🐛 Can use /title but not the button

[Madis0]

Describe the bug

An user reported being able to use /title but not able to use the button. (I initially reported the opposite in #295, that was incorrect)

I have overrides to enable the command for everyone, in all channels. Initially I had overrides for everyone and moderators (both enabled), removing moderator role didn't fix the problem.

Steps to reproduce the bug

1. Press the button
2. Get "You do not have permission..."
3. Use /title
4. Thread name changes

Expected behavior

Expected both to work as permission is given

[MarcusOtter]

Ah, the opposite makes more sense. Might be related to #295 still, will investigate further and see if I can reproduce. Do you have a screenshot of your current overrides? Thanks for reporting!

[Madis0]

[MarcusOtter]

Says permissions are not synced, what do the base permissions look like? Because your screenshot looks like default to me, so I guess base command permissions are different from default

[Madis0]

These are the base permissions:

but it doesn't really matter, bot should just do whatever the Discord's API says it is allowed to.

What could matter, though, is this definition you've set for /title and /close:

While the permissions make sense, they also seem redundant overall, maybe you've created some conflicts by defining them. Of course people can't execute this bot's commands if they cannot type or use any commands anyway...

[MarcusOtter]

but it doesn't really matter, bot should just do whatever the Discord's API says it is allowed to.

That's what Needle doesn't do right now 😅 There's no good way of setting permissions on buttons (even if they invoke a certain command). If we just relied on Discord's own permission system it would work fine for slash commands but the buttons would not be affected at all. So I reverse engineered the permission check system for it to also be applied to the buttons, though clearly I did not consider all cases.

While the permissions make sense, they also seem redundant overall

This relates to the above. Since Discord has no permission checking for pressing buttons, the default requirements are that you have permission to invoke slash commands (since the buttons invoke slash commands) and send messages (since the bot sends messages, and otherwise we would be elevating permisisons through Needle in a way)

Hope that clears it up :)

[MarcusOtter]

Mental model (for developers):

A command inside Needle is a method. This method can be invoked through:
a) A slash command
b) A button press

Discord doesn't know anything about the method, it only knows about slash commands. A slash command is not the same thing as a Needle command. So when we set the permissions on a slash command it only affects one of the two ways the method can be called.

If you do not meet the permission overrides for the /close command:

Slash command --X--> Close()
Button press -----> Close()

So what I've done instead of the above scenario is to reverse engineer the permission check that Discord does and try to apply this to button presses as well. In the Button press, Needle tries to check the permissions in the same way that Discord does with the overrides for the Close slash command. There's no good API for this so we have to manually figure out stuff like: If there is a role override and user has role and default permission is off and is allowed in this channel and not this user and ..... yeah, you get the point 😅 It's this algorithm that is not implemented correctly, so there is a difference between button press permissions (Needle check) and slash command permission (Discord check).