Skip to content

security: require distinct permission to enchant another player's item#1382

Open
Jakubk15 wants to merge 1 commit into
masterfrom
security/enchant-other-permission
Open

security: require distinct permission to enchant another player's item#1382
Jakubk15 wants to merge 1 commit into
masterfrom
security/enchant-other-permission

Conversation

@Jakubk15

@Jakubk15 Jakubk15 commented Jul 2, 2026

Copy link
Copy Markdown
Member

Both /enchant execute overloads were gated only by the class-level
@Permission("eternalcore.enchant"), so anyone allowed to enchant their own
item could also modify other players' held items.

Follow the FlyCommand convention: drop the class-level permission and gate
each overload individually — eternalcore.enchant for the self variant and
eternalcore.enchant.other for the "" variant.

Note: servers that previously granted eternalcore.enchant to allow enchanting
others must now also grant eternalcore.enchant.other.

Both /enchant execute overloads were gated only by the class-level
@Permission("eternalcore.enchant"), so anyone allowed to enchant their own
item could also modify other players' held items.

Follow the FlyCommand convention: drop the class-level permission and gate
each overload individually — eternalcore.enchant for the self variant and
eternalcore.enchant.other for the "<player>" variant.

Note: servers that previously granted eternalcore.enchant to allow enchanting
others must now also grant eternalcore.enchant.other.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01JrkLFxzmmn7BpB9y6vMTeg
@Jakubk15 Jakubk15 marked this pull request as ready for review July 2, 2026 13:18
@Jakubk15 Jakubk15 requested a review from a team as a code owner July 2, 2026 13:18

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request refines permission handling in the EnchantCommand class. The class-level @Permission("eternalcore.enchant") annotation has been removed, and more granular permissions have been applied directly to the execution methods: @Permission("eternalcore.enchant") for self-enchanting and @Permission("eternalcore.enchant.other") for enchanting other players' items. Additionally, the description for enchanting other players' items has been updated. I have no feedback to provide.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant