Closed Flame442 closed 2 months ago
https://github.com/Cog-Creators/Red-DiscordBot/blob/ad1e1aa2ba804cceae29757b48cce0c0c0ae4703/redbot/core/commands/requires.py#L791-L806 @commands.can_manage_channel passes the bool value allow_thread_owner as the first parameter to _can_manage_channel_deco
@commands.can_manage_channel
bool
allow_thread_owner
_can_manage_channel_deco
https://github.com/Cog-Creators/Red-DiscordBot/blob/ad1e1aa2ba804cceae29757b48cce0c0c0ae4703/redbot/core/commands/requires.py#L763-L778 _can_manage_channel_deco expects the first parameter to be a PrivilegeLevel. When a bool is passed instead, the eventual comparison results in if await PrivilegeLevel.from_ctx(ctx) >= <bool>.
PrivilegeLevel
if await PrivilegeLevel.from_ctx(ctx) >= <bool>
https://github.com/Cog-Creators/Red-DiscordBot/blob/ad1e1aa2ba804cceae29757b48cce0c0c0ae4703/redbot/core/commands/requires.py#L97-L117 Since enum.auto increments starting from 1, and bools are interpreted as an int of 0 or 1, the PrivilegeLevel requirement is always passed. As a result, this check always passes, regardless of the channel state or the permissions of the invoker. This is not the case for all other checks that use the _can_manage_channel_deco helper, as those checks explicitly pass a PrivilegeLevel.
enum.auto
1
0
Yes
Description of the changes
https://github.com/Cog-Creators/Red-DiscordBot/blob/ad1e1aa2ba804cceae29757b48cce0c0c0ae4703/redbot/core/commands/requires.py#L791-L806
@commands.can_manage_channelpasses theboolvalueallow_thread_owneras the first parameter to_can_manage_channel_decohttps://github.com/Cog-Creators/Red-DiscordBot/blob/ad1e1aa2ba804cceae29757b48cce0c0c0ae4703/redbot/core/commands/requires.py#L763-L778
_can_manage_channel_decoexpects the first parameter to be aPrivilegeLevel. When aboolis passed instead, the eventual comparison results inif await PrivilegeLevel.from_ctx(ctx) >= <bool>.https://github.com/Cog-Creators/Red-DiscordBot/blob/ad1e1aa2ba804cceae29757b48cce0c0c0ae4703/redbot/core/commands/requires.py#L97-L117 Since
enum.autoincrements starting from1, andbools are interpreted as an int of0or1, thePrivilegeLevelrequirement is always passed. As a result, this check always passes, regardless of the channel state or the permissions of the invoker. This is not the case for all other checks that use the_can_manage_channel_decohelper, as those checks explicitly pass aPrivilegeLevel.Have the changes in this PR been tested?
Yes