Ok, let’s say a person has a role called "Moderator", which has "manage roles" perms. When they want to add a role to another user, they can give a role HIGHER then "Moderator" e.g: the moderator can give the member admin while the moderator doesn’t even have that role. Is there a way I can stop that from happening?
Heres my code:
const target = interaction.options.getMember('target');
const rolee = interaction.options.getRole('role');
if (target.roles.cache.some(role => role.name === rolee.name)) {
await interaction.reply({ content: "Error: User already has this role", ephemeral: true })
}
if (target.user.id === interaction.member.user.id) {
await interaction.reply({ content: "You cannot give yourself roles.", ephemeral: true })
} else {
await interaction.reply({
embeds: [{
title: 'Role was given',
description: `<@${target.user.id}> was given <@&${rolee.id}>`,
color: '15844367',
thumbnail: {
url: 'https://cdn.discordapp.com/attachments/1141734104543539220/1141750239984898190/TEST_BOT.jpg'
},
fields: [
{
name: 'Responsible Awarder',
value: `<@${interaction.user.id}>`,
},
],
footer: {
text: 'Current version: 0.0.1',
icon_url: 'https://cdn.discordapp.com/attachments/1141734104543539220/1141750630763987015/pooperson.jpg',
},
}],
});
target.roles.add(rolee)
}
This code prevents the moderator from giving himself roles, but he can give higher roles to other people.
2
Answers
According to the Discord documentation, there’s a field for each role that is
position. I don’t do discord.js, but try anifstatement to see if the user’s highest role (in this case, Moderator)’s position is higher than the role they are trying to add.There is a position attribute in the Role class. You can get the member’s highest roles with
target.roles.highest, and then compare thepositionattribute of the 2 roles. It would be something like: