signportals [mv] pl:<player>
h0us3cat opened this issue ยท 6 comments
When players have "- multiverse.signportal.validate and- multiverse.signportal.create" they can make signs with [mv] pl:.
I tried with a negative permission "- -multiverse.teleport.other.pl and - -multiverse.teleport.self.pl"
With these permissions they can still make/use them.
Using cb 1337, mv core 326, mv-signportals 129.
Aight, I'll have to investigate this tonight. Thanks for the report.
Few more questions:
- What Perms system?
- Have you tried using
/mv check NAME pl:BLAHIf this returns yes, then the permissions themself are most likely at fault.
I can verify there is at least some problem with this.
Steps to reproduce:
- Install CB 1565, Core RJ-001, SignPortals UNKNOWN, and PermissionsBukkit 1.2k
- Grant a user the following permissions:
permissions.buildmultiverse.signportal.validatemultiverse.signportal.create
- Deny that user the following permissions:
multiverse.teleport.other.plmultiverse.teleport.self.pl(for completeness)
- Log in as the user and get a sign
- Build a sign with second line
[mv]and third linepl:aplayer - Right-click the sign
Expected results: the player is denied permission to either create the sign or use it (either should suffice, though the original bug really wants both to fail).
Actual results: the action throws an NPE, as logged here.
Further notes: I couldn't actually test with MV-Core 326, due to the whole Jenkins thing, so the NPE might be tangentially related at best; even so, this is worth looking into.
@fernferret
I use pex and /mv check NAME pl: reports
"NAME can travel to pl:player"
@h0us3cat: I actually can't reproduce that particular result. Using the steps above, I still produce the NPE (most likely because my target player is myself), but mv check lithium3141 pl:lithium3141 says that I can't travel to myself. Can I ask for the full command you use to check, with NAME and other such placeholders swapped out for actual data?