fix: allow commands in groups when no allowFrom is configured#1007
Open
BingqingLyu wants to merge 1 commit into
Open
fix: allow commands in groups when no allowFrom is configured#1007BingqingLyu wants to merge 1 commit into
BingqingLyu wants to merge 1 commit into
Conversation
When useAccessGroups is enabled but no allowFrom list exists, commands were silently denied because the authorizer had configured=false. This aligns the behavior with the existing !useAccessGroups path which already treats unconfigured authorizers as unrestricted. Fixes openclaw#49915
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Slash commands (
/status,/new,/reset) silently fail in group chats when noallowFromlist is configured. The bot shows no response at all.Root Cause
In
resolveCommandAuthorizedFromAuthorizers(src/channels/command-gating.ts), whenuseAccessGroupsis enabled (the default) and noallowFromlist exists, the authorizers array contains{ configured: false, allowed: false }.The code
authorizers.some(e => e.configured && e.allowed)returnsfalsebecauseconfiguredisfalse— meaning "no allowlist was set up". This incorrectly denies ALL commands in groups without an explicitallowFromlist.The
!useAccessGroupspath already handles this correctly:Fix
Added the same
!anyConfiguredguard to theuseAccessGroups=truepath. Both paths now treat "no restrictions configured" as "allow" consistently.2 files changed, 26 insertions, 1 deletion.
Testing
command-gating.test.ts: 10/10 passallowFromconfiguredFixes openclaw#49915
Made-with: Claude Code