Fixed admin bypass perm to framework allowed_roles

This makes those with the "Administrator" permission able to bypass the `allowed_roles` check. Additionally change a usage of `len() > 0` to `is_empty()`.
serenity-rs · Sep 10, 2017 · 2fb12e2 · 2fb12e2
1 parent 485ad29
commit 2fb12e2
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 9 deletions.
diff --git a/src/framework/standard/help_commands.rs b/src/framework/standard/help_commands.rs
@@ -51,7 +51,7 @@ fn remove_aliases(cmds: &HashMap<String, CommandOrAlias>) -> HashMap<&String, &I
 }
 
 fn right_roles(cmd: &Command, guild: &Guild, member: &Member) -> bool {
-    if cmd.allowed_roles.len() > 0 {
+    if !cmd.allowed_roles.is_empty() {
         cmd.allowed_roles
             .iter()
             .flat_map(|r| guild.role_by_name(&r))

diff --git a/src/framework/standard/mod.rs b/src/framework/standard/mod.rs
@@ -523,17 +523,21 @@ impl StandardFramework {
             } else if self.configuration.disabled_commands.contains(built) {
                 Some(DispatchError::CommandDisabled(built.to_owned()))
             } else {
-                if command.allowed_roles.len() > 0 {
+                if !command.allowed_roles.is_empty() {
                     if let Some(guild) = message.guild() {
                         let guild = guild.read().unwrap();
                         if let Some(member) = guild.members.get(&message.author.id) {
-                            let right_role = command
-                                .allowed_roles
-                                .iter()
-                                .flat_map(|r| guild.role_by_name(&r))
-                                .any(|g| member.roles.contains(&g.id));
-                            if !right_role {
-                                return Some(DispatchError::LackingRole);
+                            if let Ok(permissions) = member.permissions() {
+                                if !permissions.administrator() {
+                                    let right_role = command
+                                        .allowed_roles
+                                        .iter()
+                                        .flat_map(|r| guild.role_by_name(&r))
+                                        .any(|g| member.roles.contains(&g.id));
+                                    if !right_role {
+                                        return Some(DispatchError::LackingRole);
+                                    }
+                                }
                             }
                         }
                     }