So, in V2 we had this thing called j!set defaultadminrole and j!set defaultmodrole, I was wondering if we could add that back instead of going to servers and doing the command/someone doing it.
This hasn't been requested yet, and it'd be helpful for your bot users to just know what the role is that has the admin perms and mod perms.
@Jqd0n Thanks for opening an issue. We decided to remove that feature when initially rewriting V3. Here is the cited reason (from #739):
Removed global admin and mod roles
They are pretty much unused. Every server sets their own roles when the bot gets invited, might as well remove them altogether.
My biggest issue with them is that you have to set it with a role name, since all other role identifiers are server-specific. This raises a security issue, since all roles which happen to have that default role name can implicitly become the mod/admin roles, and the server admin could be unaware of that fact.
I'm gonna mark this as sinking and kindly suggest allowing server/bot owners to set the roles manually each time. I'm sorry if this seems tiresome but we're gonna prefer that any day over a security issue.
Right now, only the bot owner or guild owner can set these roles, due to the security implications mentioned above. While I agree that this is the right call for reasons already mentioned, a possible improvement here might be an on-join message to the guild owner informing them that without setting those roles, certain commands will be unusable by their mods/admins.
Make's sense.
Most helpful comment
@Jqd0n Thanks for opening an issue. We decided to remove that feature when initially rewriting V3. Here is the cited reason (from #739):
My biggest issue with them is that you have to set it with a role name, since all other role identifiers are server-specific. This raises a security issue, since all roles which happen to have that default role name can implicitly become the mod/admin roles, and the server admin could be unaware of that fact.
I'm gonna mark this as sinking and kindly suggest allowing server/bot owners to set the roles manually each time. I'm sorry if this seems tiresome but we're gonna prefer that any day over a security issue.