From 607a518cb824fb710a6891dfed5dc0963d0a2b44 Mon Sep 17 00:00:00 2001
From: Ske <voltasalt@gmail.com>
Date: Tue, 28 Apr 2020 22:56:43 +0200
Subject: [PATCH] Fix permchecking other guilds than the one you're in

---
 PluralKit.Bot/Commands/Misc.cs | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/PluralKit.Bot/Commands/Misc.cs b/PluralKit.Bot/Commands/Misc.cs
index 4feb7869..33fbc8e8 100644
--- a/PluralKit.Bot/Commands/Misc.cs
+++ b/PluralKit.Bot/Commands/Misc.cs
@@ -112,6 +112,11 @@ namespace PluralKit.Bot {
                     throw Errors.GuildNotFound(guildId);
             }
 
+            // Ensure people can't query guilds they're not in + get their own permissions (for view access checking)
+            var senderGuildUser = await guild.GetUserAsync(ctx.Author.Id);
+            if (senderGuildUser == null)
+                throw new PKError("You must be a member of the guild you are querying.");
+            
             var requiredPermissions = new []
             {
                 ChannelPermission.ViewChannel,
@@ -129,8 +134,9 @@ namespace PluralKit.Bot {
             foreach (var channel in await guild.GetTextChannelsAsync())
             {
                 var botPermissions = channel.PermissionsIn();
-                var userGuildPermissions = ((IGuildUser) ctx.Author).GuildPermissions;
-                var userPermissions = ((IGuildUser) ctx.Author).GetPermissions(channel);
+                
+                var userGuildPermissions = senderGuildUser.GuildPermissions;
+                var userPermissions = senderGuildUser.GetPermissions(channel);
                 if (!userPermissions.ViewChannel && !userGuildPermissions.Administrator)
                 {
                     // If the user can't see this channel, don't calculate permissions for it