[Bug] Player clients trying to update GM tokens after combat
Closed this issue · 3 comments
Foundry: 9.255
DnD5e: 1.5.7
DnD5e Helpers: 4.0.0
When ending a combat players receive an error message, e.g "Error: User Alex lacks permission to update Token [L0FAc8SE9WPJbauL] in parent Scene [fs02Kuyzx4xScGbi]".
The token is a dead hostile NPC owned by the GM (player permissions: none).
Debugging, I found the cause of this message: a websocket request from dnd5e-helpers to update this token.
"4397[
{
"userId":"tlu0qAChAoAIvEDF",
"request":{
"action":"update",
"type":"Token",
"parentType":"Scene",
"parentId":"fs02Kuyzx4xScGbi",
"updates":[
{
"flags":{
"dnd5e-helpers":{
"-=ActionManagement":null
}
},
"_id":"L0FAc8SE9WPJbauL"
}
],
"options":{
"diff":true,
"render":true
},
"pack":null
},
"error":{
"class":"ServerError",
"message":"User Alex lacks permission to update Token [L0FAc8SE9WPJbauL] in parent Scene [fs02Kuyzx4xScGbi]",
"stack":"Error: User Alex lacks permission to update Token [L0FAc8SE9WPJbauL] in parent Scene [fs02Kuyzx4xScGbi]\n at ServerDatabaseBackend._updateEmbeddedDocuments (file:///<foundryDir>/resources/app/dist/database/backend/server-backend.mjs:1:3611)\n at async Semaphore._try (file:///<foundryDir>/resources/app/common/utils/semaphore.mjs:99:17)"
}
}
]"
Good catch and great debugging, this will make it easy to pin down. I'm sure we simply missed a "isGM" checkpoint in that logic. Thanks!
Some more hints. The last call is Deleted Combat with id [AlI2mVkX0BnVY0JD].
Looking into the code in the _deleteCombat hook it seems to me each client might iterate over every combatant and execute _deleteCombatant which in turn does token.removeActionFlag() (which looks at a first glance like the message that is sent to the server).
Is it necessary that each user requests this or is it enough if the owner of a token does this cleanup?
The primary owner (player for characters, GM for NPCs) should be handling this logic rather than everyone trying to do it for all combatants.