Commit 4a887805 authored by Jeremy Pallats's avatar Jeremy Pallats 💬
Browse files

FIX #111: Restricted command still replies to `!snipe -h`

- Check perms before even attempting full parse, snip just the name out
  of content.
parent d51a62b9
Loading
Loading
Loading
Loading
Loading
+10 −8
Original line number Diff line number Diff line
@@ -285,8 +285,14 @@ class CogBot(discord.Client):
        try:
            edit_time = message.edited_at
            content = re.sub(r'<[#@]\S+>', '', content).strip()  # Strip mentions from text

            with cogdb.session_scope(cogdb.Session) as session:
                # Check permissions before full parsing
                cmd = content[len(self.prefix):content.find(' ')]
                cogdb.query.check_perms(session, message, cmd)

                args = self.parser.parse_args(re.split(r'\s+', content))
            await self.dispatch_command(args=args, bot=self, msg=message)
                await self.dispatch_command(args=args, bot=self, msg=message, session=session)

        except cog.exc.ArgumentParseError as exc:
            log.exception("Failed to parse command. '%s' | %s", author.name, content)
@@ -361,11 +367,7 @@ class CogBot(discord.Client):
        try:
            await self.sched.wait_for(args.cmd, wait_cb)
            logging.getLogger(__name__).info('Command %s aquired lock.', msg.content)

            with cogdb.session_scope(cogdb.Session) as session:
                cogdb.query.check_perms(session, msg, args)
            cls = getattr(cog.actions, args.cmd)
                kwargs['session'] = session
            await cls(**kwargs).execute()
        finally:
            await self.sched.unwait_for(args.cmd)
+1 −2
Original line number Diff line number Diff line
@@ -793,14 +793,13 @@ def remove_role_perms(session, cmds, guild, roles):
    session.commit()


def check_perms(session, msg, args):
def check_perms(session, msg, cmd):
    """
    Check if a user is authorized to issue this command.
    Checks will be made against channel and user roles.

    Raises InvalidPerms if any permission issue.
    """
    cmd = cog.parse.CMD_MAP[args.cmd]
    check_channel_perms(session, cmd, msg.channel.guild, msg.channel)
    check_role_perms(session, cmd, msg.channel.guild, msg.author.roles)

+3 −3
Original line number Diff line number Diff line
@@ -457,17 +457,17 @@ def test_check_perms(session, f_cperms, f_rperms):
    msg.channel = ops_channel
    msg.channel.guild = server

    cogdb.query.check_perms(session, msg, mock.Mock(cmd='Drop'))  # Silent pass
    cogdb.query.check_perms(session, msg, 'drop')  # Silent pass

    with pytest.raises(cog.exc.InvalidPerms):
        msg.author.roles = [Role('Winters', id=3002)]
        cogdb.query.check_perms(session, msg, mock.Mock(cmd='Drop'))
        cogdb.query.check_perms(session, msg, 'drop')

    with pytest.raises(cog.exc.InvalidPerms):
        msg.author.roles = roles
        msg.channel.name = 'Not Operations'
        msg.channel.id = 9999
        cogdb.query.check_perms(session, msg, mock.Mock(cmd='Drop'))
        cogdb.query.check_perms(session, msg, 'drop')


def test_check_channel_perms(session, f_cperms):