Closed Flame442 closed 2 months ago
https://github.com/Cog-Creators/Red-DiscordBot/blob/ad1e1aa2ba804cceae29757b48cce0c0c0ae4703/redbot/core/commands/requires.py#L791-L806 @commands.can_manage_channel passes the bool value allow_thread_owner as the first parameter to _can_manage_channel_deco
@commands.can_manage_channel
bool
allow_thread_owner
_can_manage_channel_deco
https://github.com/Cog-Creators/Red-DiscordBot/blob/ad1e1aa2ba804cceae29757b48cce0c0c0ae4703/redbot/core/commands/requires.py#L763-L778 _can_manage_channel_deco expects the first parameter to be a PrivilegeLevel. When a bool is passed instead, the eventual comparison results in if await PrivilegeLevel.from_ctx(ctx) >= <bool>.
PrivilegeLevel
if await PrivilegeLevel.from_ctx(ctx) >= <bool>
https://github.com/Cog-Creators/Red-DiscordBot/blob/ad1e1aa2ba804cceae29757b48cce0c0c0ae4703/redbot/core/commands/requires.py#L97-L117 Since enum.auto increments starting from 1, and bools are interpreted as an int of 0 or 1, the PrivilegeLevel requirement is always passed. As a result, this check always passes, regardless of the channel state or the permissions of the invoker. This is not the case for all other checks that use the _can_manage_channel_deco helper, as those checks explicitly pass a PrivilegeLevel.
enum.auto
1
0
Yes
Description of the changes
https://github.com/Cog-Creators/Red-DiscordBot/blob/ad1e1aa2ba804cceae29757b48cce0c0c0ae4703/redbot/core/commands/requires.py#L791-L806
@commands.can_manage_channel
passes thebool
valueallow_thread_owner
as the first parameter to_can_manage_channel_deco
https://github.com/Cog-Creators/Red-DiscordBot/blob/ad1e1aa2ba804cceae29757b48cce0c0c0ae4703/redbot/core/commands/requires.py#L763-L778
_can_manage_channel_deco
expects the first parameter to be aPrivilegeLevel
. When abool
is passed instead, the eventual comparison results inif await PrivilegeLevel.from_ctx(ctx) >= <bool>
.https://github.com/Cog-Creators/Red-DiscordBot/blob/ad1e1aa2ba804cceae29757b48cce0c0c0ae4703/redbot/core/commands/requires.py#L97-L117 Since
enum.auto
increments starting from1
, andbool
s are interpreted as an int of0
or1
, thePrivilegeLevel
requirement is always passed. As a result, this check always passes, regardless of the channel state or the permissions of the invoker. This is not the case for all other checks that use the_can_manage_channel_deco
helper, as those checks explicitly pass aPrivilegeLevel
.Have the changes in this PR been tested?
Yes