Forwarding 'end' command as a player close bungeecord server

[cupang-afk]

What behavior is observed:

bungeecord server is turned off when /forward {playername} end is executed from the server console even though the player doesn't have bungeecord.command.end

What behavior is expected:

should throw same message as end command as it was executed as a player in-game when the player has no bungeecord.command.end permission

Steps/models to reproduce:

• join the server (since the plugin need 1 player to be online on the server)
• type /forward {playername} end in the server console
• voila

Screenshots (if applicable)

Plugin list:

Environment description

server: git-Purpur-1894 (1.19.3) bungeecord: git:Waterfall-Bootstrap:1.19-R0.1-SNAPSHOT:13085b9:510

Plugin version or build number (don't write latest):

> version commandforward
[06:34:47 INFO]: CommandForward version 0.4.0
[06:34:47 INFO]: Forwards commands from Bukkit to BungeeCord to execute it there

[06:34:47 INFO]: Website: https://www.spigotmc.org/resources/commandforward.bukkit/
[06:34:47 INFO]: Authors: games647 and https://github.com/games647/CommandForward/graphs/contributors

Server Log:

Hastebin / Gist link of the error, stacktrace or the complete log (if any)

server

> forward cupang_afk end
[06:35:29 INFO]: [floodgate] Floodgate player logged in as cupang_afk disconnected
[06:35:29 INFO]: cupang_afk lost connection: Disconnected

bungeecord

[06:35:29 INFO]: Closing listener [id: 0x59d6a71b, L:local:E:492231d0]
[06:35:29 INFO]: Closing listener [id: 0x1ca6ae0a, L:/[0:0:0:0:0:0:0:0%0]:35750]
[06:35:29 INFO]: Closing pending connections
[06:35:29 INFO]: Disconnecting 1 connections
[06:35:29 INFO]: [cupang_afk] disconnected with: 

...more log for shutting down process

Configuration:

Hastebin / Gist link of your config.yml file

Note:

cupang_afk is not an operator, i confirm this with deop command

> deop cupang_afk
[06:28:12 INFO]: Nothing changed. The player is not an operator

cupang_afk also never had bungeecord.command.end permission this is confirmed with /end command executed in-game

command /forward {playername} is working perfectly for running command as player for example i run /forward cupang_afk skin reset to reset skin from the player created by SkinsRestorer

[games647]

Permissions are based on the invoker. If the console runs the command, the input are expected to be trusted, because this means it is executed by an administrator. Foreign access to the server console would be a security risk and requires additional protection. Only trusted parties should create custom commands or need to introduce a allow list.

[cupang-afk]

Permissions are based on the invoker.

so for example if i have player named steve that has commandforward.bukkit.command.forward.other trying to execute the bungeecord end command to admin alex which has bungeecord.command.end

the permission is inherited as steve ? so steve will see the You do not have permission to execute this command! message ?

Foreign access to the server console would be a security risk and requires additional protection.

for in-game i assume the first point is correct, then i can have my other admin the permission commandforward.bukkit.command.forward.other, while me as the owner have bungeecord.command.end and they won't be able to do something like shutdown the bungee server right ?

If the console runs the command, the input are expected to be trusted, because this means it is executed by an administrator.

well my usage of this plugin is to enable some plugin feature that has no toggle function in the bungeecord server i only execute /forward in the console though (on every PlayerJoinEvent to be exact, i want them to run certain command that only available in the bungeecord server)

if it's all good, then as long it's not the console who execute /forward command i can say it safe