Toutsu/GmRelayBot
1
1
Fork 0
Code Issues 19 Pull Requests 1 Actions Packages Projects Releases 88 Wiki Activity

fix(discord): resolve permission checking for /newsession command

Browse Source 
- DiscordPermissionChecker: removed dead-code userRoles overload;
  now only uses resolvedPermissions bitflag (Administrator = 0x8).
- DiscordNewSessionCommand: computes resolved permissions from guild
  user roles via Context.Guild.Users[Id].RoleIds + guild.Roles.
- DiscordNewSessionHandler: updated signature to accept ulong
  resolvedPermissions instead of unused userRoles.
- Added ILogger to command for diagnostics on unexpected errors.
- Added test: regular user with ManageServer (but not Admin) is rejected.

Refs issue #28

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Toutsu
2026-05-19 12:30:25 +03:00
parent 474e7f62f7
commit daa59335cc
6 changed files with 1179 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/GmRelay.DiscordBot/Features/Sessions/DiscordNewSessionHandler.cs
+2 -2
View File
@@ -51,7 +51,7 @@ public sealed class DiscordNewSessionHandler(
string channelId,
ulong userId,
string userDisplayName,
IEnumerable<ulong> userRoles,
ulong resolvedPermissions,
ulong guildOwnerId,
string title,
DateTimeOffset scheduledAt,
@@ -69,7 +69,7 @@ public sealed class DiscordNewSessionHandler(
WHERE g.platform = 'Discord' AND g.external_group_id = @GuildId",
new { GuildId = guildId });
if (!permissionChecker.CanManageSchedule(guildOwnerId, userId, userRoles, dbManagerUserIds))
if (!permissionChecker.CanManageSchedule(guildOwnerId, userId, dbManagerUserIds, resolvedPermissions))
{
throw new UnauthorizedAccessException("⛔ Только owner, администратор или manager могут создавать сессии.");
}