fix(gateway): remove discord role allowlist auth bypass (#30742)

2026-05-30 06:41:51 +00:00 · 2026-05-24 04:24:49 -07:00 · 2026-05-24 04:24:49 -07:00 · c3caca6584
commit c3caca6584
parent 1f897b0dc9
1 changed files with 0 additions and 12 deletions
--- a/gateway/run.py
+++ b/gateway/run.py
@ -6329,18 +6329,6 @@ class GatewayRunner:
            if allow_bots_var and os.getenv(allow_bots_var, "none").lower().strip() in {"mentions", "all"}:
                return True

-        # Discord role-based access (DISCORD_ALLOWED_ROLES): the adapter's
-        # on_message pre-filter already verified role membership — if the
-        # message reached here, the user passed that check. Authorize
-        # directly to avoid the "no allowlists configured" branch below
-        # rejecting role-only setups where DISCORD_ALLOWED_USERS is empty
-        # (issue #7871).
-        if (
-            source.platform == Platform.DISCORD
-            and os.getenv("DISCORD_ALLOWED_ROLES", "").strip()
-        ):
-            return True
-
        # Check pairing store (always checked, regardless of allowlists)
        platform_name = source.platform.value if source.platform else ""
        if self.pairing_store.is_approved(platform_name, user_id):