search

KarlOfDuty / SCPDiscord

A Northwood plugin which adds remote interaction to an SCP:SL server through Discord.
https://karlofduty.com
GNU General Public License v3.0
12 stars 12 forks source link

[BUG] Any player with access to RA can set any group he want #76

Closed VALERA771 closed 1 year ago

VALERA771 commented 1 year ago

Describe the bug Using command scpd_gvr any user with access to RA can set any group any won't. No permission check there

To Reproduce Steps to reproduce the behavior:

  1. Open RA
  2. Type pm setgroup <id> <any group which have only access to RA>
  3. Type scpd_gvr owner
  4. You now has an owner group!

Screenshots No screenshoots, very easy to reproduce

Setup (please complete the following information):

KarlOfDuty commented 1 year ago

Yeah I guess they shouldn't be RA commands as this API doesn't have any kind of permission checks.

KarlOfDuty commented 1 year ago

You can get the latest dev build if you want the fix.