Permissions & Roles

Make your app safer with permissions and roles, protect sensitive commands that could be abused by non-staff members

Permissions

Sooner or later, you'll have to use permissions to protect some of your features; As your app can make use of dangerous permissions like deleting channels, deleting messages, some of your commands making use of those actions shall be protected by some checks, ensuring that only the right people can perform those "dangerous" commands.

Managing permissions effectively has never been so easy, for example, you receive an interaction inside a handler, and want to ensure the member that triggered it has a "CanManageChats" permission, we can check it this way:

client.on("interactionCreate", async interaction => {
    // We're only using CommandInteraction here, this can be changed
    // if you're manipulating other types of interaction
    if (!(interaction instanceof CommandInteraction)) return;
    const member = await interaction.member;
    const memberPermissions = await member?.getPermission();
    if (interaction.data.name === "purge") {
        if (!memberPermissions?.includes(Permissions.CanManageChats)) {
            return void interaction.createMessage({
                content: "You do not have the necessary permission."
            });
        }
        // [Your message purging logic here]
    }
});

Permissions is a built-in enum that lists every permission out and makes searching and using the correct permissions way more accurate and type-safe we'd say.

Although, when you do not have the necessary context with a nice and ready "interaction" property or anything that is similar to it, you can achieve the same kind of logic to get a member's permissions; That is done using REST.

client.rest.guilds.getMemberPermission(guildID, memberID);

This will list out permissions the same way Member#getPermission does.

Roles

Similar to permissions, but slightly different: roles are a key component on the chatting platform, they're groups of permissions that can be assigned to a guild member.

You can manipulate roles in many different ways, for example, you can get the list of roles a guild member has. This may be useful as with those role IDs you can get their "Role" class instance that provides more details about them.

client.on("interactionCreate", async interaction => {
    // We're only using CommandInteraction here, this can be changed
    // if you're manipulating other types of interaction
    if (!(interaction instanceof CommandInteraction)) return;
    const member = await interaction.member;
    if (!member) {
        return void interaction.createMessage({ content: "Something went wrong.." });
    }
    
    if (interaction.data.name === "purge") {
        for (const roleID of member.roles) {
            const role = await client.rest.guilds.getRole(interaction.guildID, roleID);
            if (!role.permissions.includes(Permissions.CanManageChats)) {
                return void interaction.createMessage({
                    content: "You do not have the necessary permission."
                });
            }
        }
        // [Your message purging logic here]
    }
});

You'll say what's the actual use of this, because it just makes the code more complicated... Well you're right, you could just get the member's permissions to check it instantaneously. But it shows that you can do things way differently even if it isn't optimized.

But when it comes to using roles, you could for example check if the member has a specific roleID that you would register as a "Staff role" to enable special access to commands even without the permission, and you could even get the guild roles, and check out if you got a specific one!

PreviousCreating embeds NextReactions

Last updated 1 year ago

hashtagPermissions

hashtagRoles

Permissions

Roles