Support for Command Permissions
breqdev opened this issue · 4 comments
This feature would allow users of this library to restrict commands to certain users only, as provided by the Discord permissions API. This would show commands as greyed-out in the command picker if a member is not explicitly granted access on a role or user level.
I have some hesitance about implementing the permissions system, for the following reasons:
- Commands being visible but "greyed out" is arguably not a great user experience. As an alternative, bots could handle permissions validation on the server side. They could compare user or guild IDs to those in a database on the server. If a user is not allowed to use the command, the bot could send a more helpful error message, possibly as an ephemeral response.
- The Permissions API for Slash Commands somewhat ironically does not allow restricting a command on the basis of a user's permissions integer. For many bots, it makes more sense to handle permissions using Discord's built in permissions framework. For instance, configuration for a guild could be restricted to those who have the "Manage Server" permission. This is a better user experience than requiring guild owners set up additional roles for bot-related permissions. Restricting commands on the server side based on guild permissions is trivial as the permissions integer is present in the initial interaction data.
- The Permissions API requires handling permissions on a per-guild level. Making HTTP requests to handle each guild individually consumes excessive resources.
I will leave this issue in case anyone wants this functionality or wants to discuss further, or in case Discord updates their permissions API. At the moment, I do not plan on implementing this feature.
I understand some of the concern, but would restricting the options given to the user possible. The user start using the function, but you only give him the options that he is allowed to use. The discord settings seem to only let people use all of them or none of them.
The user start using the function, but you only give him the options that he is allowed to use.
At the moment, the only way you'd be able to do that would be by implementing that logic yourself on the server-side. Something like,
@discord.command()
def restricted(ctx, special_option: str = None):
if not ctx.author.permissions & 8: # Administrator permissions
if special_option is not None:
return "Only administrators are allowed to use special_option"
... # other command logic goes here(In testing that snippet, I realized that there are some bugs related to permissions handling in the library--make sure you're on the latest version, v0.1.11, if you want to work with permissions!)
I really believe that this library should support the permissions as defined in the docs here: https://discord.com/developers/docs/interactions/slash-commands#permissions
Other slash command libs support permissions. See https://discord-py-slash-command.readthedocs.io/en/latest/gettingstarted.html#want-to-restrict-access-setup-permissions
This should be fairly easy to implement, and I don't mind helping out.
Thanks for chiming in! At the time I opened this issue, the permissions API was pretty new, and I wasn't willing to invest time and effort into supporting an API that might not be particularly stable. That said, two months have passed and the permissions API is seemingly here to stay, so I guess it's time for Flask-Discord-Interactions to accommodate it.
I should have some free time next week to look into this. That said, I'd certainly appreciate a pull request!