search

mkscho63 / sta

This is an unofficial system for Foundry VTT using Modiphius's Star Trek Adventures 2d20 RPG. This system attempts to replicate the feeling of playing through an episode of the epic SciFi that is Star Trek. I am in no way associated with Modiphius.
MIT License
37 stars 34 forks source link

Trackers can still be changed despite not having permissions to do so. #22

Closed CurtR95 closed 3 years ago

CurtR95 commented 3 years ago

Report of bug in Dishonored that likely overlaps with STA.

My Dishonored implementation for tracker.js hid/disabled the buttons/text box of the tracker. A tech savvy individual can quite easily re-enable this in dev tools, so to fix in Dishonored I have done the following:

html.find('#dishonored-momentum-track-increase').click(ev => {
            if (game.user.hasRole(game.settings.get("FVTT-Dishonored", "momentumPermissionLevel"))) {
                chaos = game.settings.get("FVTT-Dishonored", "chaos");
                if (momentum === 6) {
                    ui.notifications.error(game.i18n.localize('dishonored.notifications.momentumGreater'));
                    return false;
                }
                momentum = parseInt(document.getElementById("dishonored-track-momentum").value);
                momentum = momentum + 1;
                game.settings.set("FVTT-Dishonored", "momentum", momentum);
                renderTracker();
            }
            else {
                ui.notifications.error(game.i18n.localize('dishonored.notifications.momentumButtonInvalidPermissions'));
                return false;
            }
        });

Essentially checking the user has permissions again and if they do, firing the rest of the function, otherwise erroring and returning false. This has been added to both increases, both decreases and the on change of the text box!

mkscho63 commented 3 years ago

Thanks so much for letting me know, I have included this in my tracker code now!