liz/PluralKit
liz/PluralKit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Hide channels from pk;permcheck if user does not have view permissions

Browse Source
This commit is contained in:
Ske 2020-04-28 22:06:48 +02:00
parent 5386f24b69
commit 8cfb1b01ab
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
PluralKit.Bot/Commands/Misc.cs
View File

@ -125,15 +125,25 @@ namespace PluralKit.Bot {
// Loop through every channel and group them by sets of permissions missing // Loop through every channel and group them by sets of permissions missing
var permissionsMissing = new Dictionary<ulong, List<ITextChannel>>(); var permissionsMissing = new Dictionary<ulong, List<ITextChannel>>();
var hiddenChannels = 0;
foreach (var channel in await guild.GetTextChannelsAsync()) foreach (var channel in await guild.GetTextChannelsAsync())
{ {
// TODO: do we need to hide channels here to prevent info-leaking? var botPermissions = channel.PermissionsIn();
var perms = channel.PermissionsIn(); var userGuildPermissions = ((IGuildUser) ctx.Author).GuildPermissions;
var userPermissions = ((IGuildUser) ctx.Author).GetPermissions(channel);
if (!userPermissions.ViewChannel && !userGuildPermissions.Administrator)
{
// If the user can't see this channel, don't calculate permissions for it
// (to prevent info-leaking, mostly)
// Instead, count how many hidden channels and show the user (so they don't get confused)
hiddenChannels++;
continue;
}
// We use a bitfield so we can set individual permission bits in the loop // We use a bitfield so we can set individual permission bits in the loop
ulong missingPermissionField = 0; ulong missingPermissionField = 0;
foreach (var requiredPermission in requiredPermissions) foreach (var requiredPermission in requiredPermissions)
if (!perms.Has(requiredPermission)) if (!botPermissions.Has(requiredPermission))
missingPermissionField |= (ulong) requiredPermission; missingPermissionField |= (ulong) requiredPermission;
// If we're not missing any permissions, don't bother adding it to the dict // If we're not missing any permissions, don't bother adding it to the dict
@ -171,6 +181,9 @@ namespace PluralKit.Bot {
} }
} }
if (hiddenChannels > 0)
eb.WithFooter($"{"channel".ToQuantity(hiddenChannels)} were ignored as you do not have view access to them.");
// Send! :) // Send! :)
await ctx.Reply(embed: eb.Build()); await ctx.Reply(embed: eb.Build());
} }