From cbb7d478a7a40f7d4687d83378a58f7e152ce6ae Mon Sep 17 00:00:00 2001 From: Svenja Reissaus Date: Thu, 2 Aug 2018 11:13:16 -0300 Subject: [PATCH] Fixed re invite spam to already invited member and enhanced kick permission check --- .../massivecraft/factions/cmd/CmdInvite.java | 13 +++++++--- .../massivecraft/factions/cmd/CmdKick.java | 25 ++++++------------- .../massivecraft/factions/zcore/util/TL.java | 1 + 3 files changed, 18 insertions(+), 21 deletions(-) diff --git a/src/main/java/com/massivecraft/factions/cmd/CmdInvite.java b/src/main/java/com/massivecraft/factions/cmd/CmdInvite.java index c024671d..a8adc2da 100644 --- a/src/main/java/com/massivecraft/factions/cmd/CmdInvite.java +++ b/src/main/java/com/massivecraft/factions/cmd/CmdInvite.java @@ -48,12 +48,17 @@ public class CmdInvite extends FCommand { return; } - Access access = myFaction.getAccess(fme, PermissableAction.INVITE); - if (access == Access.DENY || (access == Access.UNDEFINED && !assertMinRole(Role.MODERATOR))) { - fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "invite"); + if (!fme.isAdminBypassing()) { + Access access = myFaction.getAccess(fme, PermissableAction.INVITE); + if (access == Access.DENY || (access == Access.UNDEFINED && !assertMinRole(Role.MODERATOR))) { + fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "invite"); + return; + } + } + if (myFaction.isInvited(target)) { + fme.msg(TL.COMMAND_INVITE_ALREADYINVITED, target.getName()); return; } - if (myFaction.isBanned(target)) { fme.msg(TL.COMMAND_INVITE_BANNED, target.getName()); return; diff --git a/src/main/java/com/massivecraft/factions/cmd/CmdKick.java b/src/main/java/com/massivecraft/factions/cmd/CmdKick.java index 3d012d1f..13934a30 100644 --- a/src/main/java/com/massivecraft/factions/cmd/CmdKick.java +++ b/src/main/java/com/massivecraft/factions/cmd/CmdKick.java @@ -73,40 +73,31 @@ public class CmdKick extends FCommand { return; } - // players with admin-level "disband" permission can bypass these requirements - if (!Permission.KICK_ANY.has(sender)) { - + // This permission check has been cleaned to be more understandable and logical + // Unless is admin, + // - Check for the kick permission. + // - Make sure the player is in the faction. + // - Make sure the kicked player has lower rank than the kicker. + if (!fme.isAdminBypassing()) { Access access = myFaction.getAccess(fme, PermissableAction.KICK); - if (access == Access.DENY || (access == Access.UNDEFINED && !assertMinRole(Role.MODERATOR))) { + if (access != Access.ALLOW && fme.getRole() != Role.ADMIN) { fme.msg(TL.GENERIC_NOPERMISSION, "kick"); return; } - if (toKickFaction != myFaction) { msg(TL.COMMAND_KICK_NOTMEMBER, toKick.describeTo(fme, true), myFaction.describeTo(fme)); return; } - - // Check for Access before we check for Role. - if (access != Access.ALLOW && toKick.getRole().value >= fme.getRole().value) { + if (toKick.getRole().value >= fme.getRole().value) { msg(TL.COMMAND_KICK_INSUFFICIENTRANK); return; } - if (!Conf.canLeaveWithNegativePower && toKick.getPower() < 0) { msg(TL.COMMAND_KICK_NEGATIVEPOWER); return; } } - Access access = myFaction.getAccess(fme, PermissableAction.KICK); - // This statement allows us to check if they've specifically denied it, or default to - // the old setting of allowing moderators to kick - if (access == Access.DENY || (access == Access.UNDEFINED && !assertMinRole(Role.MODERATOR))) { - fme.msg(TL.GENERIC_NOPERMISSION, "kick"); - return; - } - // if economy is enabled, they're not on the bypass list, and this command has a cost set, make sure they can pay if (!canAffordCommand(Conf.econCostKick, TL.COMMAND_KICK_TOKICK.toString())) { return; diff --git a/src/main/java/com/massivecraft/factions/zcore/util/TL.java b/src/main/java/com/massivecraft/factions/zcore/util/TL.java index 23fbab06..2af73b40 100644 --- a/src/main/java/com/massivecraft/factions/zcore/util/TL.java +++ b/src/main/java/com/massivecraft/factions/zcore/util/TL.java @@ -329,6 +329,7 @@ public enum TL { COMMAND_INVITE_INVITEDYOU("&chas invited you to join "), COMMAND_INVITE_INVITED("&c&l[!]&7 &c%1$s&7 invited &c%2$s&7 to your faction."), COMMAND_INVITE_ALREADYMEMBER("&c&l[!]&7 &c%1$s&7 is already a member of&c %2$s"), + COMMAND_INVITE_ALREADYINVITED("&c&l[!]&7 &c%1$s&7 has already been invited"), COMMAND_INVITE_DESCRIPTION("Invite a player to your faction"), COMMAND_INVITE_BANNED("&c&l[!]&7 &7%1$s &cis banned &7from your Faction. &cNot &7sending an invite."),