gmail-poll: lock email-ticket channels to staff role only
guild.channels.create in findOrCreateTicketChannel previously had no permissionOverwrites — newly created email-ticket channels inherited whatever the parent category granted. If the category ever had @everyone View Channel allowed (or undefined → default-allow), every server member could read every email ticket. Add explicit overrides on creation: - @everyone (guild.id): deny ViewChannel - ROLE_ID_TO_PING: allow ViewChannel + SendMessages + ReadMessageHistory (gated on ROLE_ID_TO_PING being set — empty string skips the entry rather than creating a malformed overwrite). Email tickets have no Discord creator (the customer reaches the bot via email, not as a guild member) so the only "allow" entry is the staff role. Modal-created and context-menu-created tickets already set creator+role overrides on creation; this change brings the third path into line. Pairs with category-level Discord config: TICKET_CATEGORY_ID and the ESCALATED2/3 categories should still deny @everyone and allow ROLE_ID_TO_PING at the category level for defense in depth.
This commit is contained in:
@@ -7,8 +7,8 @@
|
|||||||
*/
|
*/
|
||||||
const {
|
const {
|
||||||
ChannelType,
|
ChannelType,
|
||||||
|
EmbedBuilder,
|
||||||
EmbedBuilder
|
PermissionFlagsBits
|
||||||
} = require('discord.js');
|
} = require('discord.js');
|
||||||
const { mongoose, withRetry } = require('./db-connection');
|
const { mongoose, withRetry } = require('./db-connection');
|
||||||
const { CONFIG } = require('./config');
|
const { CONFIG } = require('./config');
|
||||||
@@ -150,7 +150,22 @@ async function findOrCreateTicketChannel(guild, parsed, number) {
|
|||||||
const channel = await guild.channels.create({
|
const channel = await guild.channels.create({
|
||||||
name: chanName,
|
name: chanName,
|
||||||
type: ChannelType.GuildText,
|
type: ChannelType.GuildText,
|
||||||
parent: parentCategoryId
|
parent: parentCategoryId,
|
||||||
|
// Email tickets have no Discord creator — the customer is reachable
|
||||||
|
// only by email. So the only per-channel allow is the staff role; we
|
||||||
|
// still explicitly deny @everyone in case the category permissions
|
||||||
|
// are ever misconfigured to grant View Channel server-wide.
|
||||||
|
permissionOverwrites: [
|
||||||
|
{ id: guild.id, deny: [PermissionFlagsBits.ViewChannel] },
|
||||||
|
...(CONFIG.ROLE_ID_TO_PING ? [{
|
||||||
|
id: CONFIG.ROLE_ID_TO_PING,
|
||||||
|
allow: [
|
||||||
|
PermissionFlagsBits.ViewChannel,
|
||||||
|
PermissionFlagsBits.SendMessages,
|
||||||
|
PermissionFlagsBits.ReadMessageHistory
|
||||||
|
]
|
||||||
|
}] : [])
|
||||||
|
]
|
||||||
});
|
});
|
||||||
return { channel, parentCategoryId };
|
return { channel, parentCategoryId };
|
||||||
} catch (createErr) {
|
} catch (createErr) {
|
||||||
|
|||||||
Reference in New Issue
Block a user