How to setup Hubot basic permissions?

Question

How do I setup basic user permissions so users can't run commands like "Hubot die" or "Hubot show storage"?

I can see there is a script called hubot-auth but that seems to be for implementing it in other scripts and not controlling existing commands.

Answer 1

There is a small chapter about it in Automation and Monitoring with Hubot book (shameless plug). Excerpt:

Assigning Roles

Only Admin users can assign roles. You don't have to create a role before assigning. All you have to do is tell Hubot who is who using hubot <user> has <role> role. And you no longer have to use those cryptic IDs anymore:

Tomas     hubot Jesse Pinkman has developer role
Hubot     Tomas: Ok, Jesse Pinkman has the 'developer' role.

Check the assigned roles using hubot what roles does <user> have?:

Tomas     hubot what roles does Jesse Pinkman have?  
Hubot     Tomas: Jesse Pinkman has the following roles: developer.

To remove the role from somebody, use hubot <user> does not have <role> role:

Tomas     hubot Jesse Pinkman does not have developer role
Hubot     Tomas: Ok, Jesse Pinkman doesn't have the 'developer' role.

You can assign multiple roles to multiple users.

Applying Roles

Now, time to break the bad news. While Hubot Auth is pretty flexible, you will have to edit your scripts to apply those roles. Luckily, there is not much to edit. There is a simple function that checks if user has a role - robot.Auth.hasRole(msg.envelope.user, '<role>'). This is how you use it in a script:

module.exports = (robot) ->
  robot.respond /do dangerous stuff/i, (msg) ->
    if robot.auth.hasRole(msg.envelope.user, 'developer')
      doDangerousStuff(msg)
    else
      msg.reply "Sorry, you don't have 'developer' role"

  doDangerousStuff = (msg) ->
    msg.send "Doing dangerous stuff"