Open cupang-afk opened 1 year ago
Permissions are based on the invoker. If the console runs the command, the input are expected to be trusted, because this means it is executed by an administrator. Foreign access to the server console would be a security risk and requires additional protection. Only trusted parties should create custom commands or need to introduce a allow list.
Permissions are based on the invoker.
so for example if i have player named steve
that has commandforward.bukkit.command.forward.other
trying to execute the bungeecord end
command to admin alex
which has bungeecord.command.end
the permission is inherited as steve
?
so steve
will see the You do not have permission to execute this command!
message ?
Foreign access to the server console would be a security risk and requires additional protection.
for in-game
i assume the first point is correct, then i can have my other admin the permission commandforward.bukkit.command.forward.other
, while me as the owner have bungeecord.command.end
and they won't be able to do something like shutdown the bungee server right ?
If the console runs the command, the input are expected to be trusted, because this means it is executed by an administrator.
well my usage of this plugin is to enable some plugin feature that has no toggle function in the bungeecord server
i only execute /forward
in the console though (on every PlayerJoinEvent to be exact, i want them to run certain command that only available in the bungeecord server)
if it's all good, then as long it's not the console who execute /forward
command i can say it safe
What behavior is observed:
bungeecord server is turned off when
/forward {playername} end
is executed from the server console even though the player doesn't havebungeecord.command.end
What behavior is expected:
should throw same message as
end
command as it was executed as a player in-game when the player has nobungeecord.command.end
permissionSteps/models to reproduce:
/forward {playername} end
in the server consoleScreenshots (if applicable)
Plugin list:
Environment description
server: git-Purpur-1894 (1.19.3) bungeecord: git:Waterfall-Bootstrap:1.19-R0.1-SNAPSHOT:13085b9:510
Plugin version or build number (don't write latest):
Server Log:
Hastebin / Gist link of the error, stacktrace or the complete log (if any)
Configuration:
Hastebin / Gist link of your config.yml file
Note:
cupang_afk is not an operator, i confirm this with
deop
commandcupang_afk also never had
bungeecord.command.end
permission this is confirmed with/end
command executed in-gamecommand
/forward {playername}
is working perfectly for running command as player for example i run/forward cupang_afk skin reset
to reset skin from the player created by SkinsRestorer