fix: add discord role allowlists (#10650) (thanks @Minidoracat)

2026-05-08 20:48:26 +00:00 · 2026-02-12 19:50:10 -06:00
parent f7adc21d31
commit 22fe30c1df
12 changed files with 293 additions and 122 deletions
--- a/src/discord/monitor/native-command.ts
+++ b/src/discord/monitor/native-command.ts
@@ -50,8 +50,8 @@ import {
  normalizeDiscordSlug,
  resolveDiscordChannelConfigWithFallback,
  resolveDiscordGuildEntry,
+  resolveDiscordMemberAllowed,
  resolveDiscordOwnerAllowFrom,
-  resolveDiscordUserAllowed,
 } from "./allow-list.js";
 import { resolveDiscordChannelInfo } from "./message-utils.js";
 import { resolveDiscordSenderIdentity } from "./sender-identity.js";
@@ -540,6 +540,9 @@ async function dispatchDiscordCommandInteraction(params: {
  const channelName = channel && "name" in channel ? (channel.name as string) : undefined;
  const channelSlug = channelName ? normalizeDiscordSlug(channelName) : "";
  const rawChannelId = channel?.id ?? "";
+  const memberRoleIds = Array.isArray(interaction.rawData.member?.roles)
+    ? interaction.rawData.member.roles.map((roleId: string) => String(roleId))
+    : [];
  const ownerAllowList = normalizeDiscordAllowList(discordConfig?.dm?.allowFrom ?? [], [
    "discord:",
    "user:",
@@ -662,21 +665,24 @@ async function dispatchDiscordCommandInteraction(params: {
  }
  if (!isDirectMessage) {
    const channelUsers = channelConfig?.users ?? guildInfo?.users;
-    const hasUserAllowlist = Array.isArray(channelUsers) && channelUsers.length > 0;
-    const userOk = hasUserAllowlist
-      ? resolveDiscordUserAllowed({
-          allowList: channelUsers,
-          userId: sender.id,
-          userName: sender.name,
-          userTag: sender.tag,
-        })
-      : false;
+    const channelRoles = channelConfig?.roles ?? guildInfo?.roles;
+    const hasAccessRestrictions =
+      (Array.isArray(channelUsers) && channelUsers.length > 0) ||
+      (Array.isArray(channelRoles) && channelRoles.length > 0);
+    const memberAllowed = resolveDiscordMemberAllowed({
+      userAllowList: channelUsers,
+      roleAllowList: channelRoles,
+      memberRoleIds,
+      userId: sender.id,
+      userName: sender.name,
+      userTag: sender.tag,
+    });
    const authorizers = useAccessGroups
      ? [
          { configured: ownerAllowList != null, allowed: ownerOk },
-          { configured: hasUserAllowlist, allowed: userOk },
+          { configured: hasAccessRestrictions, allowed: memberAllowed },
        ]
-      : [{ configured: hasUserAllowlist, allowed: userOk }];
+      : [{ configured: hasAccessRestrictions, allowed: memberAllowed }];
    commandAuthorized = resolveCommandAuthorizedFromAuthorizers({
      useAccessGroups,
      authorizers,
@@ -735,6 +741,7 @@ async function dispatchDiscordCommandInteraction(params: {
    channel: "discord",
    accountId,
    guildId: interaction.guild?.id ?? undefined,
+    memberRoleIds,
    peer: {
      kind: isDirectMessage ? "direct" : isGroupDm ? "group" : "channel",
      id: isDirectMessage ? user.id : channelId,