duckietm/Arcturus-Morningstar-Extended
1
0
Fork 0
mirror of https://github.com/duckietm/Arcturus-Morningstar-Extended.git synced 2026-06-20 07:26:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(housekeeping): enforce rank ceilings on rank changes

Browse Source
This commit is contained in:
simoleo89
2026-06-14 21:55:19 +02:00
parent d9cf70910f
commit 31027095ec
3 changed files with 35 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Emulator/src/main/java/com/eu/habbo/messages/incoming/housekeeping/HousekeepingSetUserRankEvent.java
+7 -8
View File
@@ -45,13 +45,7 @@ public class HousekeepingSetUserRankEvent extends MessageHandler {
Rank rank = permissions.getRank(rankId);
// Rank-ceiling guard: an operator must never be able to grant a rank
// above their own, nor modify a user who already outranks them. This
// mirrors GiveRankCommand and prevents privilege escalation through
// the housekeeping path (including self-promotion).
int operatorRankId = this.client.getHabbo().getHabboInfo().getRank().getId();
if (rank.getId() > operatorRankId) {
if (!HousekeepingTargetRankGuard.canAssignRank(this.client.getHabbo(), rank.getId())) {
this.client.sendResponse(new HousekeepingActionResultComposer(ACTION_KEY, false, 0, "housekeeping.error.rank_too_high"));
return;
}
@@ -77,7 +71,12 @@ public class HousekeepingSetUserRankEvent extends MessageHandler {
}
}
if (targetRankId > operatorRankId) {
if (targetRankId <= 0) {
this.client.sendResponse(new HousekeepingActionResultComposer(ACTION_KEY, false, 0, "housekeeping.error.user_not_found"));
return;
}
if (!HousekeepingTargetRankGuard.canTargetRank(this.client.getHabbo(), targetRankId)) {
this.client.sendResponse(new HousekeepingActionResultComposer(ACTION_KEY, false, 0, "housekeeping.error.rank_too_high"));
return;
}
Emulator/src/main/java/com/eu/habbo/messages/incoming/housekeeping/HousekeepingTargetRankGuard.java
+12 -1
View File
@@ -19,12 +19,23 @@ final class HousekeepingTargetRankGuard {
return true;
}
return canTargetRank(operator, targetInfo.getRank().getId());
}
static boolean canTargetRank(Habbo operator, int targetRankId) {
if (operator == null || targetRankId <= 0) {
return false;
}
int operatorRankId = operator.getHabboInfo().getRank().getId();
int targetRankId = targetInfo.getRank().getId();
return targetRankId < operatorRankId || isCoreRank(operatorRankId) && targetRankId <= operatorRankId;
}
static boolean canAssignRank(Habbo operator, int rankId) {
return canTargetRank(operator, rankId);
}
private static boolean isCoreRank(int rankId) {
int highestRankId = 0;
for (Rank rank : Emulator.getGameEnvironment().getPermissionsManager().getAllRanks()) {