Skip to content

Commit

Permalink
fix: ensure command permissions are tested before custom requirements
Browse files Browse the repository at this point in the history
  • Loading branch information
oddlama committed Sep 5, 2024
1 parent c637699 commit e778aad
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 7 deletions.
18 changes: 12 additions & 6 deletions vane-core/src/main/java/org/oddlama/vane/core/command/Command.java
Original file line number Diff line number Diff line change
Expand Up @@ -55,9 +55,11 @@ public Plugin getPlugin() {

@Override
public boolean execute(CommandSender sender, String alias, String[] args) {
System.out.println("exec " + alias + " from " + sender);
// Pre-check permission
if (!sender.hasPermission(Command.this.permission)) {
get_module().core.lang_command_permission_denied.send(sender);
System.out.println("no perms!");
return true;
}

Expand All @@ -76,7 +78,7 @@ public boolean execute(CommandSender sender, String alias, String[] args) {
@Override
public List<String> tabComplete(CommandSender sender, String alias, String[] args)
throws IllegalArgumentException {
// Don't allow information filtration!
// Don't allow information exfiltration!
if (!sender.hasPermission(getPermission())) {
return Collections.emptyList();
}
Expand Down Expand Up @@ -145,9 +147,9 @@ public Command(Context<T> context, PermissionDefault permission_default) {
bukkit_command.setLabel(name);
bukkit_command.setName(name);


aliases = getClass().getAnnotation(Aliases.class);
brigadier_command = Commands.literal(name).requires(stack -> stack.getSender().hasPermission(permission));
brigadier_command = Commands.literal(name);
if (aliases != null) {
bukkit_command.setAliases(List.of(aliases.value()));
}
Expand Down Expand Up @@ -178,7 +180,11 @@ public LiteralArgumentBuilder<CommandSourceStack> get_command_base() {
}

public LiteralCommandNode<CommandSourceStack> get_command() {
return get_command_base().build();
var cmd = get_command_base();
var old_requirement = cmd.getRequirement();
return cmd
.requires(stack -> stack.getSender().hasPermission(permission) && old_requirement.test(stack))
.build();
}

public List<String> get_aliases() {
Expand All @@ -187,7 +193,7 @@ public List<String> get_aliases() {
} else {
return Collections.emptyList();
}

}

@Override
Expand All @@ -214,5 +220,5 @@ public int print_help2(CommandContext<CommandSourceStack> ctx) {
public LiteralArgumentBuilder<CommandSourceStack> help(){
return literal("help").executes(ctx -> {print_help2(ctx); return SINGLE_SUCCESS;});
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ public class Setspawn extends Command<Trifles> {
public Setspawn(Context<Trifles> context) {
super(context);
}

@Override
public LiteralArgumentBuilder<CommandSourceStack> get_command_base() {
return super.get_command_base()
Expand Down

0 comments on commit e778aad

Please sign in to comment.