Permissions
Zander uses LuckPerms for permission management across all components. Permissions follow dot-notation (e.g. zander.discord.punish.warn) and support wildcard notation (e.g. zander.discord.punish.* grants all punish sub-permissions).
Permissions are checked against the user's linked Minecraft account — both Discord commands and the web dashboard look up the player's LuckPerms groups via that account.
Minecraft Plugin Permissions
zander-addon
| Permission | Default | Description |
|---|---|---|
zander.command.freeze | op | Freeze or unfreeze a player in-game |
zander-hub
| Permission | Default | Description |
|---|---|---|
zander.fly | op | Toggle flight in the hub world |
zanderhub.administrator | op | Full hub administrator access |
zanderhub.build | op | Enable build mode in the hub |
zander-velocity (Private Messaging)
| Permission | Description |
|---|---|
zander.command.message | Send private messages to other online players |
zander.command.reply | Reply to the last private message conversation |
zander.command.ignore | Manage your personal ignore list |
zander.command.togglemessages | Toggle whether you receive inbound private messages |
Discord Permissions
These permission nodes are stored in LuckPerms and checked when Discord bot commands are invoked. The calling user must have their Minecraft account linked for permission checks to resolve.
Punishment Commands (/punish)
| Permission | Subcommand(s) | Description |
|---|---|---|
zander.discord.punish.warn | warn | Issue a warning to a Discord user |
zander.discord.punish.kick | kick | Kick a user from the Discord guild |
zander.discord.punish.ban | ban, tempban, unban | Permanently or temporarily ban/unban a user |
zander.discord.punish.mute | mute, tempmute, unmute | Mute/unmute a user in chat and voice |
zander.discord.punish.history | history | View cross-platform punishment history |
Staff Commands
| Permission | Command | Description |
|---|---|---|
zander.web.audit | /audit, /staff-audit-report | Audit user activity or trigger the staff audit report |
zander.web.bridge | /bridge | Manage the command bridge executor queue |
zander.discord.lpaudit | /lp-audit | Read-only audit of LuckPerms ↔ Discord role sync |
zander.web.nicknamecheck | /nicknamecheck | Manually scan for Discord nickname mismatches |
Web Dashboard Permissions
All dashboard routes are protected by a session check (user must be logged in) and a LuckPerms permission check via the user's linked Minecraft account.
| Permission | Dashboard Section | Description |
|---|---|---|
zander.web.dashboard | Overview | Access the main admin dashboard |
zander.web.logs | Logs | View system activity and audit logs |
zander.web.application | Applications | Create, edit, and delete application listings |
zander.web.server | Servers | Add, edit, and remove server entries |
zander.web.announcements | Announcements | Create and manage announcements |
zander.web.vault | Vault | Manage vault entries |
zander.web.rank | Ranks | View and configure ranks |
zander.web.scheduler | Scheduler | Schedule Discord messages |
zander.web.tickets | Support | Base access to the support ticket dashboard |
zander.web.tickets.<slug> | Support | Access tickets in a specific category (e.g. zander.web.tickets.general) |
zander.web.tickets.* | Support | Access tickets in all categories |
zander.web.punishment.manage | Web Punishments | Create and lift website punishments |
zander.web.punishment.view | Punishments | View the public punishment log at /punishments |
zander.web.forms | Forms | Access the Forms dashboard |
zander.web.forms.<slug> | Forms | Access responses for a specific form (e.g. zander.web.forms.feedback) |
zander.web.forms.* | Forms | Access responses for all forms |
zander.web.voting | Voting | Manage voting sites, reward templates, and leaderboards |
zander.web.events | Events | Create, edit, and manage events and templates |
zander.web.events.review | Events | Access the event review queue; approve or reject submissions |
zander.web.bridge | Bridge | Access the bridge executor dashboard |
Forum Permissions
| Permission | Description |
|---|---|
zander.forums.moderate | General forum moderation — edit or manage any content |
zander.forums.post.delete | Delete any forum post |
zander.forums.viewArchived | View archived discussions |
zander.forums.discussion.sticky | Pin or unpin discussions |
zander.forums.discussion.lock | Lock or unlock discussions |
zander.forums.discussion.archive | Archive or unarchive discussions |
zander.forums.category.manage | Manage forum categories from the dashboard |
Forum categories can also carry per-category view and post permission nodes, configured when creating or editing a category from the dashboard.
Events Permissions
| Permission | Description |
|---|---|
zander.web.events | Access the events dashboard, create and edit events and templates |
zander.web.events.review | Access the review queue; approve or reject events submitted for review |
Forms Permissions
| Permission | Description |
|---|---|
zander.web.forms | Base access to the Forms dashboard — view the forms list |
zander.web.forms.<slug> | Access responses for a specific form (e.g. zander.web.forms.feedback) |
zander.web.forms.* | Access responses for all forms |
Use slug-specific permissions to create focused form teams — your events team can have zander.web.forms.event-signup without seeing general enquiry responses.
Creator Content
| Permission | Description |
|---|---|
zander.watch.creator | Marks the user as a content creator — their Twitch/YouTube content appears on the Watch page |
Wildcard Behaviour
LuckPerms wildcard notation is fully supported across all Zander permission trees:
| Wildcard | Grants |
|---|---|
zander.discord.punish.* | All Discord punishment commands |
zander.forums.* | All forum moderation permissions |
zander.web.forms.* | Access to all form responses |
zander.web.tickets.* | Access to all support ticket categories |
zander.web.* | All web dashboard permissions |
zander.* | All Zander permissions (use with caution) |
Granting zander.* gives full access to all Zander features including punishment commands, event approval, and bridge execution. Only assign this to highly trusted accounts.