From c3ac4087339d1f49b37f371b653ac2c161b5c9a8 Mon Sep 17 00:00:00 2001
From: Isaac <git@eartharoid.me>
Date: Thu, 7 Oct 2021 11:09:53 +0100
Subject: [PATCH] fix: anyone being able to close any ticket

---
 src/commands/close.js  | 27 ++++++++++++++++++++++++++-
 src/locales/en-GB.json |  4 ++++
 2 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/src/commands/close.js b/src/commands/close.js
index 9060ab1..a026cce 100644
--- a/src/commands/close.js
+++ b/src/commands/close.js
@@ -52,6 +52,19 @@ module.exports = class CloseCommand extends Command {
 		const time = interaction.options.getString(default_i18n('commands.close.options.time.name'));
 
 		if (time) {
+			if (!await this.client.utils.isStaff(interaction.member)) {
+				return await interaction.reply({
+					embeds: [
+						new MessageEmbed()
+							.setColor(settings.error_colour)
+							.setTitle(i18n('commands.close.response.no_permission.title'))
+							.setDescription(i18n('commands.close.response.no_permission.description'))
+							.setFooter(settings.footer, interaction.guild.iconURL())
+					],
+					ephemeral: true
+				});
+			}
+
 			let period;
 			try {
 				period = ms(time);
@@ -176,7 +189,6 @@ module.exports = class CloseCommand extends Command {
 				});
 			}
 		} else {
-
 			let t_row;
 			if (ticket) {
 				t_row = await this.client.tickets.resolve(ticket, interaction.guild.id);
@@ -208,6 +220,19 @@ module.exports = class CloseCommand extends Command {
 				}
 			}
 
+			if (t_row.creator !== interaction.member.id && !await this.client.utils.isStaff(interaction.member)) {
+				return await interaction.reply({
+					embeds: [
+						new MessageEmbed()
+							.setColor(settings.error_colour)
+							.setTitle(i18n('commands.close.response.no_permission.title'))
+							.setDescription(i18n('commands.close.response.no_permission.description'))
+							.setFooter(settings.footer, interaction.guild.iconURL())
+					],
+					ephemeral: true
+				});
+			}
+
 			await interaction.reply({
 				components: [
 					new MessageActionRow()
diff --git a/src/locales/en-GB.json b/src/locales/en-GB.json
index 3fdbf12..a22fc0b 100644
--- a/src/locales/en-GB.json
+++ b/src/locales/en-GB.json
@@ -179,6 +179,10 @@
 					"description": "The time period provided could not be parsed.",
 					"title": "❌ Invalid input"
 				},
+				"no_permission": {
+					"description": "You are not a staff member or the ticket creator.",
+					"title": "❌ Insufficient permission"
+				},
 				"no_tickets": {
 					"description": "There are no tickets which have been inactive for this time period.",
 					"title": "❌ No tickets to close"