- properly handle permissions for user commands

- add central permission group constant
2025-06-19 19:37:02 -04:00 · 2024-12-08 14:49:57 +01:00 · 2024-12-08 14:49:57 +01:00 · d2aeecf70d
commit d2aeecf70d
parent dcb823a0a1
100 changed files with 245 additions and 942 deletions
--- a/labscore/constants.js
+++ b/labscore/constants.js
@ -1,3 +1,5 @@
+const { Permissions } = require("detritus-client/lib/constants")
+
 module.exports.DISCORD_INVITES = Object.freeze({
  support: "https://discord.gg/8c4p6xcjru",
  privacy: "https://discord.gg/sQs8FhcTGh",
@ -38,6 +40,22 @@ module.exports.COLORS = Object.freeze({
  incognito: 10057726,
 })

+// Permission requirements that apply to commands
+module.exports.PERMISSION_GROUPS = Object.freeze({
+  // Baseline permission set for regular commands
+  baseline: [Permissions.SEND_MESSAGES, Permissions.VIEW_CHANNEL, Permissions.USE_EXTERNAL_EMOJIS, Permissions.EMBED_LINKS, Permissions.READ_MESSAGE_HISTORY],
+  // Baseline permission set for slash commands
+  baseline_slash: [
+    Permissions.SEND_MESSAGES, Permissions.EMBED_LINKS,
+    // Related to using user commands
+    Permissions.USE_APPLICATION_COMMANDS,
+    1n << 50n // Use external apps
+  ],
+
+  // Permissions for all commands that use attachments
+  attachments: [Permissions.ATTACH_FILES],
+})
+
 module.exports.BADGE_ICONS = Object.freeze({
  "active_developer": "<:b:1263607989873414196>",
  "bot_developer": "<:b:1263605652337463489>",
@ -1589,6 +1607,12 @@ module.exports.YOUTUBE_CATEGORIES = {

 // Special character that allows for fully hidden masked links on all (supported) platforms.
 module.exports.HIDDEN_MASKED_LINK_CHARACTER = "󠄴";
+
+// Allows force-displaying an incognito reason
+module.exports.INCOGNITO_REASONS = Object.freeze({
+  permissions: 50013
+})
+
 /**
 * These will force the command to become "incognito".
 */
@ -1601,7 +1625,7 @@ module.exports.MESSAGE_BLOCK_REASONS = Object.freeze({
    message: "the server's AutoMod setup",
    support_article: 4421269296535
  },
-  // TODO: Handle permissions properly, this works as a "hack" for now.
+  // TODO: Handle permissions properly, this works as a "hack" for now.e
  50013: {
    message: "the channel's permission setup",
    support_article: 10543994968087
--- a/labscore/utils/interactions.js
+++ b/labscore/utils/interactions.js
@ -1,18 +1,31 @@
 const { MessageFlags, InteractionCallbackTypes } = require("detritus-client/lib/constants")

 const { Context } = require("detritus-client/lib/command")
-const { InteractionContext } = require("detritus-client/lib/interaction")
+const { InteractionContext } = require("detritus-client/lib/interaction");
+const { PERMISSION_GROUPS, INCOGNITO_REASONS } = require("#constants");

 /**
 * Acknowledges a command or interaction.
 * @param { InteractionContext|Context } context Command/interaction context
 * @param { boolean } incognito Specifies if the interaction should run privately (only applicable for interactions)
+ * @param { Array } permissions Array of permissions that are required to execute this command
 */
-module.exports.acknowledge = async function(context, incognito = false){
+module.exports.acknowledge = async function(context, incognito = false, permissions = [...PERMISSION_GROUPS.baseline_slash]){
  // Interaction flow
  if(context.editOrRespond){
+    if(!context._meta) context._meta = {};
+
+    // Handle permissions for user commands in a guild context
+    if(context.member && permissions.length >= 1){
+      for(const p of permissions){
+        if(!context.member.can(p)){
+          incognito = true;
+          context._meta.incognitoReason = INCOGNITO_REASONS.permissions;
+        }
+      }
+    }
+
    if(incognito){
-      if(!context._meta) context._meta = {};
      context._meta.isIncognito = true;
      return await context.respond({data: { flags: MessageFlags.EPHEMERAL }, type: InteractionCallbackTypes.DEFERRED_CHANNEL_MESSAGE_WITH_SOURCE});
    }
--- a/labscore/utils/message.js
+++ b/labscore/utils/message.js
@ -32,6 +32,21 @@ module.exports.editOrReply = function(context, message, disableReference = false
      });
    }
  
+    if(context._meta?.incognitoReason){
+      // TODO: make this an applyIncognitoNotice helper
+      if(message.content){
+        if(message.embeds && message.embeds.length <= 4){
+          message.embeds.unshift({
+            description: `${icon("flask_incognito")}     This response has been made incognito due to ${MESSAGE_BLOCK_REASONS[context._meta.incognitoReason].message}.`,
+            color: COLORS.incognito
+          })
+        }
+      } else {
+        // Uses new subtext formatting to look more "native"
+        message.content = `-# ${icon("flask_mini")} This response has been made incognito due to ${MESSAGE_BLOCK_REASONS[context._meta.incognitoReason].message} • ${link("https://support.discord.com/hc/en-us/articles/" + MESSAGE_BLOCK_REASONS[context._meta.incognitoReason].support_article, "Learn More", "Support Article")}`
+      }
+    }
+
    return context.editOrRespond(message).catch(async (e)=>{
      const errorData = await e.response.json();
      if(MESSAGE_BLOCK_REASONS[errorData.code]){