From 746e4dbe67499c55e9e60dd9c5ad58ae378b1c9a Mon Sep 17 00:00:00 2001
From: MarkKoz <KozlovMark@gmail.com>
Date: Tue, 14 Jul 2020 11:58:30 -0700
Subject: Prevent bot from mentioning non-mod roles

This was open to abuse when the bot relayed user input. The fix relies
on a discord.py alpha feature.
---
 bot/bot.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'bot/bot.py')

diff --git a/bot/bot.py b/bot/bot.py
index 39ed8bbe..ffaf4284 100644
--- a/bot/bot.py
+++ b/bot/bot.py
@@ -10,7 +10,7 @@ from aiohttp import AsyncResolver, ClientSession, TCPConnector
 from discord import DiscordException, Embed, Guild, User
 from discord.ext import commands
 
-from bot.constants import Channels, Client
+from bot.constants import Channels, Client, MODERATION_ROLES
 from bot.utils.decorators import mock_in_debug
 
 log = logging.getLogger(__name__)
@@ -103,7 +103,7 @@ class SeasonalBot(commands.Bot):
             return False
 
         else:
-            log.info(f"Asset successfully applied")
+            log.info("Asset successfully applied")
             return True
 
     @mock_in_debug(return_value=True)
@@ -203,7 +203,9 @@ class SeasonalBot(commands.Bot):
         await self._guild_available.wait()
 
 
+_allowed_roles = [discord.Object(id_) for id_ in MODERATION_ROLES]
 bot = SeasonalBot(
     command_prefix=Client.prefix,
     activity=discord.Game(name=f"Commands: {Client.prefix}help"),
+    allowed_mentions=discord.AllowedMentions(everyone=False, roles=_allowed_roles),
 )
-- 
cgit v1.2.3