I’m developing a Discord bot and I need to ensure that only users with the appropriate permissions can kick members. Currently, anyone can execute the kick command, which is not the intended behavior.
Here’s my current kick command implementation:
client.on('message', message => {
if (!message.guild) return;
if (message.content.startsWith('+kick')) {
const userToKick = message.mentions.users.first();
if (userToKick) {
const targetMember = message.guild.members.resolve(userToKick);
if (targetMember) {
targetMember
.kick({
reason: 'Violation of rules',
})
.then(() => {
message.channel.send(`Kicked ${userToKick.tag} successfully.`);
})
.catch(err => {
message.channel.send('I cannot kick this member.');
console.error(err);
});
} else {
message.channel.send("That member isn't in the server!");
}
} else {
message.channel.send("You need to mention a member to kick!");
}
}
});
What steps should I take to restrict this command to only moderators or admins?
To ensure only authorized users can kick members, it’s crucial to implement both user and bot permission checks. Initially, verify if the command executor has the ‘KICK_MEMBERS’ permission with message.member.permissions.has('KICK_MEMBERS'). Additionally, check if your bot has the necessary permissions to kick the target member by examining the role hierarchy. For example, you can use if (targetMember.roles.highest.position >= message.member.roles.highest.position) to prevent users from kicking those with equal or higher roles. It’s also advisable to allow server admins to bypass this check, ensuring they can effectively moderate without being hindered by specific permissions.
just add a permission check before the kick logic runs. something like if (!message.member.hasPermission('KICK_MEMBERS')) return message.channel.send('no perms'); should do the trick. put it right after the startsWith check and youre good to go
You definitely need proper permission validation there. What I usually do is create a more comprehensive check that handles edge cases better. Add this after your startsWith check: if (!message.member.permissions.has('KICK_MEMBERS') && !message.member.permissions.has('ADMINISTRATOR')) { return message.channel.send('You lack the required permissions to use this command.'); }. Also worth checking if the bot itself can actually kick the target before attempting it with if (!message.guild.me.permissions.has('KICK_MEMBERS')) return message.channel.send('I do not have permission to kick members.');. This prevents errors when the bot lacks proper server permissions. From my experience running bots on multiple servers, these checks save you from a lot of headaches down the road.