indifferentketchup
76279b703a
guild.channels.create in findOrCreateTicketChannel previously had no permissionOverwrites — newly created email-ticket channels inherited whatever the parent category granted. If the category ever had @everyone View Channel allowed (or undefined → default-allow), every server member could read every email ticket. Add explicit overrides on creation: - @everyone (guild.id): deny ViewChannel - ROLE_ID_TO_PING: allow ViewChannel + SendMessages + ReadMessageHistory (gated on ROLE_ID_TO_PING being set — empty string skips the entry rather than creating a malformed overwrite). Email tickets have no Discord creator (the customer reaches the bot via email, not as a guild member) so the only "allow" entry is the staff role. Modal-created and context-menu-created tickets already set creator+role overrides on creation; this change brings the third path into line. Pairs with category-level Discord config: TICKET_CATEGORY_ID and the ESCALATED2/3 categories should still deny @everyone and allow ROLE_ID_TO_PING at the category level for defense in depth.
15 KiB
15 KiB