From 65176c5e5c90fee1beaa5643ec0af8be3663afc7 Mon Sep 17 00:00:00 2001 From: HiLleywyn Date: Tue, 2 Jun 2026 11:09:27 +0000 Subject: [PATCH] Invite: grant the permissions every feature needs (no Administrator) The least-privilege set was missing two permissions the bot actually uses: manage_guild (serializer restores server-level settings -- name, verification level, content filter, AFK timeout) and attach_files (.export sends the backup as a JSON file). Both failed after a fresh invite. Added them to clanklib/permissions.py (the single source of truth); the invite/.setup-audit/manifest value moves 805391380 -> 805424180. auren.json + docs updated; the manifest-vs-code test keeps them in lockstep. --- CHANGELOG.md | 9 +++++++++ auren.json | 2 +- clanklib/permissions.py | 11 +++++++---- docs/deployment.md | 7 +++++-- 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9b26d72..582f5cb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,15 @@ ## [recycler] -- 2026-06-02 ### Changes +- **Invite now covers every feature (still no Administrator).** The previous + least-privilege set was missing two permissions the bot genuinely uses, so + those actions failed after a fresh invite. Added to + `clanklib/permissions.py` (the single source of truth): `manage_guild` + (restore server-level settings -- name, verification level, content filter, + AFK timeout -- in `clanklib/serializer.py`'s backup/template restore) and + `attach_files` (the `.export` command sends the backup as a JSON file). The + invite/`.setup` audit/manifest value moves from `805391380` to `805424180`; + the manifest-vs-code test keeps them in lockstep. - **Least-privilege invite everywhere.** The leftover `.help` "Add to server" button (`cogs/_help_view.py`) still built an Administrator (`permissions=8`) invite; it now uses the single source of truth in `clanklib/permissions.py` diff --git a/auren.json b/auren.json index 5c9ea96..7c2ad00 100644 --- a/auren.json +++ b/auren.json @@ -10,7 +10,7 @@ }, "channels": ["discord"], "discord": { - "permissions": "805391380", + "permissions": "805424180", "scopes": ["bot", "applications.commands"] }, "runtime": { diff --git a/clanklib/permissions.py b/clanklib/permissions.py index 28d5506..b12b0a6 100644 --- a/clanklib/permissions.py +++ b/clanklib/permissions.py @@ -42,13 +42,16 @@ class FeaturePerm: FEATURES: tuple[FeaturePerm, ...] = ( FeaturePerm( "core", "Core", - ("view_channel", "send_messages", "embed_links", "read_message_history"), - "Read and reply in channels.", + ("view_channel", "send_messages", "embed_links", "attach_files", + "read_message_history"), + "Read and reply in channels, and post export files (.export).", ), FeaturePerm( "backups", "Backups and templates", - ("manage_channels", "manage_roles"), - "Recreate channels and roles when restoring a backup or template.", + ("manage_channels", "manage_roles", "manage_guild"), + "Recreate channels and roles and restore server-level settings (name, " + "verification level, content filter, AFK timeout) from a backup or " + "template.", ), FeaturePerm( "chatlog_sync", "Chatlog and sync", diff --git a/docs/deployment.md b/docs/deployment.md index 73120c3..e8aadea 100644 --- a/docs/deployment.md +++ b/docs/deployment.md @@ -45,15 +45,18 @@ Recycler asks for only the permissions it actually uses -- **never Administrator**. The set is defined once in `clanklib/permissions.py` and drives the invite link, the `.setup` audit, and the Auren platform's Invite button: -- View Channels, Send Messages, Embed Links, Read Message History (core) +- View Channels, Send Messages, Embed Links, Attach Files, Read Message History + (core: reply, and send the `.export` backup file) - Manage Channels, Manage Roles (recreate channels/roles on backup/template restore) +- Manage Server (restore server-level settings -- name, verification level, + content filter, AFK timeout -- on a backup/template restore) - Manage Webhooks (replay archived messages for chatlog/sync) - Ban Members (propagate bans between synced guilds) Build an invite URL (the `permissions` value is the union of the above): ``` -https://discord.com/oauth2/authorize?client_id=&permissions=805391380&scope=bot%20applications.commands +https://discord.com/oauth2/authorize?client_id=&permissions=805424180&scope=bot%20applications.commands ``` Once the bot is running you can also just type `.invite` (or `.about`) and it