From 9bf6e1abc179123445a28cfc987df486afe7b417 Mon Sep 17 00:00:00 2001 From: Phoenix616 Date: Tue, 17 Nov 2020 19:52:12 +0100 Subject: [PATCH] Check permission for shop name again after querying it This protects people that use valid player names as admin shop names from people with the same username as well as other cases where the API is used to manage access to shops with certain special names. --- .../Listeners/PreShopCreation/PermissionChecker.java | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/main/java/com/Acrobot/ChestShop/Listeners/PreShopCreation/PermissionChecker.java b/src/main/java/com/Acrobot/ChestShop/Listeners/PreShopCreation/PermissionChecker.java index 295109d..87d703a 100644 --- a/src/main/java/com/Acrobot/ChestShop/Listeners/PreShopCreation/PermissionChecker.java +++ b/src/main/java/com/Acrobot/ChestShop/Listeners/PreShopCreation/PermissionChecker.java @@ -4,6 +4,7 @@ import com.Acrobot.Breeze.Utils.PriceUtil; import com.Acrobot.ChestShop.Events.ItemParseEvent; import com.Acrobot.ChestShop.Events.PreShopCreationEvent; import com.Acrobot.ChestShop.Permission; +import com.Acrobot.ChestShop.UUIDs.NameManager; import org.bukkit.Bukkit; import org.bukkit.entity.Player; import org.bukkit.event.EventHandler; @@ -15,6 +16,7 @@ import java.util.Locale; import static com.Acrobot.ChestShop.Events.PreShopCreationEvent.CreationOutcome.NO_PERMISSION; import static com.Acrobot.ChestShop.Permission.*; import static com.Acrobot.ChestShop.Signs.ChestShopSign.ITEM_LINE; +import static com.Acrobot.ChestShop.Signs.ChestShopSign.NAME_LINE; import static com.Acrobot.ChestShop.Signs.ChestShopSign.PRICE_LINE; import static org.bukkit.event.EventPriority.HIGH; @@ -27,6 +29,13 @@ public class PermissionChecker implements Listener { public static void onPreShopCreation(PreShopCreationEvent event) { Player player = event.getPlayer(); + if (event.getOwnerAccount() != null + && !NameManager.canUseName(player, OTHER_NAME_CREATE, event.getOwnerAccount().getShortName())) { + event.setSignLine(NAME_LINE, ""); + event.setOutcome(NO_PERMISSION); + return; + } + String priceLine = event.getSignLine(PRICE_LINE); String itemLine = event.getSignLine(ITEM_LINE);