permission set warps.use false, /warp instantly disappears from tab completion for all members, without any relog. When the right is granted again, the command reappears just as quickly. This also applies to whitelist groups: as soon as a player receives commandvisibility.group.vip, they see the VIP commands immediately.

Configuration #

YAML
# Main switch of the module, disabled by default
enabled: false

permissions:
  # Handling of namespaced variants: all, duplicates or off (see above)
  hide-namespaced: all
  # Blocks the execution of hidden commands (always-hidden and, in whitelist
  # mode, everything unlisted), not just their display. Bypass via the
  # commandvisibility.bypass permission.
  block-hidden-execution: true
  # Commands that are always hidden (and blocked). Names without slash,
  # entries like bukkit:plugins are also allowed.
  always-hidden: []
  # Commands that always stay visible, even if permission, namespaced mode
  # or the whitelist would hide them.
  always-visible: []
  # Whitelist mode: players only see the commands of their groups.
  whitelist:
    enabled: false
    groups: {}

Complete example config #

YAML
# Enables or disables the module for permission-based command visibility.
enabled: true

permissions:
  # No bukkit:/minecraft: variants in tab completion.
  hide-namespaced: all
  # Hidden commands are not executable either.
  block-hidden-execution: true
  # These commands declare no permission and are hidden and blocked here
  # manually (without whitelist mode).
  always-hidden:
    - plugins
    - icanhasbukkit
  # /spawn always stays visible.
  always-visible:
    - spawn
  # Only show listed commands: everyone sees the default list, players
  # with commandvisibility.group.vip additionally see the vip list.
  whitelist:
    enabled: true
    groups:
      default:
        - help
        - spawn
        - home
        - sethome
        - warp
        - warps
        - tpa
        - tpaccept
        - tpdeny
        - msg
        - r
        - team
        - jobs
        - cweb
      vip:
        - fly
        - hat