Change /unmute command so that the exception on permissions is dropped#52
Open
keobox wants to merge 1 commit into
Open
Change /unmute command so that the exception on permissions is dropped#52keobox wants to merge 1 commit into
keobox wants to merge 1 commit into
Conversation
MattiaFailla
requested changes
Jun 4, 2026
Comment on lines
-365
to
-367
| can_change_info=False, | ||
| can_change_info=True, | ||
| can_invite_users=True, | ||
| can_pin_messages=False, |
Member
There was a problem hiding this comment.
Pinning messages and changing group-related info are not privileges granted to normal users: I'd revert this change.
Author
There was a problem hiding this comment.
This will re-introduce the bug
- restrictChatMember with can_pin_messages=True does NOT mean "this user can pin messages." It means "remove the per-user restriction on this permission" the user falls back to group defaults.
- restrictChatMember with can_pin_messages=False means "explicitly restrict this user from pinning, regardless of group defaults."
This creates/keeps a per-user exception.
The Telegram Bot API docs are explicit:
"Pass True for all permissions to lift restrictions from a user."
If even one permission is False, Telegram keeps the per-user restriction record which is exactly the bug we're seeing (users appear restricted in the member list, /unmute "succeeds" but changes nothing visible).
Comment on lines
+135
to
+137
| can_change_info=True, | ||
| can_invite_users=True, | ||
| can_pin_messages=False, | ||
| can_pin_messages=True, |
Member
There was a problem hiding this comment.
Must be reverted in here too.
MattiaFailla
added a commit
that referenced
this pull request
Jun 17, 2026
… on rejoin Stale users sat muted forever in public supergroups for two reasons: 1. On rejoin, _handle_new_member re-restricted the user and re-added the pending row, then returned early at the has_been_welcomed() guard before sending the captcha. The user was silently muted with no way to verify, because no LEFT/KICKED handler ever cleared the per-chat welcome state. 2. /unmute only deletes from the mutes table, but stale users were restricted by the captcha flow (pending_verifications), so /unmute never cleared their "exception". Changes: - Add a departure branch to _handle_new_member: on LEFT/BANNED, clear the welcomed + pending state for that (user, chat) so a genuine rejoin re-shows the captcha. Global verification is intentionally preserved. - Add /unlock @handle: an admin command that globally verifies a stuck user, clears pending state, and restores send permissions in their pending chats. Kept distinct from /unmute, which stays a pure moderation-mute reversal. - Add Repository.remove_welcomed (in-memory + postgres) and CaptchaService wrappers (remove_welcomed, remove_pending). Deliberately did NOT flip can_change_info / can_pin_messages to True (as proposed in #52). Per the Telegram Bot API docs those fields are "Ignored in public supergroups", so the flip is a no-op there and a latent privilege escalation in any private supergroup, and it is unrelated to the mute itself (which is can_send_messages=False). Tests: /unlock (admin / non-admin / private chat / restored permissions) and rejoin state-clearing (LEFT, BANNED, global-verification preserved).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
I've 4 stale users sitting in a muted state forever in the @PythonMilano telegram channel.
Behavior
I'm experiencing This.
The captcha for new user maybe was not displayed, but for sure is not displayed if a user leave the group and then tries to subscribe again.
New users are subscribed but muted meaning that the default permission are overridden by exceptions for them. I suspect that the exception are not cleared from the bot database once a user unsubscribe. Another bug is that the
/unmutecommand does not remove the exception, the result looks like a user is muted forever.How to test it
In the https://t.me/PythonMilano there are currently 4 stale users, I know this people personally and I want to un-mute them even if they do not clicked the captcha.