From 5768cc3f0120009fa2becc77be77e2f4528ce3dc Mon Sep 17 00:00:00 2001
From: simoleo89 <simoleo89@users.noreply.github.com>
Date: Wed, 17 Jun 2026 21:15:37 +0200
Subject: [PATCH] fix(room-moderation): protect owners

---
 .../habbo/habbohotel/rooms/RoomManager.java   |  3 +++
 .../RoomManagerModerationContractTest.java    | 23 +++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 Emulator/src/test/java/com/eu/habbo/habbohotel/rooms/RoomManagerModerationContractTest.java

diff --git a/Emulator/src/main/java/com/eu/habbo/habbohotel/rooms/RoomManager.java b/Emulator/src/main/java/com/eu/habbo/habbohotel/rooms/RoomManager.java
index 43cddbd9..e13d38b2 100644
--- a/Emulator/src/main/java/com/eu/habbo/habbohotel/rooms/RoomManager.java
+++ b/Emulator/src/main/java/com/eu/habbo/habbohotel/rooms/RoomManager.java
@@ -1625,6 +1625,9 @@ public class RoomManager {
         if (rights != null && !room.hasRights(rights))
             return;
 
+        if (room.getOwnerId() == userId)
+            return;
+
         String name = "";
 
         Habbo habbo = Emulator.getGameEnvironment().getHabboManager().getHabbo(userId);
diff --git a/Emulator/src/test/java/com/eu/habbo/habbohotel/rooms/RoomManagerModerationContractTest.java b/Emulator/src/test/java/com/eu/habbo/habbohotel/rooms/RoomManagerModerationContractTest.java
new file mode 100644
index 00000000..c714b847
--- /dev/null
+++ b/Emulator/src/test/java/com/eu/habbo/habbohotel/rooms/RoomManagerModerationContractTest.java
@@ -0,0 +1,23 @@
+package com.eu.habbo.habbohotel.rooms;
+
+import org.junit.jupiter.api.Test;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+class RoomManagerModerationContractTest {
+    @Test
+    void roomBanCannotTargetRoomOwner() throws Exception {
+        String source = Files.readString(Path.of("src/main/java/com/eu/habbo/habbohotel/rooms/RoomManager.java"));
+
+        int rightsGuard = source.indexOf("rights != null && !room.hasRights(rights)");
+        int ownerGuard = source.indexOf("room.getOwnerId() == userId");
+        int banCreate = source.indexOf("new RoomBan(roomId, userId");
+
+        assertTrue(rightsGuard > -1, "room bans must require rights");
+        assertTrue(ownerGuard > rightsGuard, "room bans must guard owner targets after rights are checked");
+        assertTrue(ownerGuard < banCreate, "room owner must be rejected before a RoomBan is created");
+    }
+}