_validate_perms_dict is supposed to be used to validate that the permissions names passed to decorators such as @commands.admin_or_permissions are actual permissions. The get_decorator helper used to build these decorators currently returns a decorator that fails to validate permission names if the decorated object is a coroutine. This causes the check to never properly happen in cases where the decorator executes before@commands.command (ie, if it is on the bottom). This potentially could cause unexpected behavior if a permission name is misspelled when passed to one of these decorators.
Found by @untir_l.
Reproduction example:
import discord
from redbot.core import commands
class Test(commands.Cog):
@commands.command()
@commands.admin_or_permissions(NONEXISTENT_PERM=True)
async def test(self, ctx):
await ctx.reply("Boop!")
Already properly handled (prevents load):
import discord
from redbot.core import commands
class Test(commands.Cog):
@commands.admin_or_permissions(NONEXISTENT_PERM=True)
@commands.command()
async def test(self, ctx):
await ctx.reply("Boop!")
Description of the changes
_validate_perms_dict
is supposed to be used to validate that the permissions names passed to decorators such as@commands.admin_or_permissions
are actual permissions. Theget_decorator
helper used to build these decorators currently returns a decorator that fails to validate permission names if the decorated object is a coroutine. This causes the check to never properly happen in cases where the decorator executes before@commands.command
(ie, if it is on the bottom). This potentially could cause unexpected behavior if a permission name is misspelled when passed to one of these decorators.Found by
@untir_l
.Reproduction example:
Already properly handled (prevents load):
Have the changes in this PR been tested?
Yes