Add role check to ReportView

Check that the user invoking the report button has the "Vipyr Security" role. This is necessary because the /lookup command can be used by anyone, so if we are to report from within that command it must be role locked.
vipyrsec · Sep 21, 2024 · 7848d6c · 7848d6c
1 parent 66ef561
commit 7848d6c
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/src/bot/exts/dragonfly/dragonfly.py b/src/bot/exts/dragonfly/dragonfly.py
@@ -11,6 +11,7 @@
 import sentry_sdk
 from discord.ext import commands, tasks
 
+from bot import constants
 from bot.bot import Bot
 from bot.constants import Channels, DragonflyConfig, Roles
 from bot.dragonfly_services import DragonflyServices, Package, PackageReport
@@ -250,6 +251,18 @@ def __init__(self: Self, bot: Bot, payload: Package) -> None:
         self.payload = payload
         super().__init__(timeout=None)
 
+    async def interaction_check(self, interaction: discord.Interaction) -> bool:
+        """Check that only those with the 'Vipyr Security' role can use this view."""
+        if isinstance(interaction.user, discord.Member):
+            return constants.Roles.vipyr_security in {role.id for role in interaction.user.roles}
+
+        await interaction.response.send_message(
+            f"No permissions: <@&{constants.Roles.vipyr_security}> is required",
+            ephemeral=True,
+        )
+
+        return False
+
     @discord.ui.button(label="Report", style=discord.ButtonStyle.red)
     async def report(self: Self, interaction: discord.Interaction, button: discord.ui.Button) -> None:  # type: ignore[type-arg]
         """Report a package."""