Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VIEW_CHANNEL does not implicitly deny MANAGE_ROLES #641

Closed
almostSouji opened this issue Aug 4, 2018 · 2 comments
Closed

VIEW_CHANNEL does not implicitly deny MANAGE_ROLES #641

almostSouji opened this issue Aug 4, 2018 · 2 comments

Comments

@almostSouji
Copy link

Logical use would dictate that not having access to a channel should mean that you don't have any means of interacting with the respective channel and there should be no way for you to change this.

As it stands bots can however set overwrites in channels they don't have VIEW_CHANNEL for, allowing malicious behavior by forcing access to channels they should be locked out from.

If I understand the "logical use" wrong feel free to correct me.
(i could not find a similar request in the repo, feel free to link and close should it exist)
@shikhir-arora
Copy link
Contributor

This seems like a duplicate of #487 (comment) 🙃

@almostSouji
Copy link
Author

I thought the question for implicit grant to be different enough from the explicit deny and thus must've missed nights comment, as well as kantenkugel's recap, which covers it all.
Thanks for pointing it out, will watch that thread closely 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shikhir-arora @almostSouji