From ebb0235606ff25e16d9b55aa2143c4b406e3d063 Mon Sep 17 00:00:00 2001
From: rxdn <29165304+rxdn@users.noreply.github.com>
Date: Sun, 31 Oct 2021 21:47:28 +0000
Subject: [PATCH] Fix perm check

---
 .../endpoints/api/settings/updatesettings.go  | 26 ++++++++
 go.mod                                        |  2 +-
 go.sum                                        |  2 +
 utils/permissionutils.go                      | 65 +++++++------------
 4 files changed, 53 insertions(+), 42 deletions(-)

diff --git a/app/http/endpoints/api/settings/updatesettings.go b/app/http/endpoints/api/settings/updatesettings.go
index 6dc35bf..e022523 100644
--- a/app/http/endpoints/api/settings/updatesettings.go
+++ b/app/http/endpoints/api/settings/updatesettings.go
@@ -72,6 +72,8 @@ func (s *Settings) updateSettings(guildId uint64) error {
 	return group.Wait()
 }
 
+var validAutoArchive = []int{60, 1440, 4320, 10080}
+
 func (s *Settings) Validate(guildId uint64) error {
 	group, _ := errgroup.WithContext(context.Background())
 
@@ -93,6 +95,30 @@ func (s *Settings) Validate(guildId uint64) error {
 		return nil
 	})
 
+	group.Go(func() error {
+		valid := false
+		for _, duration := range validAutoArchive {
+			if duration == s.Settings.ThreadArchiveDuration {
+				valid = true
+				break
+			}
+		}
+
+		if !valid {
+			return fmt.Errorf("Invalid thread auto archive duration")
+		}
+
+		return nil
+	})
+
+	group.Go(func() error {
+		if s.Settings.UseThreads {
+			return fmt.Errorf("threads are disabled")
+		} else {
+			return nil
+		}
+	})
+
 	return group.Wait()
 }
 
diff --git a/go.mod b/go.mod
index b700a47..c5e6e45 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/BurntSushi/toml v0.3.1
 	github.com/TicketsBot/archiverclient v0.0.0-20210220155137-a562b2f1bbbb
 	github.com/TicketsBot/common v0.0.0-20210910205523-7ce93fba6fa5
-	github.com/TicketsBot/database v0.0.0-20211030123522-eeed94443867
+	github.com/TicketsBot/database v0.0.0-20211030133445-3b8906e1b64a
 	github.com/TicketsBot/worker v0.0.0-20210910205947-89f7bd5ccf67
 	github.com/apex/log v1.1.2
 	github.com/boj/redistore v0.0.0-20180917114910-cd5dcc76aeff // indirect
diff --git a/go.sum b/go.sum
index 787d5cb..44f9f41 100644
--- a/go.sum
+++ b/go.sum
@@ -16,6 +16,8 @@ github.com/TicketsBot/database v0.0.0-20210902172951-4e1f8ced84b7/go.mod h1:A4T2
 github.com/TicketsBot/database v0.0.0-20210906215136-2d0c54bd1109/go.mod h1:A4T2uQFIWC/ttCYpfgv7AkPjR09mMRgzG13lgoV/+aI=
 github.com/TicketsBot/database v0.0.0-20211030123522-eeed94443867 h1:2tYF3avpUUY1voXuzcY2gQHggnk17M+1btblS7Zkygk=
 github.com/TicketsBot/database v0.0.0-20211030123522-eeed94443867/go.mod h1:72oWvH/Gq1iKeXCZhVRZn1JFbNVC5iAgERZWTrEarEo=
+github.com/TicketsBot/database v0.0.0-20211030133445-3b8906e1b64a h1:nn8rmdIXR4jY3JsE+pyf6Ff0LOAYvHjx8F8E+InWaRk=
+github.com/TicketsBot/database v0.0.0-20211030133445-3b8906e1b64a/go.mod h1:72oWvH/Gq1iKeXCZhVRZn1JFbNVC5iAgERZWTrEarEo=
 github.com/TicketsBot/logarchiver v0.0.0-20200423221245-a3f92edf8c14/go.mod h1:whts8TRxrAF4WuDuEAMllkWA/inKem0NhDEFeyuoOvE=
 github.com/TicketsBot/ttlcache v1.6.1-0.20200405150101-acc18e37b261 h1:NHD5GB6cjlkpZFjC76Yli2S63/J2nhr8MuE6KlYJpQM=
 github.com/TicketsBot/ttlcache v1.6.1-0.20200405150101-acc18e37b261/go.mod h1:2zPxDAN2TAPpxUPjxszjs3QFKreKrQh5al/R3cMXmYk=
diff --git a/utils/permissionutils.go b/utils/permissionutils.go
index 96396ac..e8e6182 100644
--- a/utils/permissionutils.go
+++ b/utils/permissionutils.go
@@ -64,8 +64,8 @@ func HasPermissionToViewTicket(guildId, userId uint64, ticket database.Ticket) (
 	// Admins should have access to all tickets
 	isAdmin, err := dbclient.Client.Permissions.IsAdmin(guildId, userId)
 	if err != nil {
-        return false, err
-    }
+		return false, err
+	}
 
 	if isAdmin {
 		return true, nil
@@ -74,14 +74,20 @@ func HasPermissionToViewTicket(guildId, userId uint64, ticket database.Ticket) (
 	// TODO: Check in db
 	adminRoles, err := dbclient.Client.RolePermissions.GetAdminRoles(guildId)
 	if err != nil {
-        return false, err
-    }
+		return false, err
+	}
 
 	for _, roleId := range adminRoles {
-        if member.HasRole(roleId) {
-            return true, nil
-        }
-    }
+		if member.HasRole(roleId) {
+			return true, nil
+		}
+	}
+
+	// Check Discord permissions
+	hasAdminPermission := permission.HasPermissions(botContext, guildId, member.User.Id, discordperms.Administrator)
+	if hasAdminPermission {
+		return true, nil
+	}
 
 	// If ticket is not from a panel, we can use default team perms
 	if ticket.PanelId == nil {
@@ -106,12 +112,15 @@ func HasPermissionToViewTicket(guildId, userId uint64, ticket database.Ticket) (
 			if canView {
 				return true, nil
 			}
-		} else { // If panel does not use default team, check support teams
-			supportTeams, err := dbclient.Client.PanelTeams.GetTeams(*ticket.PanelId)
-			if err != nil {
-				return false, err
-			}
+		}
 
+		// If panel does not use the default team, or the user is not assigned to it, check support teams
+		supportTeams, err := dbclient.Client.PanelTeams.GetTeams(*ticket.PanelId)
+		if err != nil {
+			return false, err
+		}
+
+		if len(supportTeams) > 0 {
 			var supportTeamIds []int
 			for _, team := range supportTeams {
 				supportTeamIds = append(supportTeamIds, team.Id)
@@ -143,33 +152,7 @@ func HasPermissionToViewTicket(guildId, userId uint64, ticket database.Ticket) (
 }
 
 func isOnDefaultTeam(guildId, userId uint64, ctx botcontext.BotContext, member member.Member) (bool, error) {
-	// Check user perms for admin
-	if isAdmin, err := dbclient.Client.Permissions.IsAdmin(guildId, userId); err == nil {
-		if isAdmin {
-			return true, nil
-		}
-	} else {
-		return false, err
-	}
-
-	// Check roles from DB
-	adminRoles, err := dbclient.Client.RolePermissions.GetAdminRoles(guildId)
-	if err != nil {
-		return false, err
-	}
-
-	for _, adminRoleId := range adminRoles {
-		if member.HasRole(adminRoleId) {
-			return true, nil
-		}
-	}
-
-	// Check if user has Administrator permission
-	hasAdminPermission := permission.HasPermissions(ctx, guildId, member.User.Id, discordperms.Administrator)
-	if hasAdminPermission {
-		return true, nil
-	}
-
+	// Admin perms are already checked straight away, so we don't need to check for them here
 	// Check user perms for support
 	if isSupport, err := dbclient.Client.Permissions.IsSupport(guildId, member.User.Id); err == nil {
 		if isSupport {
@@ -187,7 +170,7 @@ func isOnDefaultTeam(guildId, userId uint64, ctx botcontext.BotContext, member m
 
 	for _, supportRoleId := range supportRoles {
 		if member.HasRole(supportRoleId) {
-			return false, nil
+			return true, nil
 		}
 	}