Allow pings in interaction responses without requiring ping permissions from @everyone #3346
Replies: 7 comments
-
I appreciate the thumb downs, why am I wrong? |
Beta Was this translation helpful? Give feedback.
-
Edit: nvm, see advaith1's comment below |
Beta Was this translation helpful? Give feedback.
-
apparently it was changed after that but not announced publicly anywhere |
Beta Was this translation helpful? Give feedback.
-
Huh, interesting. Thanks for the heads up then :) |
Beta Was this translation helpful? Give feedback.
-
Because it was a permission escalation. A bad actor can make a button and when pressed ping everyone or a role despite the bot having no permission to do so.
This is not how this system works. Interactions have no permissions. Even if the bot itself has permissions they completely bypass them. As a compromise and final stopgap to abuse, it was made so interactions check the permissions of the everyone role since it wasn't possible to make it check for the bot's permission. Ideally interactions would be attached to an actual bot user with permissions -- however the bot API team is afraid of bots being in the member list so they decided that interactions should optionally have a bot user leading to this whole permissions mess. |
Beta Was this translation helpful? Give feedback.
-
Solution: remove bots from the sidebar member list |
Beta Was this translation helpful? Give feedback.
-
What I'm getting from this is that permissions were escalated to prevent the worst-case scenario of potential ping abuse; a problem that is easily preventable by being wary of what bots you add to the server. I get the intentions behind the change but it seems like it's an extreme stopgap to an insignificant problem. There are no security vulnerabilities (right?) that this change fixes. Removing abilities to ping roles for interaction responses to prevent ping abuse from a few bad actors (which can be fixed by simply removing the bot from the server and/or removing slash command usage permissions from the server members abusing the feature) handicaps an integral part of interactions for certain bot genres. I still believe the change is unnecessary; if there is a bad actor, the servers themselves can handle the issue. If it was an unwanted feature, the developers can disable it (which it was by default, anyway) in their own code. Reverting the change would definitely bring back that freedom. |
Beta Was this translation helpful? Give feedback.
-
Description
A recent change was implemented (but apparently not documented) to discord's API where interaction responses no longer supported @everyone or @ROLE pings unless the @everyone role had the "ping @everyone, @here, all roles" permission. I suggest that this change be reverted.
Why This is Needed
Alternatives Considered
Yes, you can send another regular message from the bot that contains the message with the pings that you wanted. However, why should developers settle for this method? It adds unnecessary clutter across all areas, from bot code to extra messages in text channels and inconvenient message order. My interaction responses come in the form of embeds, and since those can't ping anyone, the next best thing is to add regular message content (with the pings in question) to the embed that's being sent as an interaction response.
That way, the role pings and the embed are located in one "big" message that is easy to understand and manage. This recent change makes this method obsolete and forces developers to send more payloads/messages than needed. It's an unnecessary change that results in more inconvenience and no increase in security or developer accountability.
Additional Details
It's the developers' responsibility to ensure that only the proper pings are made. Before the change, this was an easy task that yielded convenient results. It seems overkill to completely shut down this functionality unless everyone in the server has permission to ping all roles. If a bot has poor design and is susceptible to ping abuse, it should be up to the developer to fix the issue or up to the server to remove the bot entirely. This alternative promotes responsibility from the developers to deliver better products to the community.
Beta Was this translation helpful? Give feedback.
All reactions