Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 Permission overrides do not work properly if you have one role override #295

Open
MarcusOtter opened this issue Sep 4, 2022 · 5 comments
Open

🐛 Permission overrides do not work properly if you have one role override #295

MarcusOtter opened this issue Sep 4, 2022 · 5 comments
Labels
confirmed bug 🦋 Something isn't working

Comments

@MarcusOtter
Copy link
Owner

Describe the bug

Basically, in this case Needle says "You do not have permission to perform this action" to thread authors (people that started the thread).

image

For some reason Needle assumes that it should not use default permissions in this case, or something. It doesn't realize that the user is unaffected by the overrides.

Steps to reproduce the bug

  1. Add one role override to all Needle commands set to "Allow" (green check mark). See image above.
  2. Edit a title of a thread as a thread author (without admin perms). You should also not have any roles.
  3. See "You do not have permission to perform this action"

Expected behavior

An unrelated override should not affect the permission calculation for the user. They should be allowed to rename the thread.
@MarcusOtter MarcusOtter added the confirmed bug 🦋 Something isn't working label Sep 4, 2022
@MarcusOtter
Copy link
Owner Author

Massive thanks to @Aelweak for reporting this bug with great detail 🏆

@Madis0
Copy link

Madis0 commented Sep 5, 2022
edited
Loading

Can confirm, an user reported not being able to use /title but able to use the button.
Edit: actually the opposite

@MarcusOtter
Copy link
Owner Author

That actually sounds like it could be a different problem @Madis0 as the /title command check does not do any special permission checks on Needle's side, but the button does (and the problem in this case is with the button, I think). Users that can send the command should be able to press the button. Users that can not send the command should not be able to press the button. Did you have the same setup as this issue with the permission overrides, and did it go away after you removed the role override? If not, could you open a separate issue?

@Madis0 Madis0 mentioned this issue Sep 5, 2022
Open
@cdtinney
Copy link

cdtinney commented Jun 1, 2023

Hey - we have this issue with the bot in our server.

Users creating threads do not have Manage Threads permissions and are unable to rename the title of the thread.

They cannot either:

  • Click the "Edit Title" button
  • Use /title

Either actions results in "You do not have permission to perform this action".

I would expect the bot to allow this for the thread author since Discord itself has the same behaviour (allowing thread authors to change titles of their own threads but not others' threads).

@MarcusOtter
Copy link
Owner Author

@cdtinney Yes, Needle allows for this behaviour as long as you do not change the permission overrides, as that is the default behavior. If you add permission overrides it will stop working. Any reason you need to override permissions?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
confirmed bug 🦋 Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cdtinney @Madis0 @MarcusOtter