All role management is broken

[tupperward]

Right now, role management is broken because it relies on the order roles take in the server itself. It requires that the user set up roles in a certain order hierarchicaclly inside Discord, which is clumsy.

We need a way to do this that isn't as messy.

• [x] Research how roles are currently managed in Discord.py
• [x] Decouple roles from the hierarchy, but still limit which can be joined by users (prevent users from privilege escalation).
• [x] Try to tie role assignment to reacts in Discord.py (research this as well I guess)

[jinxedfeline]

A simple safeguard against people getting roles they should not have would be making sure that in the list of roles, the bot is below any role it should not be able to assign, and above all roles it should be able to. There may be some exceptions, like roles managed by integrations (Patreon, Twitch, etc.) that the bot will not be able to assign by itself, but as far as I can see, by default, even with "manage roles" enabled, the bot can only assign/remove those below it. This won't decouple the roles from the server-side hierarchy yet, but provide a quick and easy solution for now.

So the easy way to avoid hardcoding role names would be to move roles appropriately in the server's list and then simply checking is_assignable() on the roles to find valid ones. I have a proof of concept role picker (with GUI through a slash command) I can change to use that method and push to a branch for a PR.

Similarly, checking whether a given user has a necessary role to perform a certain command should be simple - both the context (for old-style commands and hybrid commands) and the interaction objects (for application commands aka slash commands) should include a full user object including all roles. You can then check against e.g. interaction.user.roles as necessary.