From cbb7d478a7a40f7d4687d83378a58f7e152ce6ae Mon Sep 17 00:00:00 2001
From: Svenja Reissaus <svenjareissaus@itproaser.com>
Date: Thu, 2 Aug 2018 11:13:16 -0300
Subject: [PATCH] Fixed re invite spam to already invited member and enhanced
 kick permission check

---
 .../massivecraft/factions/cmd/CmdInvite.java  | 13 +++++++---
 .../massivecraft/factions/cmd/CmdKick.java    | 25 ++++++-------------
 .../massivecraft/factions/zcore/util/TL.java  |  1 +
 3 files changed, 18 insertions(+), 21 deletions(-)

diff --git a/src/main/java/com/massivecraft/factions/cmd/CmdInvite.java b/src/main/java/com/massivecraft/factions/cmd/CmdInvite.java
index c024671d..a8adc2da 100644
--- a/src/main/java/com/massivecraft/factions/cmd/CmdInvite.java
+++ b/src/main/java/com/massivecraft/factions/cmd/CmdInvite.java
@@ -48,12 +48,17 @@ public class CmdInvite extends FCommand {
             return;
         }
 
-        Access access = myFaction.getAccess(fme, PermissableAction.INVITE);
-        if (access == Access.DENY || (access == Access.UNDEFINED && !assertMinRole(Role.MODERATOR))) {
-            fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "invite");
+        if (!fme.isAdminBypassing()) {
+            Access access = myFaction.getAccess(fme, PermissableAction.INVITE);
+            if (access == Access.DENY || (access == Access.UNDEFINED && !assertMinRole(Role.MODERATOR))) {
+                fme.msg(TL.GENERIC_FPERM_NOPERMISSION, "invite");
+                return;
+            }
+        }
+        if (myFaction.isInvited(target)) {
+            fme.msg(TL.COMMAND_INVITE_ALREADYINVITED, target.getName());
             return;
         }
-
         if (myFaction.isBanned(target)) {
             fme.msg(TL.COMMAND_INVITE_BANNED, target.getName());
             return;
diff --git a/src/main/java/com/massivecraft/factions/cmd/CmdKick.java b/src/main/java/com/massivecraft/factions/cmd/CmdKick.java
index 3d012d1f..13934a30 100644
--- a/src/main/java/com/massivecraft/factions/cmd/CmdKick.java
+++ b/src/main/java/com/massivecraft/factions/cmd/CmdKick.java
@@ -73,40 +73,31 @@ public class CmdKick extends FCommand {
             return;
         }
 
-        // players with admin-level "disband" permission can bypass these requirements
-        if (!Permission.KICK_ANY.has(sender)) {
-
+        // This permission check has been cleaned to be more understandable and logical
+        // Unless is admin, 
+        // - Check for the kick permission.
+        // - Make sure the player is in the faction.
+        // - Make sure the kicked player has lower rank than the kicker.
+        if (!fme.isAdminBypassing()) {
             Access access = myFaction.getAccess(fme, PermissableAction.KICK);
-            if (access == Access.DENY || (access == Access.UNDEFINED && !assertMinRole(Role.MODERATOR))) {
+            if (access != Access.ALLOW && fme.getRole() != Role.ADMIN) {
                 fme.msg(TL.GENERIC_NOPERMISSION, "kick");
                 return;
             }
-
             if (toKickFaction != myFaction) {
                 msg(TL.COMMAND_KICK_NOTMEMBER, toKick.describeTo(fme, true), myFaction.describeTo(fme));
                 return;
             }
-
-            // Check for Access before we check for Role.
-            if (access != Access.ALLOW && toKick.getRole().value >= fme.getRole().value) {
+            if (toKick.getRole().value >= fme.getRole().value) {
                 msg(TL.COMMAND_KICK_INSUFFICIENTRANK);
                 return;
             }
-
             if (!Conf.canLeaveWithNegativePower && toKick.getPower() < 0) {
                 msg(TL.COMMAND_KICK_NEGATIVEPOWER);
                 return;
             }
         }
 
-        Access access = myFaction.getAccess(fme, PermissableAction.KICK);
-        // This statement allows us to check if they've specifically denied it, or default to
-        // the old setting of allowing moderators to kick
-        if (access == Access.DENY || (access == Access.UNDEFINED && !assertMinRole(Role.MODERATOR))) {
-            fme.msg(TL.GENERIC_NOPERMISSION, "kick");
-            return;
-        }
-
         // if economy is enabled, they're not on the bypass list, and this command has a cost set, make sure they can pay
         if (!canAffordCommand(Conf.econCostKick, TL.COMMAND_KICK_TOKICK.toString())) {
             return;
diff --git a/src/main/java/com/massivecraft/factions/zcore/util/TL.java b/src/main/java/com/massivecraft/factions/zcore/util/TL.java
index 23fbab06..2af73b40 100644
--- a/src/main/java/com/massivecraft/factions/zcore/util/TL.java
+++ b/src/main/java/com/massivecraft/factions/zcore/util/TL.java
@@ -329,6 +329,7 @@ public enum TL {
     COMMAND_INVITE_INVITEDYOU("&chas invited you to join "),
     COMMAND_INVITE_INVITED("&c&l[!]&7 &c%1$s&7 invited &c%2$s&7 to your faction."),
     COMMAND_INVITE_ALREADYMEMBER("&c&l[!]&7 &c%1$s&7 is already a member of&c %2$s"),
+    COMMAND_INVITE_ALREADYINVITED("&c&l[!]&7 &c%1$s&7 has already been invited"),
     COMMAND_INVITE_DESCRIPTION("Invite a player to your faction"),
     COMMAND_INVITE_BANNED("&c&l[!]&7 &7%1$s &cis banned &7from your Faction. &cNot &7sending an invite."),