Closed kitsuu-ne closed 1 year ago
manuel-rw
commented
1 year ago Hi, thanks for your issue. I am not sure if "everyone" having access to it by default is a good idea. I must admit that I mostly use the bot myself though. Would the reverse be okay? (Having an environment variable to allow everyone instead of allowing it by default)
Also, not an expert here, but I think you can override the permissions, correct?
kitsuu-ne
commented
1 year ago Yeah that could be great.
I know you can override the permissions, but this require you to have access to the commands first, either way having to override all of them one by one manually, would be very tiring
manuel-rw
commented
1 year ago Why not? I think this is out of scope for this Discord bot. This bot will play music - and not manage your server roles. There are plenty of open source / free / paid bots, that have much more complex roles management.
Additionally, it's a bad idea to give everyone access (see https://en.m.wikipedia.org/wiki/Principle_of_least_privilege ). Admins are in charge of enforcing the correct permissions, not the bot :)
manuel-rw
commented
1 year ago overrides didnt seem to work for me, if they do for you could you perhaps outline the steps to override the permissions of the commands?
I wasn't aware of that. I think I'll have to do some testing on my own and figure out the discord.js and Discord API. Thanks for the info and clarification :)
s01itude
commented
1 year ago This is something I would like as well. I was trying to set it up today and couldn't figure out why the bot was completely ignoring my commands. Then I discovered it was because I was using it in a server I was only a mod in. I COULD ask the admin to go in and edit each of the commands, but he's pretty busy and our schedules don't exactly line up anyway.
opening up the commands would be greatly appreciated!
manuel-rw
commented
1 year ago Hi, since more people are requesting this, than I expected, I will prioritize this for the next release.
I did some research on the topic. Generally, the official documentation advises against using this:
The slash command permissions for guilds are defaults only and can be altered by guild administrators, allowing them to configure access however best suits their moderation and server roles. Your code should not try to enforce its own permission management, as this can result in a conflict between the server-configured permissions and your bot's code.
The text explains the obvious reasons very well. For this reason, the option to do this will be disabled by default.
However, there is still a problem to solve. Discordjs API can do this imperatively using the API:
https://discordjs.guide/slash-commands/permissions.html#member-permissions
However, this bot uses the Nest.js abstraction, where this is done using a decorator:
This decorator is declarative, which means it can't incorporate any logic (eg. reading the environment variables).
Therefore, I am not sure yet if this will work. I'll try out a few things and let you guys know, once I have news.
CryptoCANINE
commented
1 year ago Yeah, I don't see much of a reason to keep this to admins only. Wanted to use it in a friend's server with a low amount of people and was shocked that the commands are admin locked.
manuel-rw
commented
1 year ago I am working on this now. Hopefully I have something ready soon
Is your feature request related to a problem? Please describe. Currently, the bot has its all interaction commands' permission set to administrator. While this doesn't seem to be too huge of an issue, it could cause some problems when the bot is being used in a server with members that are not roled as an administrator.
Describe the solution you'd like Maybe have the default permission set to everyone, but still allow the option to use the old behaviour (administrator only) by setting an environment variable