games647
Forwarding 'end' command as a player close bungeecord server
What behavior is observed:
bungeecord server is turned off when /forward {playername} end is executed from the server console even though the player doesn't have bungeecord.command.end
What behavior is expected:
should throw same message as end command as it was executed as a player in-game when the player has no bungeecord.command.end permission
Steps/models to reproduce:
- join the server (since the plugin need 1 player to be online on the server)
- type
/forward {playername} endin the server console - voila
Screenshots (if applicable)
Plugin list:
Environment description
server: git-Purpur-1894 (1.19.3) bungeecord: git:Waterfall-Bootstrap:1.19-R0.1-SNAPSHOT:13085b9:510
Plugin version or build number (don't write latest):
> version commandforward
[06:34:47 INFO]: CommandForward version 0.4.0
[06:34:47 INFO]: Forwards commands from Bukkit to BungeeCord to execute it there
[06:34:47 INFO]: Website: https://www.spigotmc.org/resources/commandforward.bukkit/
[06:34:47 INFO]: Authors: games647 and https://github.com/games647/CommandForward/graphs/contributors
Server Log:
Hastebin / Gist link of the error, stacktrace or the complete log (if any)
server
> forward cupang_afk end
[06:35:29 INFO]: [floodgate] Floodgate player logged in as cupang_afk disconnected
[06:35:29 INFO]: cupang_afk lost connection: Disconnected
bungeecord
[06:35:29 INFO]: Closing listener [id: 0x59d6a71b, L:local:E:492231d0]
[06:35:29 INFO]: Closing listener [id: 0x1ca6ae0a, L:/[0:0:0:0:0:0:0:0%0]:35750]
[06:35:29 INFO]: Closing pending connections
[06:35:29 INFO]: Disconnecting 1 connections
[06:35:29 INFO]: [cupang_afk] disconnected with:
...more log for shutting down process
Configuration:
Hastebin / Gist link of your config.yml file
Note:
cupang_afk is not an operator, i confirm this with deop command
> deop cupang_afk
[06:28:12 INFO]: Nothing changed. The player is not an operator
cupang_afk also never had bungeecord.command.end permission
this is confirmed with /end command executed in-game
command /forward {playername} is working perfectly for running command as player
for example i run /forward cupang_afk skin reset to reset skin from the player created by SkinsRestorer
Permissions are based on the invoker. If the console runs the command, the input are expected to be trusted, because this means it is executed by an administrator. Foreign access to the server console would be a security risk and requires additional protection. Only trusted parties should create custom commands or need to introduce a allow list.
Permissions are based on the invoker.
so for example if i have player named steve that has commandforward.bukkit.command.forward.other trying to execute the bungeecord end command to admin alex which has bungeecord.command.end
the permission is inherited as steve ?
so steve will see the You do not have permission to execute this command! message ?
Foreign access to the server console would be a security risk and requires additional protection.
for in-game
i assume the first point is correct, then i can have my other admin the permission commandforward.bukkit.command.forward.other, while me as the owner have bungeecord.command.end and they won't be able to do something like shutdown the bungee server right ?
If the console runs the command, the input are expected to be trusted, because this means it is executed by an administrator.
well my usage of this plugin is to enable some plugin feature that has no toggle function in the bungeecord server
i only execute /forward in the console though (on every PlayerJoinEvent to be exact, i want them to run certain command that only available in the bungeecord server)
if it's all good, then as long it's not the console who execute /forward command i can say it safe