Fix leveling reward vulnerabilities and /roles grammar

TechnoVisionDev · TechnoVisionDev · commit a299dca9e3f4 · 2022-06-07T12:40:06.000-07:00
diff --git a/src/main/java/technobot/commands/levels/LevelingCommand.java b/src/main/java/technobot/commands/levels/LevelingCommand.java
@@ -145,6 +145,13 @@ public void execute(SlashCommandInteractionEvent event) {
                 int level = event.getOption("level").getAsInt();
                 String reward = event.getOption("role").getAsRole().getId();
 
+                // Check if role can be given by TechnoBot
+                Role role = event.getGuild().getRoleById(reward);
+                int botPos = event.getGuild().getBotRole().getPosition();
+                if (role == null || role.getPosition() >= botPos || role.isManaged()) {
+                    event.getHook().sendMessageEmbeds(EmbedUtils.createError("I cannot reward that role! Please check my permissions and role position.")).queue();
+                    return;
+                }
                 Integer x = config.getRewards().get(reward);
                 if (x != null && x == level) {
                     config.removeReward(reward);
diff --git a/src/main/java/technobot/commands/levels/RewardsCommand.java b/src/main/java/technobot/commands/levels/RewardsCommand.java
@@ -1,7 +1,10 @@
 package technobot.commands.levels;
 
+import com.mongodb.client.model.Filters;
+import com.mongodb.client.model.Updates;
 import net.dv8tion.jda.api.EmbedBuilder;
 import net.dv8tion.jda.api.events.interaction.command.SlashCommandInteractionEvent;
+import org.bson.conversions.Bson;
 import technobot.TechnoBot;
 import technobot.commands.Category;
 import technobot.commands.Command;
@@ -28,6 +31,7 @@ public RewardsCommand(TechnoBot bot) {
 
     @Override
     public void execute(SlashCommandInteractionEvent event) {
+        event.deferReply().queue();
         LinkedHashMap<String, Integer> rewards = new LinkedHashMap<>();
         GuildData.get(event.getGuild()).config.getRewards().entrySet()
                 .stream()
@@ -36,17 +40,23 @@ public void execute(SlashCommandInteractionEvent event) {
 
         StringBuilder content = new StringBuilder();
         for (Map.Entry<String,Integer> reward : rewards.entrySet()) {
-            content.append("Level ").append(reward.getValue()).append(" ----> <@&").append(reward.getKey()).append(">\n");
+            if (event.getGuild().getRoleById(reward.getKey()) != null) {
+                content.append("Level ").append(reward.getValue()).append(" ----> <@&").append(reward.getKey()).append(">\n");
+            } else {
+                // Remove any deleted roles from database
+                Bson filter = Filters.eq("guild", event.getGuild().getIdLong());
+                bot.database.config.updateOne(filter, Updates.unset("rewards."+reward.getKey()));
+            }
         }
 
         if (!content.isEmpty()) {
             EmbedBuilder embed = new EmbedBuilder()
                     .setColor(EmbedColor.DEFAULT.color)
                     .setTitle(":crown: Leveling Rewards")
                     .setDescription(content);
-            event.replyEmbeds(embed.build()).queue();
+            event.getHook().sendMessageEmbeds(embed.build()).queue();
             return;
         }
-        event.replyEmbeds(EmbedUtils.createDefault(EmbedUtils.BLUE_X + " No leveling rewards have been set for this server!")).queue();
+        event.getHook().sendMessageEmbeds(EmbedUtils.createDefault(EmbedUtils.BLUE_X + " No leveling rewards have been set for this server!")).queue();
     }
 }
diff --git a/src/main/java/technobot/commands/utility/RolesCommand.java b/src/main/java/technobot/commands/utility/RolesCommand.java
@@ -30,7 +30,9 @@ public void execute(SlashCommandInteractionEvent event) {
         for (Role role : event.getGuild().getRoles()) {
             int amount = guild.getMembersWithRoles(role).size();
             if (role.getName().equals("@everyone")) amount = guild.getMemberCount();
-            content.append(role.getAsMention()).append(" ").append(amount).append(" Members\n");
+            content.append(role.getAsMention()).append(" ").append(amount).append(" Member");
+            if (amount > 1 || amount == 0) content.append("s");
+            content.append("\n");
         }
 
         EmbedBuilder embed = new EmbedBuilder()
diff --git a/src/main/java/technobot/listeners/LevelingListener.java b/src/main/java/technobot/listeners/LevelingListener.java
@@ -2,6 +2,7 @@
 
 import com.mongodb.client.model.Filters;
 import com.mongodb.client.model.Updates;
+import net.dv8tion.jda.api.Permission;
 import net.dv8tion.jda.api.entities.ChannelType;
 import net.dv8tion.jda.api.entities.Member;
 import net.dv8tion.jda.api.entities.Role;
@@ -12,6 +13,7 @@
 import technobot.TechnoBot;
 import technobot.data.GuildData;
 import technobot.data.cache.Leveling;
+import technobot.util.UtilityMethods;
 import technobot.util.placeholders.Placeholder;
 import technobot.util.placeholders.PlaceholderFactory;
 
@@ -111,8 +113,11 @@ public void onMessageReceived(@Nonnull MessageReceivedEvent event) {
                 if (level >= rewardLevel) {
                     // Only give role if user doesn't already have it
                     Role role = event.getGuild().getRoleById(reward.getKey());
-                    if (role != null && !memberRoles.contains(role)) {
-                        event.getGuild().addRoleToMember(event.getAuthor(), role).queue();
+                    Role botRole = event.getGuild().getBotRole();
+                    if (role != null && !memberRoles.contains(role) && !role.isManaged()) {
+                        if (role.getPosition() < botRole.getPosition() && UtilityMethods.hasPermission(event.getGuild().getBotRole(), Permission.MANAGE_ROLES)) {
+                            event.getGuild().addRoleToMember(event.getAuthor(), role).queue();
+                        }
                     }
                 }
             }
