feat: implement permission checks for ManageGuild and staff roles across commands

2025-10-04 01:10:02 -05:00
parent 3cd9efcbcb
commit 312ccc7b2a
16 changed files with 237 additions and 275 deletions
--- a/src/components/buttons/ldManagePoints.ts
+++ b/src/components/buttons/ldManagePoints.ts
@@ -1,11 +1,11 @@
 import logger from "../../core/lib/logger";
 import { 
  ButtonInteraction, 
-  MessageFlags, 
-  PermissionFlagsBits
+  MessageFlags
 } from 'discord.js';
 import { prisma } from '../../core/database/prisma';
 import { ComponentType, TextInputStyle } from 'discord-api-types/v10';
+import { hasManageGuildOrStaff } from "../../core/lib/permissions";

 export default {
  customId: 'ld_manage_points',
@@ -17,11 +17,12 @@ export default {
      });
    }

-    // Verificar permisos de administrador
+    // Verificar permisos (ManageGuild o rol de staff)
    const member = await interaction.guild.members.fetch(interaction.user.id);
-    if (!member.permissions.has(PermissionFlagsBits.ManageGuild)) {
+    const allowed = await hasManageGuildOrStaff(member, interaction.guild.id, prisma);
+    if (!allowed) {
      return interaction.reply({
-        content: '❌ Solo los administradores pueden gestionar puntos.',
+        content: '❌ Solo admins o staff pueden gestionar puntos.',
        flags: MessageFlags.Ephemeral
      });
    }
--- a/src/components/buttons/ldRefresh.ts
+++ b/src/components/buttons/ldRefresh.ts
@@ -1,6 +1,8 @@
 import logger from "../../core/lib/logger";
-import { ButtonInteraction, MessageFlags, PermissionFlagsBits } from 'discord.js';
+import { ButtonInteraction, MessageFlags } from 'discord.js';
 import { buildLeaderboardPanel } from '../../commands/messages/alliaces/leaderboard';
+import { hasManageGuildOrStaff } from "../../core/lib/permissions";
+import { prisma } from "../../core/database/prisma";

 export default {
  customId: 'ld_refresh',
@@ -11,9 +13,9 @@ export default {
    try {
      await interaction.deferUpdate();

-      // Verificar si el usuario es administrador
+      // Verificar si el usuario es admin o staff
      const member = await interaction.guild.members.fetch(interaction.user.id);
-      const isAdmin = member.permissions.has(PermissionFlagsBits.ManageGuild);
+      const isAdmin = await hasManageGuildOrStaff(member, interaction.guild.id, prisma);

      // Reusar el builder esperando un objeto con guild y author
      const fakeMessage: any = { guild: interaction.guild, author: interaction.user };
--- a/src/components/modals/ldPointsModal.ts
+++ b/src/components/modals/ldPointsModal.ts
@@ -2,13 +2,13 @@ import logger from "../../core/lib/logger";
 import { 
  ModalSubmitInteraction, 
  MessageFlags,
-  PermissionFlagsBits,
  EmbedBuilder,
  User,
  Collection,
  Snowflake
 } from 'discord.js';
 import { prisma } from '../../core/database/prisma';
+import { hasManageGuildOrStaff } from "../../core/lib/permissions";

 interface UserSelectComponent {
  custom_id: string;
@@ -36,11 +36,12 @@ export default {
      });
    }

-    // Verificar permisos
+    // Verificar permisos (ManageGuild o rol staff)
    const member = await interaction.guild.members.fetch(interaction.user.id);
-    if (!member.permissions.has(PermissionFlagsBits.ManageGuild)) {
+    const allowed = await hasManageGuildOrStaff(member, interaction.guild.id, prisma);
+    if (!allowed) {
      return interaction.reply({
-        content: '❌ Solo los administradores pueden gestionar puntos.',
+        content: '❌ Solo admins o staff pueden gestionar puntos.',
        flags: MessageFlags.Ephemeral
      });
    }