You may be right about it requiring some engine changes. I really haven't done my homework enough to know that yet. If it does, I still think the changes would be much smaller than they would to fully integrate campaign mode into the engine, so I think my way is a safer bet from a stability/bugs standpoint.
I wouldn't know whether the changes would be smaller or not as I'm unaware of other aproaches being discussed (on the MG thread, Titi already said implementing anything beyond scenario1_completed=>unlock_scenario2 would not be contemplated any time soon; I'm unaware of another discussion on this subject on this GAE board).
But I think what hailstone is talking aoubt is: even if GAE's code allows your python script to hook into it... one thing is to grant that access to your script, a completelly diferent one is for your script to lend its grant to whomever can copy-paste a LUA line.
I don't really understand what you mean. Are you saying you're concerned with people writing malicious scripts and executing them from GAE? If so, I think people writing malware have much better resources at their disposal. If you mean that they could somehow "crack in" to GAE, then um... ?
First and foremost I was trying to interpret hailstone's comment, an atempt which I may have been succesful in or not, hailstone is the only one who can clarify that.
My view: Am I correct in assuming you're a Windows user?
Linux aproach to security is far tighter and far simpler than Windows (which IMO simply has no pro-active aproach on security, it just tries to mend the holes
). On (at least old school) Linux, you don't have an application (e.g. a firewall) trying to watch over every other application running on the system, usually by allowing only firewall-knowledge-based so called "safe applications" to realize "safe actions" or by relying on the user's decision to allow it or not (being that in 99% of the cases, the user doesn't really have a clue).
So, hipothetically... now... on your Windows you have a "safe application" allowed to do something which is actually unsafe but it must be done eventually (everything on a computer system must be allowed to be done sometime, otherwise there's no point in having it on the system anyways, is there?) and that particular application is meant to perform that unsafe action so, for that app, it's a "safe action". Now... the application was developped to perform that action but, for some reason, its developpers decided to read when and how to do it from an unencrypted plain-text file... Wonderful... you don't even need access to the application itself to completelly messup your computer, just to the text file... (considering most Windows single-user machines run their user sessions as administrators... it's all wide-open
).
The old school linux aproach is to make each application responsible for nto doing/allowing such silly mistakes. It's a different culture and the popularisation of Linux may actually break it. Look at the Slackware linux distro for one that (I think) follows this kind of old school and only includes this kind of really safe applications. Debian (on which e.g. the popular Ubuntu is based) Stable flavour might be an almost as safe and more user-friendly distro alternative.
On my Ubuntu, most updates I get are security updates directly from "upstream" Debian.
Some of these refer to stuff such as "memory leak leading to possible root privlege escalation", vaguelly meaning something as elusive as your bad allocation of RAM for your app might lead to a malicious person to gain
ownership access to your machine.
Some video cards out there (to which Glest will have (almost) full access might get get phisically damaged from issuing an unfriendly (from that card's "perspective") command.
So... in this example... between your script and the card, you've got Glest. For glest, between itself and the card it has OpenGL or DirectX. Between these and the actual card, there's the card driver. Linux aproach is to NOT solelly relly on the driver's, nor the 3D access layer's, nor Glest's nor your python script's safe practices but to expect each and every one of them implements them thouroughly.
Preferably, the end-user should be educated to not break that either.
That's why Linux is (more) secure and Windows apps claiming to keep your PC safe are nothing but frauds.
Maybe I didn't explain myself all that well.
I think most of what you explained was beuatifully done so, hence I'll just quote and post my concerning doubts:
What the runtime script does (hypothetically) is watch the Glest/GAE application and when it makes a function call for something like winning or losing the scenario, a player getting defeated, etc.,
How does the runtime script do that? Through the said hooks? Is that possible with current Glest's? Have you tryed it yet?
it would write these things to a text file. For the unlocking mechanism, maybe the scenarios could be stored in a format that Glest/GAE can't run (like *.txt), and then to unlock the scenario, the script reads the file and copies the contents to a new GAE-readable scenario file (*.xml, I think?), optionally with parameters determined by the previous scenario.
I have nothing to object to this. Honestly. I just wanted to say it sounds great. I'll quit it now and really only post my doubts.
The lobby now launches the game client and tells it to run stairway_to_utah.xml.
How? I am unaware of any command-line arguments (parameters passed to Glest on invocation) but my unawareness of this by no means mean there aren't such parameters.
It also launches the runtime script.
I assume the "runtime script" is the one watching the Glest/GAE application, right? Again... how? Did you test this?
As Player battles against his vicious foes, the runtime script takes notes of what happens and writes values to predefined variables in a text file.
"What happens" and what "notes to take" being controlled by the earlier mentioned python hooks, right? Again, have you tested this yet? Can it actually be done with either of the current engines?
Hope that helped.