better timeout validations

Signed-off-by: GitHub <noreply@github.com>

backend/src/RecoverablePluginError.ts

@@ -9,6 +9,8 @@ export enum ERRORS {
   INVALID_USER,
   INVALID_MUTE_ROLE_ID,
   MUTE_ROLE_ABOVE_ZEP,
+  USER_ABOVE_ZEP,
+  USER_NOT_MODERATABLE,
 }
 
 export const RECOVERABLE_PLUGIN_ERROR_MESSAGES = {
@@ -20,6 +22,8 @@ export const RECOVERABLE_PLUGIN_ERROR_MESSAGES = {
   [ERRORS.INVALID_USER]: "Invalid user",
   [ERRORS.INVALID_MUTE_ROLE_ID]: "Specified mute role is not valid",
   [ERRORS.MUTE_ROLE_ABOVE_ZEP]: "Specified mute role is above Zeppelin in the role hierarchy",
+  [ERRORS.USER_ABOVE_ZEP]: "Cannot mute user, specified user is above Zeppelin in the role hierarchy",
+  [ERRORS.USER_NOT_MODERATABLE]: "Cannot mute user, specified user is not moderatable",
 };
 
 export class RecoverablePluginError extends Error {

backend/src/plugins/Mutes/events/ReapplyActiveMuteOnJoinEvt.ts

@@ -1,5 +1,6 @@
 import moment from "moment-timezone";
 import { MuteTypes } from "../../../data/MuteTypes";
+import { noop } from "../../../utils.js";
 import { LogsPlugin } from "../../Logs/LogsPlugin";
 import { RoleManagerPlugin } from "../../RoleManager/RoleManagerPlugin";
 import { getTimeoutExpiryTime } from "../functions/getTimeoutExpiryTime";
@@ -25,7 +26,7 @@ export const ReapplyActiveMuteOnJoinEvt = mutesEvt({
       if (!member.isCommunicationDisabled()) {
         const expiresAt = mute.expires_at ? moment.utc(mute.expires_at).valueOf() : null;
         const timeoutExpiresAt = getTimeoutExpiryTime(expiresAt);
-        await member.disableCommunicationUntil(timeoutExpiresAt);
+        await member.disableCommunicationUntil(timeoutExpiresAt).catch(noop);
       }
     }
 

backend/src/plugins/Mutes/functions/muteUser.ts

@@ -1,4 +1,4 @@
-import { Snowflake } from "discord.js";
+import { PermissionsBitField, Snowflake } from "discord.js";
 import humanizeDuration from "humanize-duration";
 import { GuildPluginData } from "knub";
 import { ERRORS, RecoverablePluginError } from "../../../RecoverablePluginError";
@@ -91,6 +91,7 @@ export async function muteUser(
       rolesToRestore = currentUserRoles.filter((x) => (<string[]>restoreRoles).includes(x));
     }
 
+    const zep = await pluginData.guild.members.fetchMe();
     if (muteType === MuteTypes.Role) {
       // Verify the configured mute role is valid
       const actualMuteRole = pluginData.guild.roles.cache.get(muteRole!);
@@ -103,12 +104,11 @@ export async function muteUser(
       }
 
       // Verify the mute role is not above Zep's roles
-      const zep = await pluginData.guild.members.fetchMe();
       const zepRoles = pluginData.guild.roles.cache.filter((x) => zep.roles.cache.has(x.id));
       if (zepRoles.size === 0 || !zepRoles.some((zepRole) => zepRole.position > actualMuteRole.position)) {
         lock.unlock();
         logs.logBotAlert({
-          body: `Cannot mute users, specified mute role is above Zeppelin in the role hierarchy`,
+          body: `Cannot mute user, specified mute role is above Zeppelin in the role hierarchy`,
         });
         throw new RecoverablePluginError(ERRORS.MUTE_ROLE_ABOVE_ZEP, pluginData.guild);
       }
@@ -117,6 +117,23 @@ export async function muteUser(
         pluginData.getPlugin(RoleManagerPlugin).addPriorityRole(member.id, muteRole!);
       }
     } else {
+      if (!member.manageable) {
+        lock.unlock();
+        logs.logBotAlert({
+          body: `Cannot mute user, specified user is above Zeppelin in the role hierarchy`,
+        });
+        throw new RecoverablePluginError(ERRORS.USER_ABOVE_ZEP, pluginData.guild);
+      }
+
+      if (!member.moderatable || member.permissions.has(PermissionsBitField.Flags.Administrator)) {
+        // redundant safety, since canActOn already checks this
+        lock.unlock();
+        logs.logBotAlert({
+          body: `Cannot mute user, specified user is not moderatable`,
+        });
+        throw new RecoverablePluginError(ERRORS.USER_NOT_MODERATABLE, pluginData.guild);
+      }
+
       await member.disableCommunicationUntil(timeoutUntil);
     }
 

backend/src/plugins/Mutes/functions/renewTimeoutMute.ts

@@ -3,7 +3,7 @@ import { GuildPluginData } from "knub";
 import moment from "moment-timezone";
 import { MAX_TIMEOUT_DURATION } from "../../../data/Mutes";
 import { Mute } from "../../../data/entities/Mute";
-import { DBDateFormat, resolveMember } from "../../../utils";
+import { DBDateFormat, noop, resolveMember } from "../../../utils";
 import { MutesPluginType } from "../types";
 
 export async function renewTimeoutMute(pluginData: GuildPluginData<MutesPluginType>, mute: Mute) {
@@ -24,6 +24,6 @@ export async function renewTimeoutMute(pluginData: GuildPluginData<MutesPluginTy
   }
 
   const expiryTimestamp = moment.utc(newExpiryTime).valueOf();
-  await member.disableCommunicationUntil(expiryTimestamp);
+  await member.disableCommunicationUntil(expiryTimestamp).catch(noop);
   await pluginData.state.mutes.updateTimeoutExpiresAt(mute.user_id, expiryTimestamp);
 }

backend/src/plugins/Mutes/functions/unmuteUser.ts

@@ -1,4 +1,4 @@
-import { Snowflake } from "discord.js";
+import { PermissionsBitField, Snowflake } from "discord.js";
 import humanizeDuration from "humanize-duration";
 import { GuildPluginData } from "knub";
 import { CaseTypes } from "../../../data/CaseTypes";
@@ -54,8 +54,11 @@ export async function unmuteUser(
     }
 
     // Update timeout
-    if (existingMute?.type === MuteTypes.Timeout || createdMute?.type === MuteTypes.Timeout) {
-      await member?.disableCommunicationUntil(timeoutExpiresAt);
+    if (member && (existingMute?.type === MuteTypes.Timeout || createdMute?.type === MuteTypes.Timeout)) {
+      if (!member.manageable || !member.moderatable || member.permissions.has(PermissionsBitField.Flags.Administrator))
+        return null;
+
+      await member.disableCommunicationUntil(timeoutExpiresAt);
       await pluginData.state.mutes.updateTimeoutExpiresAt(userId, timeoutExpiresAt);
     }
   } else {