From 791bd6d2a6a29aa5e958cb365aae8e8219cef664 Mon Sep 17 00:00:00 2001
From: Ethan Lane <ethan@vylpes.com>
Date: Thu, 23 May 2024 17:59:52 +0100
Subject: [PATCH] Fix event not checking if the user who clicked the button is
 the same user

---
 src/buttonEvents/Sacrifice.ts | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/buttonEvents/Sacrifice.ts b/src/buttonEvents/Sacrifice.ts
index 5306764..86a21a2 100644
--- a/src/buttonEvents/Sacrifice.ts
+++ b/src/buttonEvents/Sacrifice.ts
@@ -24,6 +24,11 @@ export default class Sacrifice extends ButtonEvent {
         const userId = interaction.customId.split(" ")[2];
         const cardNumber = interaction.customId.split(" ")[3];
 
+        if (userId != interaction.user.id) {
+            await interaction.reply("Only the user who created this sacrifice can confirm it.");
+            return;
+        }
+
         const cardInInventory = await Inventory.FetchOneByCardNumberAndUserId(userId, cardNumber);
 
         if (!cardInInventory) {
@@ -94,6 +99,11 @@ export default class Sacrifice extends ButtonEvent {
         const userId = interaction.customId.split(" ")[2];
         const cardNumber = interaction.customId.split(" ")[3];
 
+        if (userId != interaction.user.id) {
+            await interaction.reply("Only the user who created this sacrifice can cancel it.");
+            return;
+        }
+
         const cardInInventory = await Inventory.FetchOneByCardNumberAndUserId(userId, cardNumber);
 
         if (!cardInInventory) {