src/utils/LayerBasedPermissionManager.ts

/*
* This file is part of SudoBot.
*
* Copyright (C) 2021-2023 OSN Developers.
*
* SudoBot is free software; you can redistribute it and/or modify it
* under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* SudoBot is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
*/

import { PermissionOverwrite } from "@prisma/client";
import { GuildMember, PermissionsBitField, PermissionsString, Role, Snowflake } from "discord.js";
import { GetMemberPermissionInGuildResult } from "../services/PermissionManager";
import AbstractPermissionManager from "./AbstractPermissionManager";
import { logInfo } from "./logger";

export default class LayerBasedPermissionManager extends AbstractPermissionManager {
    protected cache: Record<`${Snowflake}_${"r" | "u"}_${Snowflake}`, PermissionOverwrite> = {};

    async sync() {
        const overwrites = await this.client.prisma.permissionOverwrite.findMany();

        this.cache = {};

        for (const overwrite of overwrites) {
            for (const roleId of overwrite.roles) {
                this.cache[`${overwrite.guildId}_r_${roleId}`] = overwrite;
            }

            for (const userId of overwrite.users) {
                this.cache[`${overwrite.guildId}_u_${userId}`] = overwrite;
            }
        }

        logInfo(`[${this.constructor.name}] Synchronized permission overwrites`);
    }

    isImmuneToAutoMod(member: GuildMember) {
        const { permissions } = this.getMemberPermissions(member);
        return permissions.has("ManageGuild", true);
    }

    // FIXME: This is not implemented yet
    shouldModerate(member: GuildMember, moderator: GuildMember) {
        return true;
    }

    getMemberPermissions(member: GuildMember, mergeWithDiscordPermissions = true): GetMemberPermissionInGuildResult {
        const overwriteIds = [];
        const baseUserOverwrite = this.cache[`${member.guild.id}_u_${member.user.id}`];
        const permissions = new PermissionsBitField([
            ...(mergeWithDiscordPermissions ? member.permissions.toArray() : []),
            ...((baseUserOverwrite?.grantedPermissions as PermissionsString[]) ?? [])
        ]);
        let highestRoleHavingOverwrite: Role | undefined;
        let highestOverwrite: PermissionOverwrite | undefined;

        if (baseUserOverwrite) {
            overwriteIds.push(baseUserOverwrite.id);
        }

        for (const [roleId, role] of member.roles.cache) {
            const overwrite = this.cache[`${member.guild.id}_r_${roleId}`];

            if (overwrite) {
                overwriteIds.push(overwrite.id);

                for (const permission of overwrite.grantedPermissions) {
                    permissions.add(permission as PermissionsString);
                }

                if (role.position > (highestRoleHavingOverwrite?.position ?? 0)) {
                    highestRoleHavingOverwrite = role;
                    highestOverwrite = overwrite;
                }
            }
        }

        return {
            type: "layered",
            permissions,
            highestRoleHavingOverwrite,
            highestOverwrite,
            overwriteIds
        };
    }
}
1	/*
2	* This file is part of SudoBot.
3	*
4	* Copyright (C) 2021-2023 OSN Developers.
5	*
6	* SudoBot is free software; you can redistribute it and/or modify it
7	* under the terms of the GNU Affero General Public License as published by
8	* the Free Software Foundation, either version 3 of the License, or
9	* (at your option) any later version.
10	*
11	* SudoBot is distributed in the hope that it will be useful, but
12	* WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU Affero General Public License for more details.
15	*
16	* You should have received a copy of the GNU Affero General Public License
17	* along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
18	*/
19
20	import { PermissionOverwrite } from "@prisma/client";
21	import { GuildMember, PermissionsBitField, PermissionsString, Role, Snowflake } from "discord.js";
22	import { GetMemberPermissionInGuildResult } from "../services/PermissionManager";
23	import AbstractPermissionManager from "./AbstractPermissionManager";
24	import { logInfo } from "./logger";
25
26	export default class LayerBasedPermissionManager extends AbstractPermissionManager {
27	protected cache: Record<`${Snowflake}_${"r" \| "u"}_${Snowflake}`, PermissionOverwrite> = {};
28
29	async sync() {
30	const overwrites = await this.client.prisma.permissionOverwrite.findMany();
31
32	this.cache = {};
33
34	for (const overwrite of overwrites) {
35	for (const roleId of overwrite.roles) {
36	this.cache[`${overwrite.guildId}_r_${roleId}`] = overwrite;
37	}
38
39	for (const userId of overwrite.users) {
40	this.cache[`${overwrite.guildId}_u_${userId}`] = overwrite;
41	}
42	}
43
44	logInfo(`[${this.constructor.name}] Synchronized permission overwrites`);
45	}
46
47	isImmuneToAutoMod(member: GuildMember) {
48	const { permissions } = this.getMemberPermissions(member);
49	return permissions.has("ManageGuild", true);
50	}
51
52	// FIXME: This is not implemented yet
53	shouldModerate(member: GuildMember, moderator: GuildMember) {
54	return true;
55	}
56
57	getMemberPermissions(member: GuildMember, mergeWithDiscordPermissions = true): GetMemberPermissionInGuildResult {
58	const overwriteIds = [];
59	const baseUserOverwrite = this.cache[`${member.guild.id}_u_${member.user.id}`];
60	const permissions = new PermissionsBitField([
61	...(mergeWithDiscordPermissions ? member.permissions.toArray() : []),
62	...((baseUserOverwrite?.grantedPermissions as PermissionsString[]) ?? [])
63	]);
64	let highestRoleHavingOverwrite: Role \| undefined;
65	let highestOverwrite: PermissionOverwrite \| undefined;
66
67	if (baseUserOverwrite) {
68	overwriteIds.push(baseUserOverwrite.id);
69	}
70
71	for (const [roleId, role] of member.roles.cache) {
72	const overwrite = this.cache[`${member.guild.id}_r_${roleId}`];
73
74	if (overwrite) {
75	overwriteIds.push(overwrite.id);
76
77	for (const permission of overwrite.grantedPermissions) {
78	permissions.add(permission as PermissionsString);
79	}
80
81	if (role.position > (highestRoleHavingOverwrite?.position ?? 0)) {
82	highestRoleHavingOverwrite = role;
83	highestOverwrite = overwrite;
84	}
85	}
86	}
87
88	return {
89	type: "layered",
90	permissions,
91	highestRoleHavingOverwrite,
92	highestOverwrite,
93	overwriteIds
94	};
95	}
96	}