From 30d5c4f062fdbc6b401818be715c590d1351bea0 Mon Sep 17 00:00:00 2001
From: Chris Sdogkos <work@chris-sdogkos.com>
Date: Wed, 4 Feb 2026 16:06:48 +0200
Subject: [PATCH] hotfix(MessageCommand): do not allow anybody to call this
 command

Signed-off-by: Chris Sdogkos <work@chris-sdogkos.com>
---
 .../features/messages/MessageCommand.java     | 21 +++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/application/src/main/java/org/togetherjava/tjbot/features/messages/MessageCommand.java b/application/src/main/java/org/togetherjava/tjbot/features/messages/MessageCommand.java
index ce36653b36..376848a86a 100644
--- a/application/src/main/java/org/togetherjava/tjbot/features/messages/MessageCommand.java
+++ b/application/src/main/java/org/togetherjava/tjbot/features/messages/MessageCommand.java
@@ -1,6 +1,8 @@
 package org.togetherjava.tjbot.features.messages;
 
 import net.dv8tion.jda.api.EmbedBuilder;
+import net.dv8tion.jda.api.Permission;
+import net.dv8tion.jda.api.entities.Member;
 import net.dv8tion.jda.api.entities.Message;
 import net.dv8tion.jda.api.entities.channel.ChannelType;
 import net.dv8tion.jda.api.entities.channel.concrete.TextChannel;
@@ -140,6 +142,15 @@ private static OptionalLong parseMessageIdAndHandle(String messageId, IReplyCall
         }
     }
 
+    private boolean handleChecks(Member author, IReplyCallback event) {
+        if (!author.hasPermission(Permission.KICK_MEMBERS)) {
+            event.reply("You can not execute this command.").setEphemeral(true).queue();
+            return false;
+        }
+
+        return true;
+    }
+
     private static void handleMessageRetrieveFailed(Throwable failure, IDeferrableCallback event,
             long messageId) {
         handleMessageRetrieveFailed(failure, event, List.of(messageId));
@@ -197,6 +208,16 @@ private static void handleActionFailed(Throwable failure, IDeferrableCallback ev
 
     @Override
     public void onSlashCommand(SlashCommandInteractionEvent event) {
+        Member member = event.getMember();
+
+        if (member == null) {
+            return;
+        }
+
+        if (!handleChecks(event.getMember(), event)) {
+            return;
+        }
+
         switch (Subcommand.fromName(event.getSubcommandName())) {
             case RAW -> rawMessage(event);
             case POST -> postMessage(event);