EssentialsX

EssentialsX

2M Downloads

Deny tpahere timer bypass when sender has perms and target does not

eUipKh opened this issue · 8 comments

commented

The problem is this, we give the bypass timer perm for certain players in certain worlds.

If the sender player has the bypass timer perm and send a request to a player that is not in the same world and does not have the perm they get a instand tp avoiding void death, world tp cooldown etc.

My suggest is if you could create a permission for deny the tpahere timer bypass or just remove the way that tpahere work checking only if the target player has perms and not the sender of the request.

PS: My English is really bad, sorry for that..

commented

And add a new optional permission or something?

commented

The bypass for the teleport timer/warmup is designed to apply to the player who is performing the command. Changing this behaviour would not only confuse people, but break existing permissions setups that work fine as they are.

commented

Is there any possible solution to this? Back then when I made this report we had like just two or three players using this "exploit" (I know is a feature) on the pvp worlds but now pretty much everyone is using it and is getting a little difficult to our staff members to try to control this :/

commented

Is there not an adjustable maximum duration on the /tpa commands?

commented

This issue has nothing to do with that

commented

In retrospect I can't even tell what this issue was asking for.

If you don't want people to be able to skip the teleport timer in certain worlds, don't give them the bypass permission in those worlds.

commented

They do not have the permissions in that world, this line of code check both players the sender and target allowing them to bypass the world permission:

if (delay <= 0 || teleportOwner.isAuthorized("essentials.teleport.timer.bypass") || teleportee.isAuthorized("essentials.teleport.timer.bypass")) {

commented

@eUipKh I believe I closed this while cleaning up issues a few days ago because it seemed that md was concerned about any changes here breaking people's existing permissions, and so this was unlikely to be changed. I assume the best way to fix this would be to check that both parties are authorized to bypass the cooldown, or at least just the person teleporting. The per-world permissions are also a little odd here, because the permission context is based on the world that the player is currently in, but I don't know if there is a good way to check the context for both the world that they are teleporting from, and also the world that they are teleporting to.

Also closed because this is an older issue that doesn't really have many details to reproduce the problem. Do you mind copying the issue template and filling it out here, as well as providing exact steps on how to have this problem occur? If you can do that I think we can easily re-open this issue.