Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FactionsUUIDProtectionModule does not account for Admin Bypass mode #279

Open
JeremyFail opened this issue Jan 26, 2025 · 0 comments · May be fixed by #280
Open

FactionsUUIDProtectionModule does not account for Admin Bypass mode #279

JeremyFail opened this issue Jan 26, 2025 · 0 comments · May be fixed by #280

Comments

@JeremyFail
Copy link

JeremyFail commented Jan 26, 2025
edited
Loading

Description (Required)

FactionsUUID has a functionality called Admin Bypass mode. This allows server administrators to bypass faction restrictions for administrative purposes (such as accessing/interacting with blocks, placing/destroying blocks, etc.). When a server administrator with proper permission runs the /f bypass command, it then toggles a boolean value that can be accessed through the isAdminBypassing() method found in the FPlayer API. This is true when enabled, and false when disabled. You can see this here: https://github.com/FactionsU/UID/blob/main/src/main/java/com/massivecraft/factions/FPlayer.java#L87

Currently, the FactionsUUIDProtectionModule that integrations FactionsUUID with dough does not take into account when a user might have admin bypass mode enabled. It currently only checks if the current player is a member of the faction and if so, hasPermission returns true (it will also return true if the land is currently not claimed by anyone). Otherwise, it will return false. This logic is incorrect however, as one other condition that needs to be accounted for is if the player is currently in admin bypass mode, as if they are, they have access to all factions, regardless of if they are a member of that faction.

Steps to reproduce the Issue (Required)

  1. Install the latest version of FactionsUUID with the latest version of SlimeFun4.
  2. Create a SlimeFun machine - it can be anything. For example, an Enhanced Crafting Table.
  3. Claim the chunk for your faction where you placed the machine (steps 2 and 3 can be done in reverse if desired)
  4. Have another player (not of your faction) attempt to use the machine (with admin bypass disabled)
  5. It correctly blocks them from using it (as it should)
  6. Enable admin bypass mode for the other user not of your faction
  7. Have them attempt to use the machine again
  8. Despite being in bypass mode, they are still not able to use the machine

Expected behavior (Required)

When using SlimeFun (and by extension, dough) with FactionsUUID, if a server administrator enters Faction Admin Bypass mode, the permissions check should succeed, as admin bypass mode gives them access to all factions.

Server Log / Error Report

There are no errors as this is technically working as written. It is just a condition that is not currently being accounted for in the code.

Server specs (Required)

This has been tested on Paper, MC1.20.4 (current RC37), but it also occurs on the newest builds that have not yet been published (such as recent builds adding MC1.21 support).

  • Java Version: 21.0.6
  • Server Software: Tested on...
    • Paper 1.20.4 build 499
    • Paper 1.21.4 build 121
  • Minecraft Version:
    • MC 1.20.4
    • MC 1.21.4

FULL plugins list (Required)

I tried this on a fresh test server install to rule out any conflicts running only the following:

For MC 1.20.4:

For MC 1.21.4 (not officially supported yet, but just to see if newer builds have the same issue):

Other Notes

This should be pretty simple to update. I can send up a PR with this change. It would basically just be a change to this method:

    public boolean hasPermission(OfflinePlayer p, Location l, Interaction action) {
        Faction faction = Board.getInstance().getFactionAt(new FLocation(l));

        if (faction == null || faction.getId().equals("0")) {
            return true;
        } else {
            return faction.getId().equals(api.getByOfflinePlayer(p).getFaction().getId());
        }
    }

to something like this:

    public boolean hasPermission(OfflinePlayer p, Location l, Interaction action) {
        Faction faction = Board.getInstance().getFactionAt(new FLocation(l));

        if (faction == null || faction.getId().equals("0")) {
            return true;
        } else {
            FPlayer player = api.getByOfflinePlayer(p);
            if (player.isAdminBypassing()) {
                return true;
            }
            return faction.getId().equals(player.getFaction().getId());
        }
    }
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update FactionsUUIDProtectionModule to account for admin bypass mode JeremyFail/dough
1 participant
@JeremyFail