duckietm/Arcturus-Morningstar-Extended
1
0
Fork 0
mirror of https://github.com/duckietm/Arcturus-Morningstar-Extended.git synced 2026-06-20 07:26:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(modtool): enforce staff target rank ceilings

Browse Source
This commit is contained in:
simoleo89
2026-06-15 19:51:36 +02:00
parent c48e01cb8e
commit 36a06647f0
4 changed files with 65 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Emulator/src/test/java/com/eu/habbo/messages/incoming/modtool/ModToolPermissionContractTest.java
+26 -2
View File
@@ -45,7 +45,7 @@ class ModToolPermissionContractTest {
}
@Test
void modToolSanctionsCannotTargetSameOrHigherRanks() throws Exception {
void modToolSanctionsCannotTargetPeerRanksUnlessOperatorIsCoreRank() throws Exception {
Path base = Path.of("src/main/java/com/eu/habbo/messages/incoming/modtool");
for (String handler : List.of(
@@ -60,6 +60,30 @@ class ModToolPermissionContractTest {
String manager = Files.readString(Path.of("src/main/java/com/eu/habbo/habbohotel/modtool/ModToolManager.java"));
assertTrue(manager.contains("!canModerateTarget(moderator, target.getHabboInfo().getId())"),
"ModToolManager.alert must refuse alerts/warnings against same-or-higher-rank targets");
"ModToolManager.alert must refuse alerts/warnings against protected targets");
assertTrue(manager.contains("targetRankId < moderatorRankId"),
"non-core moderators must only target lower-ranked users");
assertTrue(manager.contains("isCoreRank(moderatorRankId) && targetRankId <= moderatorRankId"),
"highest/core moderators should be allowed to target peer ranks");
assertTrue(manager.contains("private static boolean isCoreRank(int rankId)"),
"core-rank detection should be centralized in ModToolManager");
}
@Test
void managerEntryPointsShareTargetAndRoomOwnerGuards() throws Exception {
String manager = Files.readString(Path.of("src/main/java/com/eu/habbo/habbohotel/modtool/ModToolManager.java"));
String sanctions = Files.readString(Path.of("src/main/java/com/eu/habbo/habbohotel/modtool/ModToolSanctions.java"));
String defaultSanction = Files.readString(Path.of("src/main/java/com/eu/habbo/messages/incoming/modtool/ModToolIssueDefaultSanctionEvent.java"));
assertTrue(manager.contains("!canModerateTarget(moderator, targetUserId)"),
"ModToolManager.ban must use the central target-rank guard for offline and online users");
assertTrue(manager.contains("!canModerateTarget(moderator, h.getHabboInfo().getId())"),
"IP and machine fan-out bans must skip protected peer-or-higher ranked sessions");
assertTrue(manager.contains("!canModerateTarget(moderator, room.getOwnerId())"),
"ModToolManager.roomAction must refuse mutations on rooms owned by protected ranks");
assertTrue(sanctions.contains("!ModToolManager.canModerateTarget(self, habboId)"),
"ModToolSanctions.run must guard every sanction path before writing or applying it");
assertTrue(defaultSanction.contains("if (issue == null)"),
"default sanctions must tolerate stale or missing ticket ids");
}
}