The bot access system should be changed to have 'default' access for non-identified users. This would be used for things like getting and setting infobot phrases. From there, it should be possible to remove these permissions from certain users, so that a user would be able to retrieve infobot phrases but not create or change them.
However, the access system as currently written can't support this, since it relies on a combination of nick and password to identify a user. One option is to make this keyed to a nick/user + hostmask and add an 'identify' or 'login' command to make the bot recognize users whose nick/hostmask has changed. A 'link' command should also be added to permanently add the new nick/hostmask combination.
Administrative actions should still require a password (or perhaps a recent (within 5 minutes?) login). A new administrative permission should be added so that authorized users can add new user accounts for other users and set up the password/hostmask as needed.
The bot access system should be changed to have 'default' access for non-identified users. This would be used for things like getting and setting infobot phrases. From there, it should be possible to remove these permissions from certain users, so that a user would be able to retrieve infobot phrases but not create or change them.
However, the access system as currently written can't support this, since it relies on a combination of nick and password to identify a user. One option is to make this keyed to a nick/user + hostmask and add an 'identify' or 'login' command to make the bot recognize users whose nick/hostmask has changed. A 'link' command should also be added to permanently add the new nick/hostmask combination.
Administrative actions should still require a password (or perhaps a recent (within 5 minutes?) login). A new administrative permission should be added so that authorized users can add new user accounts for other users and set up the password/hostmask as needed.