Did PermissionFlagBits change?
Hey, for the past several years my code base has used this to check if a user has permission to view and send messages in a channel:
However, as of earlier today,
Now, to securely check, I have to do this: This change caused a temporary security issue in one of our features. Was this a
PermissionFlagsBits.SendMessages is resolving to "true" because I haven't explicitly denied everyone from sending messages, I only denied them from viewing messages. Previously, if I prevented viewing, it would automatically know you can't send messages.Now, to securely check, I have to do this: This change caused a temporary security issue in one of our features. Was this a
discord.js change, or a discord API change?5 Replies
discord.js@14.20.0- node v22.21.0
I know I'm a few versions behind, that's not the question currently.Nothing changed. Afaik, the "new" behavior is how it always was
Discord doesn’t implicitly enable/disable perms
PermissionsBitField.has also checks for the exact perms/bits that you provide, nothing more/less
With the exception of checkAdmin, which causes the method to always return true if the admin perm is enabled (default)
Unless it’s was like a Discord UI thing where the Discord app wouldn’t let you enable send message w/o view channel
That's good to know, will do that.
I suppose it's always possible that we changed the permissions on the channel thinking it wouldn't affect anything, since it doesn't on the discord side
The thread owner has marked this issue as solved.