liz/PluralKit
liz/PluralKit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix permchecking other guilds than the one you're in

Browse Source
This commit is contained in:
Ske 2020-04-28 22:56:43 +02:00
parent 1ef798e399
commit 607a518cb8
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
PluralKit.Bot/Commands/Misc.cs
View File

@ -112,6 +112,11 @@ namespace PluralKit.Bot {
throw Errors.GuildNotFound(guildId); throw Errors.GuildNotFound(guildId);
} }
// Ensure people can't query guilds they're not in + get their own permissions (for view access checking)
var senderGuildUser = await guild.GetUserAsync(ctx.Author.Id);
if (senderGuildUser == null)
throw new PKError("You must be a member of the guild you are querying.");
var requiredPermissions = new [] var requiredPermissions = new []
{ {
ChannelPermission.ViewChannel, ChannelPermission.ViewChannel,
@ -129,8 +134,9 @@ namespace PluralKit.Bot {
foreach (var channel in await guild.GetTextChannelsAsync()) foreach (var channel in await guild.GetTextChannelsAsync())
{ {
var botPermissions = channel.PermissionsIn(); var botPermissions = channel.PermissionsIn();
var userGuildPermissions = ((IGuildUser) ctx.Author).GuildPermissions;
var userPermissions = ((IGuildUser) ctx.Author).GetPermissions(channel); var userGuildPermissions = senderGuildUser.GuildPermissions;
var userPermissions = senderGuildUser.GetPermissions(channel);
if (!userPermissions.ViewChannel && !userGuildPermissions.Administrator) if (!userPermissions.ViewChannel && !userGuildPermissions.Administrator)
{ {
// If the user can't see this channel, don't calculate permissions for it // If the user can't see this channel, don't calculate permissions for it