search

bwmarrin / discordgo

(Golang) Go bindings for Discord
BSD 3-Clause "New" or "Revised" License
5.11k stars 816 forks source link

Missing Permissions for `GuildMemberTimeout` #1492

Closed RazvanBerbece closed 9 months ago

RazvanBerbece commented 9 months ago

Hi,

I am trying to use the GuildMemberTimeout function under discordgo.Session in order to timeout a user based on their userId and the associated guildId.

Currently, my bot intents and permissions are set as such:

// TODO: Make these more granular depending on bot features
func (b *DiscordBotBase) setBotIntents() {
    b.botSession.Identify.Intents = discordgo.IntentsGuilds |
        discordgo.IntentsGuildMessages |
        discordgo.IntentsGuildMessageReactions |
        discordgo.IntentsDirectMessages |
        discordgo.IntentsGuildVoiceStates |
        discordgo.IntentsGuildMembers |
        discordgo.IntentGuildVoiceStates |
        discordgo.IntentsGuildBans |
        discordgo.IntentsAllWithoutPrivileged
}

func (b *DiscordBotBase) setBotPermissions() {
    b.botSession.Identify.Intents = discordgo.PermissionManageMessages |
        discordgo.PermissionManageServer |
        discordgo.PermissionManageRoles |
        discordgo.PermissionManageChannels |
        discordgo.PermissionModerateMembers |
        discordgo.PermissionAll
}

However, whenever the GuildMemberTimeout function is called, the Discord API returns HTTP 403 Forbidden, {"message": "Missing Permissions", "code": 50013}.

I have tried updating the permissions and intents that I register and they ended up looking like the ones at the top. As far as I know from what I read online, PermissionModerateMembers, IntentsGuildMembers and IntentsGuildBans should be enough to be able to time out members, right ?

Is there anything I'm missing ? Perhaps an obscure permission / intent that's missing from the code above ? The bot application on the Discord API portal has all the intents and the bot was invited to the server as an admin.

Thank you :)

RazvanBerbece commented 9 months ago

So I tested the feature and it seems that it was actually working as intended.

The Discord API just doesn't allow timing out guild members which either:

  1. Have OWNER or ADMINISTRATOR permissions in the guild
  2. Are higher in role than the bot application (this i'm not 100% sure of yet)

I tried it with a member which doesn't have any of the above and the operation executed successfully :)

I am wondering though if there is any way this behaviour can be overridden thinking that in some cases the bot application might have ADMINISTRATOR or very high privileges too, in which case it should be allowed to timeout other members regardless of what the timeout is directed at ?

RazvanBerbece commented 9 months ago

Right so it actually seems that timeouts DO work, it's just that the role HIERARCHY (the actual role drag and drops) in Discord has to match what the bot is allowed to do (aka impose effects on members with roles lower in hierarchy)