Improve argument based perm checks for the editor

This commit is contained in:
Luck 2020-05-30 01:54:18 +01:00
parent 6c88f7629e
commit c5c99abd16
No known key found for this signature in database
GPG Key ID: EFA9B3EC5FD90F8B
2 changed files with 19 additions and 2 deletions

View File

@ -36,6 +36,7 @@ import me.lucko.luckperms.common.command.access.ArgumentPermissions;
import me.lucko.luckperms.common.command.access.CommandPermission;
import me.lucko.luckperms.common.command.utils.MessageUtils;
import me.lucko.luckperms.common.command.utils.StorageAssistant;
import me.lucko.luckperms.common.context.contextset.ImmutableContextSetImpl;
import me.lucko.luckperms.common.locale.LocaleManager;
import me.lucko.luckperms.common.locale.command.CommandSpec;
import me.lucko.luckperms.common.locale.message.Message;
@ -169,7 +170,7 @@ public class ApplyEditsCommand extends SingleCommand {
}
}
if (ArgumentPermissions.checkModifyPerms(plugin, sender, getPermission().get(), holder)) {
if (ArgumentPermissions.checkModifyPerms(plugin, sender, getPermission().get(), holder) || ArgumentPermissions.checkGroup(plugin, sender, holder, ImmutableContextSetImpl.EMPTY)) {
Message.COMMAND_NO_PERMISSION.send(sender);
return false;
}
@ -223,6 +224,11 @@ public class ApplyEditsCommand extends SingleCommand {
track = plugin.getStorage().createAndLoadTrack(id, CreationCause.WEB_EDITOR).join();
}
if (ArgumentPermissions.checkModifyPerms(plugin, sender, getPermission().get(), track)) {
Message.COMMAND_NO_PERMISSION.send(sender);
return false;
}
List<String> before = track.getGroups();
List<String> after = new ArrayList<>();
data.getAsJsonArray("groups").forEach(e -> after.add(e.getAsString()));
@ -279,6 +285,11 @@ public class ApplyEditsCommand extends SingleCommand {
return false;
}
if (ArgumentPermissions.checkModifyPerms(plugin, sender, getPermission().get(), group) || ArgumentPermissions.checkGroup(plugin, sender, group, ImmutableContextSetImpl.EMPTY)) {
Message.COMMAND_NO_PERMISSION.send(sender);
return false;
}
try {
plugin.getStorage().deleteGroup(group, DeletionCause.COMMAND).get();
} catch (Exception e) {
@ -304,6 +315,11 @@ public class ApplyEditsCommand extends SingleCommand {
return false;
}
if (ArgumentPermissions.checkModifyPerms(plugin, sender, getPermission().get(), track)) {
Message.COMMAND_NO_PERMISSION.send(sender);
return false;
}
try {
plugin.getStorage().deleteTrack(track, DeletionCause.COMMAND).get();
} catch (Exception e) {

View File

@ -32,6 +32,7 @@ import me.lucko.luckperms.common.command.abstraction.SingleCommand;
import me.lucko.luckperms.common.command.access.ArgumentPermissions;
import me.lucko.luckperms.common.command.access.CommandPermission;
import me.lucko.luckperms.common.command.utils.ArgumentParser;
import me.lucko.luckperms.common.context.contextset.ImmutableContextSetImpl;
import me.lucko.luckperms.common.locale.LocaleManager;
import me.lucko.luckperms.common.locale.command.CommandSpec;
import me.lucko.luckperms.common.locale.message.Message;
@ -150,7 +151,7 @@ public class EditorCommand extends SingleCommand {
}
// remove holders which the sender doesn't have perms to view
holders.removeIf(holder -> ArgumentPermissions.checkViewPerms(plugin, sender, getPermission().get(), holder));
holders.removeIf(holder -> ArgumentPermissions.checkViewPerms(plugin, sender, getPermission().get(), holder) || ArgumentPermissions.checkGroup(plugin, sender, holder, ImmutableContextSetImpl.EMPTY));
tracks.removeIf(track -> ArgumentPermissions.checkViewPerms(plugin, sender, getPermission().get(), track));
// they don't have perms to view any of them