Upstream/Plan
1
0
Fork 0
mirror of https://github.com/plan-player-analytics/Plan.git synced 2024-10-22 12:30:08 +02:00
Code Issues Projects Releases Wiki Activity

Check permissions when performing tab completion

Browse Source 
- Fixes advisory GHSA-cchm-2r9h-xvhv
This commit is contained in:
Aurora Lahtela 2024-05-23 21:08:44 +03:00
parent 365ea2d333
commit ad98e28e4c
1 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Plan/common/src/main/java/com/djrapitops/plan/commands/PlanCommand.java
View File

@ -140,13 +140,21 @@ public class PlanCommand {
}
public List<String> serverNames(CMDSender sender, @Untrusted Arguments arguments) {
@Untrusted String asString = arguments.concatenate(" ");
return tabCompleteCache.getMatchingServerIdentifiers(asString);
if (sender.hasPermission(Permissions.SERVER)) {
@Untrusted String asString = arguments.concatenate(" ");
return tabCompleteCache.getMatchingServerIdentifiers(asString);
}
return List.of();
}
private List<String> playerNames(CMDSender sender, @Untrusted Arguments arguments) {
@Untrusted String asString = arguments.concatenate(" ");
return tabCompleteCache.getMatchingPlayerIdentifiers(asString);
if (sender.hasPermission(Permissions.PLAYER_OTHER)) {
@Untrusted String asString = arguments.concatenate(" ");
return tabCompleteCache.getMatchingPlayerIdentifiers(asString);
} else if (sender.hasPermission(Permissions.PLAYER_SELF)) {
return sender.getPlayerName().map(List::of).orElse(List.of());
}
return List.of();
}
private Subcommand serverCommand() {
@ -403,6 +411,9 @@ public class PlanCommand {
}
private List<String> getBackupFilenames(CMDSender sender, @Untrusted Arguments arguments) {
if (!sender.hasPermission(Permissions.DATA_RESTORE)) {
return List.of();
}
if (arguments.get(1).isPresent()) {
return DBType.names();
}
@ -531,6 +542,9 @@ public class PlanCommand {
}
private List<String> webGroupTabComplete(CMDSender sender, @Untrusted Arguments arguments) {
if (!sender.hasPermission(Permissions.SET_GROUP)) {
return List.of();
}
Optional<String> groupArgument = arguments.get(1);
if (groupArgument.isPresent()) {
return tabCompleteCache.getMatchingWebGroupNames(groupArgument.get());