From 66f47ecff1067ff27af0e7c551dab56fd9b56d60 Mon Sep 17 00:00:00 2001
From: Andrew Steinborn <git@steinborn.me>
Date: Thu, 15 Nov 2018 02:17:59 -0500
Subject: [PATCH] Filter out subcommands in /velocity that users can't access.

---
 .../proxy/command/VelocityCommand.java              | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/proxy/src/main/java/com/velocitypowered/proxy/command/VelocityCommand.java b/proxy/src/main/java/com/velocitypowered/proxy/command/VelocityCommand.java
index e09101d4e..603620000 100644
--- a/proxy/src/main/java/com/velocitypowered/proxy/command/VelocityCommand.java
+++ b/proxy/src/main/java/com/velocitypowered/proxy/command/VelocityCommand.java
@@ -36,7 +36,11 @@ public class VelocityCommand implements Command {
   }
 
   private void usage(CommandSource source) {
-    String commandText = "/velocity <" + String.join("|", subcommands.keySet()) + ">";
+    String availableCommands = subcommands.entrySet().stream()
+        .filter(e -> e.getValue().hasPermission(source, new String[0]))
+        .map(Map.Entry::getKey)
+        .collect(Collectors.joining("|"));
+    String commandText = "/velocity <" + availableCommands + ">";
     source.sendMessage(TextComponent.of(commandText, TextColor.RED));
   }
 
@@ -64,8 +68,11 @@ public class VelocityCommand implements Command {
     }
 
     if (currentArgs.length == 1) {
-      return subcommands.keySet().stream()
-          .filter(name -> name.regionMatches(true, 0, currentArgs[0], 0, currentArgs[0].length()))
+      return subcommands.entrySet().stream()
+          .filter(e -> e.getKey().regionMatches(true, 0, currentArgs[0], 0,
+              currentArgs[0].length()))
+          .filter(e -> e.getValue().hasPermission(source, new String[0]))
+          .map(Map.Entry::getKey)
           .collect(Collectors.toList());
     }