[SPIGOT-4486] non-vanilla commands show up in /minecraft:help, ignoring permissions. Created: 15/Nov/18 Updated: 15/Nov/18 Resolved: 15/Nov/18 |
|
| Status: | Resolved |
| Project: | Spigot |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Minor |
| Reporter: | Zedadias Wick | Assignee: | Unassigned |
| Resolution: | Invalid | Votes: | 0 |
| Labels: | brigadier, command, commodore, plugin | ||
| Version: | CraftBukkit version git-Spigot-5696c83-c2035aa (MC: 1.13.2) (Implementing API version 1.13.2-R0.1-SNAPSHOT) |
| Plugin: | commodore |
| Guidelines Read: | Yes |
| Description |
|
Using the command library Commodore (https://github.com/lucko/commodore) to add command tab completions for Brigadier results in non-vanilla commands showing up in vanilla /minecraft:help, and they will show up regardless of player's having permission to them (vanilla commands in this list do respect bukkit permissions, however). It might be best to not include non-vanilla commands in this list, since it's not really suitable for showing large numbers of commands, but it really should at-least respect permissions as it does for vanilla commands. |
| Comments |
| Comment by md_5 [ 15/Nov/18 ] |
|
The existing tab completion API will complete commands - onTabComplete |
| Comment by Zedadias Wick [ 15/Nov/18 ] |
|
Thanks for considering it. What's the recommended way to add the new tab completions? |
| Comment by md_5 [ 15/Nov/18 ] |
|
If it only occurs with a third party library bypassing the api, then its not a spigot bug |
| Comment by Zedadias Wick [ 15/Nov/18 ] |
|
Yes, the command is defined in the plugin.yml: testcommand:
description: Use the testcommand
usage: /testcommand
permission: plugin.command
The command does not show up in /minecraft:help without the use of the library, in addition to defining it in the plugin.yml. |
| Comment by md_5 [ 15/Nov/18 ] |
|
Unless this occurs with commands defined in a plugin.yml then this would be a bug in that third party library bypassing the API and hacking into server internals without including proper permission checks. Does this occur for commands appropriately defined in plugin.yml? |