Fix perm check

app/http/endpoints/api/settings/updatesettings.go

@@ -72,6 +72,8 @@ func (s *Settings) updateSettings(guildId uint64) error {
 	return group.Wait()
 }
 
+var validAutoArchive = []int{60, 1440, 4320, 10080}
+
 func (s *Settings) Validate(guildId uint64) error {
 	group, _ := errgroup.WithContext(context.Background())
 
@@ -93,6 +95,30 @@ func (s *Settings) Validate(guildId uint64) error {
 		return nil
 	})
 
+	group.Go(func() error {
+		valid := false
+		for _, duration := range validAutoArchive {
+			if duration == s.Settings.ThreadArchiveDuration {
+				valid = true
+				break
+			}
+		}
+
+		if !valid {
+			return fmt.Errorf("Invalid thread auto archive duration")
+		}
+
+		return nil
+	})
+
+	group.Go(func() error {
+		if s.Settings.UseThreads {
+			return fmt.Errorf("threads are disabled")
+		} else {
+			return nil
+		}
+	})
+
 	return group.Wait()
 }
 

go.mod

@@ -6,7 +6,7 @@ require (
 	github.com/BurntSushi/toml v0.3.1
 	github.com/TicketsBot/archiverclient v0.0.0-20210220155137-a562b2f1bbbb
 	github.com/TicketsBot/common v0.0.0-20210910205523-7ce93fba6fa5
-	github.com/TicketsBot/database v0.0.0-20211030123522-eeed94443867
+	github.com/TicketsBot/database v0.0.0-20211030133445-3b8906e1b64a
 	github.com/TicketsBot/worker v0.0.0-20210910205947-89f7bd5ccf67
 	github.com/apex/log v1.1.2
 	github.com/boj/redistore v0.0.0-20180917114910-cd5dcc76aeff // indirect

go.sum

@@ -16,6 +16,8 @@ github.com/TicketsBot/database v0.0.0-20210902172951-4e1f8ced84b7/go.mod h1:A4T2
 github.com/TicketsBot/database v0.0.0-20210906215136-2d0c54bd1109/go.mod h1:A4T2uQFIWC/ttCYpfgv7AkPjR09mMRgzG13lgoV/+aI=
 github.com/TicketsBot/database v0.0.0-20211030123522-eeed94443867 h1:2tYF3avpUUY1voXuzcY2gQHggnk17M+1btblS7Zkygk=
 github.com/TicketsBot/database v0.0.0-20211030123522-eeed94443867/go.mod h1:72oWvH/Gq1iKeXCZhVRZn1JFbNVC5iAgERZWTrEarEo=
+github.com/TicketsBot/database v0.0.0-20211030133445-3b8906e1b64a h1:nn8rmdIXR4jY3JsE+pyf6Ff0LOAYvHjx8F8E+InWaRk=
+github.com/TicketsBot/database v0.0.0-20211030133445-3b8906e1b64a/go.mod h1:72oWvH/Gq1iKeXCZhVRZn1JFbNVC5iAgERZWTrEarEo=
 github.com/TicketsBot/logarchiver v0.0.0-20200423221245-a3f92edf8c14/go.mod h1:whts8TRxrAF4WuDuEAMllkWA/inKem0NhDEFeyuoOvE=
 github.com/TicketsBot/ttlcache v1.6.1-0.20200405150101-acc18e37b261 h1:NHD5GB6cjlkpZFjC76Yli2S63/J2nhr8MuE6KlYJpQM=
 github.com/TicketsBot/ttlcache v1.6.1-0.20200405150101-acc18e37b261/go.mod h1:2zPxDAN2TAPpxUPjxszjs3QFKreKrQh5al/R3cMXmYk=

utils/permissionutils.go

@@ -83,6 +83,12 @@ func HasPermissionToViewTicket(guildId, userId uint64, ticket database.Ticket) (
 		}
 	}
 
+	// Check Discord permissions
+	hasAdminPermission := permission.HasPermissions(botContext, guildId, member.User.Id, discordperms.Administrator)
+	if hasAdminPermission {
+		return true, nil
+	}
+
 	// If ticket is not from a panel, we can use default team perms
 	if ticket.PanelId == nil {
 		canView, err := isOnDefaultTeam(guildId, userId, botContext, member)
@@ -106,12 +112,15 @@ func HasPermissionToViewTicket(guildId, userId uint64, ticket database.Ticket) (
 			if canView {
 				return true, nil
 			}
-		} else { // If panel does not use default team, check support teams
+		}
+
+		// If panel does not use the default team, or the user is not assigned to it, check support teams
 		supportTeams, err := dbclient.Client.PanelTeams.GetTeams(*ticket.PanelId)
 		if err != nil {
 			return false, err
 		}
 
+		if len(supportTeams) > 0 {
 			var supportTeamIds []int
 			for _, team := range supportTeams {
 				supportTeamIds = append(supportTeamIds, team.Id)
@@ -143,33 +152,7 @@ func HasPermissionToViewTicket(guildId, userId uint64, ticket database.Ticket) (
 }
 
 func isOnDefaultTeam(guildId, userId uint64, ctx botcontext.BotContext, member member.Member) (bool, error) {
-	// Check user perms for admin
-	if isAdmin, err := dbclient.Client.Permissions.IsAdmin(guildId, userId); err == nil {
-		if isAdmin {
-			return true, nil
-		}
-	} else {
-		return false, err
-	}
-
-	// Check roles from DB
-	adminRoles, err := dbclient.Client.RolePermissions.GetAdminRoles(guildId)
-	if err != nil {
-		return false, err
-	}
-
-	for _, adminRoleId := range adminRoles {
-		if member.HasRole(adminRoleId) {
-			return true, nil
-		}
-	}
-
-	// Check if user has Administrator permission
-	hasAdminPermission := permission.HasPermissions(ctx, guildId, member.User.Id, discordperms.Administrator)
-	if hasAdminPermission {
-		return true, nil
-	}
-
+	// Admin perms are already checked straight away, so we don't need to check for them here
 	// Check user perms for support
 	if isSupport, err := dbclient.Client.Permissions.IsSupport(guildId, member.User.Id); err == nil {
 		if isSupport {
@@ -187,7 +170,7 @@ func isOnDefaultTeam(guildId, userId uint64, ctx botcontext.BotContext, member m
 
 	for _, supportRoleId := range supportRoles {
 		if member.HasRole(supportRoleId) {
-			return false, nil
+			return true, nil
 		}
 	}