SimpleCommandMap: Enforce command permissions by default (#4681)

this resolves many security issues, as well as removing a ton of boilerplate code. It may be desirable to react to permission denied; this can be done by overriding Command->testPermission(), or by using setPermissionMessage() to set a custom permission denied message.
2025-04-21 16:24:05 +00:00 · 2022-08-15 16:42:51 +01:00 · 2022-08-15 16:42:51 +01:00 · 8e97e9dcda
commit 8e97e9dcda
parent 304bb84af2
42 changed files with 3 additions and 164 deletions
--- a/src/command/PluginCommand.php
+++ b/src/command/PluginCommand.php
@ -43,10 +43,6 @@ final class PluginCommand extends Command implements PluginOwned{
 			return false;
 		}

-		if(!$this->testPermission($sender)){
-			return false;
-		}
-
 		$success = $this->executor->onCommand($sender, $this, $commandLabel, $args);

 		if(!$success && $this->usageMessage !== ""){
--- a/src/command/SimpleCommandMap.php
+++ b/src/command/SimpleCommandMap.php
@ -202,7 +202,9 @@ class SimpleCommandMap implements CommandMap{
 			$target->timings->startTiming();

 			try{
-				$target->execute($sender, $sentCommandLabel, $args);
+				if($target->testPermission($sender)){
+					$target->execute($sender, $sentCommandLabel, $args);
+				}
 			}catch(InvalidCommandSyntaxException $e){
 				$sender->sendMessage($sender->getLanguage()->translate(KnownTranslationFactory::commands_generic_usage($target->getUsage())));
 			}finally{
--- a/src/command/defaults/BanCommand.php
+++ b/src/command/defaults/BanCommand.php
@ -45,10 +45,6 @@ class BanCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) === 0){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/BanIpCommand.php
+++ b/src/command/defaults/BanIpCommand.php
@ -46,10 +46,6 @@ class BanIpCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) === 0){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/BanListCommand.php
+++ b/src/command/defaults/BanListCommand.php
@ -47,10 +47,6 @@ class BanListCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(isset($args[0])){
 			$args[0] = strtolower($args[0]);
 			if($args[0] === "ips"){
--- a/src/command/defaults/ClearCommand.php
+++ b/src/command/defaults/ClearCommand.php
@ -51,10 +51,6 @@ class ClearCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) > 3){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/DefaultGamemodeCommand.php
+++ b/src/command/defaults/DefaultGamemodeCommand.php
@ -42,10 +42,6 @@ class DefaultGamemodeCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) === 0){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/DeopCommand.php
+++ b/src/command/defaults/DeopCommand.php
@ -45,10 +45,6 @@ class DeopCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) === 0){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/DifficultyCommand.php
+++ b/src/command/defaults/DifficultyCommand.php
@ -43,10 +43,6 @@ class DifficultyCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) !== 1){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/DumpMemoryCommand.php
+++ b/src/command/defaults/DumpMemoryCommand.php
@ -40,10 +40,6 @@ class DumpMemoryCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		$sender->getServer()->getMemoryManager()->dumpServerMemory($args[0] ?? (Path::join($sender->getServer()->getDataPath(), "memory_dumps", date("D_M_j-H.i.s-T_Y"))), 48, 80);
 		return true;
 	}
--- a/src/command/defaults/EffectCommand.php
+++ b/src/command/defaults/EffectCommand.php
@ -46,10 +46,6 @@ class EffectCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) < 2){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/EnchantCommand.php
+++ b/src/command/defaults/EnchantCommand.php
@ -44,10 +44,6 @@ class EnchantCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) < 2){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/GamemodeCommand.php
+++ b/src/command/defaults/GamemodeCommand.php
@ -45,10 +45,6 @@ class GamemodeCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) === 0){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/GarbageCollectorCommand.php
+++ b/src/command/defaults/GarbageCollectorCommand.php
@ -43,10 +43,6 @@ class GarbageCollectorCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		$chunksCollected = 0;
 		$entitiesCollected = 0;

--- a/src/command/defaults/GiveCommand.php
+++ b/src/command/defaults/GiveCommand.php
@ -51,10 +51,6 @@ class GiveCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) < 2){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/HelpCommand.php
+++ b/src/command/defaults/HelpCommand.php
@ -55,10 +55,6 @@ class HelpCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) === 0){
 			$commandName = "";
 			$pageNumber = 1;
--- a/src/command/defaults/KickCommand.php
+++ b/src/command/defaults/KickCommand.php
@ -47,10 +47,6 @@ class KickCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) === 0){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/KillCommand.php
+++ b/src/command/defaults/KillCommand.php
@ -47,10 +47,6 @@ class KillCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) >= 2){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/ListCommand.php
+++ b/src/command/defaults/ListCommand.php
@ -45,10 +45,6 @@ class ListCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		$playerNames = array_map(function(Player $player) : string{
 			return $player->getName();
 		}, array_filter($sender->getServer()->getOnlinePlayers(), function(Player $player) use ($sender) : bool{
--- a/src/command/defaults/MeCommand.php
+++ b/src/command/defaults/MeCommand.php
@ -44,10 +44,6 @@ class MeCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) === 0){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/OpCommand.php
+++ b/src/command/defaults/OpCommand.php
@ -45,10 +45,6 @@ class OpCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) === 0){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/PardonCommand.php
+++ b/src/command/defaults/PardonCommand.php
@ -43,10 +43,6 @@ class PardonCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) !== 1){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/PardonIpCommand.php
+++ b/src/command/defaults/PardonIpCommand.php
@ -44,10 +44,6 @@ class PardonIpCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) !== 1){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/ParticleCommand.php
+++ b/src/command/defaults/ParticleCommand.php
@ -84,10 +84,6 @@ class ParticleCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) < 7){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/PluginsCommand.php
+++ b/src/command/defaults/PluginsCommand.php
@ -47,10 +47,6 @@ class PluginsCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		$list = array_map(function(Plugin $plugin) : string{
 			return ($plugin->isEnabled() ? TextFormat::GREEN : TextFormat::RED) . $plugin->getDescription()->getFullName();
 		}, $sender->getServer()->getPluginManager()->getPlugins());
--- a/src/command/defaults/SaveCommand.php
+++ b/src/command/defaults/SaveCommand.php
@ -41,10 +41,6 @@ class SaveCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		Command::broadcastCommandMessage($sender, KnownTranslationFactory::pocketmine_save_start());
 		$start = microtime(true);

--- a/src/command/defaults/SaveOffCommand.php
+++ b/src/command/defaults/SaveOffCommand.php
@ -39,10 +39,6 @@ class SaveOffCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		$sender->getServer()->getWorldManager()->setAutoSave(false);

 		Command::broadcastCommandMessage($sender, KnownTranslationFactory::commands_save_disabled());
--- a/src/command/defaults/SaveOnCommand.php
+++ b/src/command/defaults/SaveOnCommand.php
@ -39,10 +39,6 @@ class SaveOnCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		$sender->getServer()->getWorldManager()->setAutoSave(true);

 		Command::broadcastCommandMessage($sender, KnownTranslationFactory::commands_save_enabled());
--- a/src/command/defaults/SayCommand.php
+++ b/src/command/defaults/SayCommand.php
@ -45,10 +45,6 @@ class SayCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) === 0){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/SeedCommand.php
+++ b/src/command/defaults/SeedCommand.php
@ -39,10 +39,6 @@ class SeedCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if($sender instanceof Player){
 			$seed = $sender->getPosition()->getWorld()->getSeed();
 		}else{
--- a/src/command/defaults/SetWorldSpawnCommand.php
+++ b/src/command/defaults/SetWorldSpawnCommand.php
@ -46,10 +46,6 @@ class SetWorldSpawnCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) === 0){
 			if($sender instanceof Player){
 				$location = $sender->getPosition();
--- a/src/command/defaults/SpawnpointCommand.php
+++ b/src/command/defaults/SpawnpointCommand.php
@ -47,10 +47,6 @@ class SpawnpointCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		$target = null;

 		if(count($args) === 0){
--- a/src/command/defaults/StatusCommand.php
+++ b/src/command/defaults/StatusCommand.php
@ -45,10 +45,6 @@ class StatusCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		$mUsage = Process::getAdvancedMemoryUsage();

 		$server = $sender->getServer();
--- a/src/command/defaults/StopCommand.php
+++ b/src/command/defaults/StopCommand.php
@ -39,10 +39,6 @@ class StopCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		Command::broadcastCommandMessage($sender, KnownTranslationFactory::commands_stop_start());

 		$sender->getServer()->shutdown();
--- a/src/command/defaults/TeleportCommand.php
+++ b/src/command/defaults/TeleportCommand.php
@ -59,10 +59,6 @@ class TeleportCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		switch(count($args)){
 			case 1: // /tp targetPlayer
 			case 3: // /tp x y z
--- a/src/command/defaults/TellCommand.php
+++ b/src/command/defaults/TellCommand.php
@ -47,10 +47,6 @@ class TellCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) < 2){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/TimeCommand.php
+++ b/src/command/defaults/TimeCommand.php
@ -51,9 +51,6 @@ class TimeCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
 		if(count($args) < 1){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/TimingsCommand.php
+++ b/src/command/defaults/TimingsCommand.php
@ -67,10 +67,6 @@ class TimingsCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) !== 1){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/TitleCommand.php
+++ b/src/command/defaults/TitleCommand.php
@ -44,10 +44,6 @@ class TitleCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) < 2){
 			throw new InvalidCommandSyntaxException();
 		}
--- a/src/command/defaults/TransferServerCommand.php
+++ b/src/command/defaults/TransferServerCommand.php
@ -42,10 +42,6 @@ class TransferServerCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) < 1){
 			throw new InvalidCommandSyntaxException();
 		}elseif(!($sender instanceof Player)){
--- a/src/command/defaults/VersionCommand.php
+++ b/src/command/defaults/VersionCommand.php
@ -53,10 +53,6 @@ class VersionCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) === 0){
 			$sender->sendMessage(KnownTranslationFactory::pocketmine_command_version_serverSoftwareName(
 				VersionInfo::NAME
--- a/src/command/defaults/WhitelistCommand.php
+++ b/src/command/defaults/WhitelistCommand.php
@ -55,10 +55,6 @@ class WhitelistCommand extends VanillaCommand{
 	}

 	public function execute(CommandSender $sender, string $commandLabel, array $args){
-		if(!$this->testPermission($sender)){
-			return true;
-		}
-
 		if(count($args) === 1){
 			switch(strtolower($args[0])){
 				case "reload":