Add configurable read-only mode for commands (#4031)

standalone/src/main/resources/config.yml

@@ -576,3 +576,33 @@ disable-bulkupdate: false
 #
 # - When this happens, the plugin will set their primary group back to default.
 prevent-primary-group-removal: false
+
+# If the plugin should run in "read-only" mode for commands.
+#
+# In this mode, players or the console will only be able to execute commands that read or view
+# data, and will not be able to execute any LP commands that modify data.
+#
+# If enabling read-only mode for just players, be aware that some other plugins may allow players
+# to execute commands as the console, allowing them to run LP commands indirectly.
+#
+# Note: This does not affect interactions with LuckPerms via the API.
+commands-read-only-mode:
+  players: false
+  console: false
+
+# If LuckPerms commands should be disabled. When true, this will prevent all LP commands from being
+# executed. In a sense this is a more extreme version of read-only mode (see above).
+#
+# LuckPerms will still act as the permission manager, but server administrators will be unable to
+# make changes via commands.
+#
+# If disabling commands just for players, be aware that some other plugins may allow players to
+# execute commands as the console, allowing them to run commands indirectly.
+#
+# If commands are disabled for both players and the console, LuckPerms will not attempt to register
+# a command with the server at all & in a sense will be invisible to both players and admins.
+#
+# Note: This does not affect interactions with LuckPerms via the API.
+disable-luckperms-commands:
+  players: false
+  console: false

standalone/src/test/java/me/lucko/luckperms/standalone/CommandsIntegrationTest.java

@@ -1407,4 +1407,42 @@ public class CommandsIntegrationTest {
         });
     }
 
+    @Test
+    public void testReadOnlyMode(@TempDir Path tempDir) {
+        Map<String, String> config = new HashMap<>(CONFIG);
+        config.put("commands-read-only-mode.players", "true");
+
+        TestPluginProvider.use(tempDir, config, (app, bootstrap, plugin) -> {
+            CommandExecutor executor = app.getCommandExecutor();
+
+            new CommandTester(executor)
+                    .givenHasPermissions("luckperms.group.permission.info")
+                    .whenRunCommand("group default permission info")
+                    .thenExpect("[LP] default does not have any permissions set.")
+
+                    .givenHasPermissions("luckperms.group.permission.info", "luckperms.group.permission.set")
+                    .whenRunCommand("group default permission set test true")
+                    .thenExpect("[LP] You do not have permission to use this command!", false)
+
+                    .givenHasAllPermissions()
+                    .whenRunCommand("group default permission set test true")
+                    .thenExpect("[LP] You do not have permission to use this command!");
+        });
+    }
+
+    @Test
+    public void testCommandsDisabled(@TempDir Path tempDir) {
+        Map<String, String> config = new HashMap<>(CONFIG);
+        config.put("disable-luckperms-commands.players", "true");
+
+        TestPluginProvider.use(tempDir, config, (app, bootstrap, plugin) -> {
+            CommandExecutor executor = app.getCommandExecutor();
+
+            new CommandTester(executor)
+                    .givenHasAllPermissions()
+                    .whenRunCommand("info")
+                    .thenExpect("[LP] LuckPerms commands are disabled.");
+        });
+    }
+
 }

standalone/src/test/java/me/lucko/luckperms/standalone/utils/CommandTester.java

@@ -154,10 +154,21 @@ public final class CommandTester implements Consumer<Component>, Function<String
      * @return this
      */
     public CommandTester thenExpect(String expected) {
+        return thenExpect(expected, true);
+    }
+
+    /**
+     * Asserts that the current contents of the message buffer matches the given input string.
+     *
+     * @param expected the expected contents
+     * @param checkPermissions whether to assert that the exact permissions were checked
+     * @return this
+     */
+    public CommandTester thenExpect(String expected, boolean checkPermissions) {
         String actual = this.renderBuffer();
         assertEquals(expected.trim(), actual.trim());
 
-        if (this.permissions != null) {
+        if (checkPermissions && this.permissions != null) {
             assertEquals(this.checkedPermissions, this.permissions.keySet());
         }