fix(bot): respect member/group name/desc privacy in search

2026-02-04 04:56:49 +00:00 · 2024-10-04 10:49:10 -06:00 · 2024-10-04 10:49:10 -06:00 · 5f644ab17a
commit 5f644ab17a
parent 42235cef9c
8 changed files with 42 additions and 12 deletions
--- a/PluralKit.Bot/Commands/GroupMember.cs
+++ b/PluralKit.Bot/Commands/GroupMember.cs
@ -54,7 +54,7 @@ public class GroupMember
    public async Task ListMemberGroups(Context ctx, PKMember target)
    {
        var targetSystem = await ctx.Repository.GetSystem(target.System);
-        var opts = ctx.ParseListOptions(ctx.DirectLookupContextFor(target.System));
+        var opts = ctx.ParseListOptions(ctx.DirectLookupContextFor(target.System), ctx.LookupContextFor(target.System));
        opts.MemberFilter = target.Id;

        var title = new StringBuilder($"Groups containing {target.Name} (`{target.DisplayHid(ctx.Config)}`) in ");
@ -141,7 +141,7 @@ public class GroupMember
        var targetSystem = await GetGroupSystem(ctx, target);
        ctx.CheckSystemPrivacy(targetSystem.Id, target.ListPrivacy);

-        var opts = ctx.ParseListOptions(ctx.DirectLookupContextFor(target.System));
+        var opts = ctx.ParseListOptions(ctx.DirectLookupContextFor(target.System), ctx.LookupContextFor(target.System));
        opts.GroupFilter = target.Id;

        var title = new StringBuilder($"Members of {target.DisplayName ?? target.Name} (`{target.DisplayHid(ctx.Config)}`) in ");
--- a/PluralKit.Bot/Commands/Groups.cs
+++ b/PluralKit.Bot/Commands/Groups.cs
@ -468,7 +468,7 @@ public class Groups
        // - ParseListOptions checks list access privacy and sets the privacy filter (which members show up in list)
        // - RenderGroupList checks the indivual privacy for each member (NameFor, etc)
        // the own system is always allowed to look up their list
-        var opts = ctx.ParseListOptions(ctx.DirectLookupContextFor(system.Id));
+        var opts = ctx.ParseListOptions(ctx.DirectLookupContextFor(system.Id), ctx.LookupContextFor(system.Id));
        await ctx.RenderGroupList(
            ctx.LookupContextFor(system.Id),
            system.Id,
--- a/PluralKit.Bot/Commands/Lists/ContextListExt.cs
+++ b/PluralKit.Bot/Commands/Lists/ContextListExt.cs
@ -11,7 +11,7 @@ namespace PluralKit.Bot;

 public static class ContextListExt
 {
-    public static ListOptions ParseListOptions(this Context ctx, LookupContext lookupCtx)
+    public static ListOptions ParseListOptions(this Context ctx, LookupContext directLookupCtx, LookupContext lookupContext)
    {
        var p = new ListOptions();

@ -55,10 +55,13 @@ public static class ContextListExt
        if (ctx.MatchFlag("private-only", "po")) p.PrivacyFilter = PrivacyLevel.Private;

        // PERM CHECK: If we're trying to access non-public members of another system, error
-        if (p.PrivacyFilter != PrivacyLevel.Public && lookupCtx != LookupContext.ByOwner)
+        if (p.PrivacyFilter != PrivacyLevel.Public && directLookupCtx != LookupContext.ByOwner)
            // TODO: should this just return null instead of throwing or something? >.>
            throw Errors.NotOwnInfo;

+        //this is for searching
+        p.Context = lookupContext;
+
        // Additional fields to include in the search results
        if (ctx.MatchFlag("with-last-switch", "with-last-fronted", "with-last-front", "wls", "wlf"))
            p.IncludeLastSwitch = true;
--- a/PluralKit.Bot/Commands/Lists/ListOptions.cs
+++ b/PluralKit.Bot/Commands/Lists/ListOptions.cs
@ -28,6 +28,7 @@ public class ListOptions
    public bool Reverse { get; set; }

    public PrivacyLevel? PrivacyFilter { get; set; } = PrivacyLevel.Public;
+    public LookupContext Context { get; set; } = LookupContext.ByNonOwner;
    public GroupId? GroupFilter { get; set; }
    public MemberId? MemberFilter { get; set; }
    public string? Search { get; set; }
@ -99,7 +100,8 @@ public class ListOptions
            GroupFilter = GroupFilter,
            MemberFilter = MemberFilter,
            Search = Search,
-            SearchDescription = SearchDescription
+            SearchDescription = SearchDescription,
+            Context = Context
        };
 }

--- a/PluralKit.Bot/Commands/Random.cs
+++ b/PluralKit.Bot/Commands/Random.cs
@ -67,7 +67,7 @@ public class Random
    {
        ctx.CheckSystemPrivacy(group.System, group.ListPrivacy);

-        var opts = ctx.ParseListOptions(ctx.DirectLookupContextFor(group.System));
+        var opts = ctx.ParseListOptions(ctx.DirectLookupContextFor(group.System), ctx.LookupContextFor(group.System));
        opts.GroupFilter = group.Id;

        var members = await ctx.Database.Execute(conn => conn.QueryMemberList(group.System, opts.ToQueryOptions()));
--- a/PluralKit.Bot/Commands/SystemList.cs
+++ b/PluralKit.Bot/Commands/SystemList.cs
@ -17,7 +17,7 @@ public class SystemList
        // - ParseListOptions checks list access privacy and sets the privacy filter (which members show up in list)
        // - RenderMemberList checks the indivual privacy for each member (NameFor, etc)
        // the own system is always allowed to look up their list
-        var opts = ctx.ParseListOptions(ctx.DirectLookupContextFor(target.Id));
+        var opts = ctx.ParseListOptions(ctx.DirectLookupContextFor(target.Id), ctx.LookupContextFor(target.Id));
        await ctx.RenderMemberList(
            ctx.LookupContextFor(target.Id),
            target.Id,