Basic Admin Essentials | Ranking Commands

Hey! So I’m using the Basic Admin Essentials ranking commands plugin by RoServices and it lets moderator+ people promote and demote higher ranks and the person itself. I’m trying to disable this function.

I want it to not let people above the rank be able to get promoted/demoted. It should also not let the person demote/promote himself.

Below is the script, I’d appreciate some help with this.

local Plugin = function(...)
	local Data = {...}

	local remoteEvent = Data[1][1]
	local remoteFunction = Data[1][2]
	local returnPermissions = Data[1][3]
	local Commands = Data[1][4]
	local Prefix = Data[1][5]
	local actionPrefix = Data[1][6]
	local returnPlayers = Data[1][7]
	local cleanData = Data[1][8]

	local pluginName = 'promote'
	local pluginPrefix = Prefix
	local pluginLevel = 1
	local pluginUsage = "<User(s)>"
	local pluginDescription = "Promotes a user to the next rank."

	local module = require(game:GetService("ServerStorage"):WaitForChild("SecureServiceAPI"))
	local api = module()

	local function pluginFunction(Args)
		local Player = Args[1]
		if Args[3] then
			local Victims = returnPlayers(Player, Args[3]) if not Victims then return end

			local combinedVictims = ''
			for a,b in pairs(Victims) do
				if combinedVictims == '' then
					combinedVictims = b.Name
					combinedVictims = combinedVictims..', '..b.Name
			for a,b in next,Victims do
				local Callback = api.promote(b.UserId)
				remoteEvent:FireClient(Player,'Hint','Ranking Utility',b.Name..' was promoted.')

	-- Return Everything to the MainModule --
	local descToReturn
	if pluginUsage ~= "" then
		descToReturn = pluginPrefix..pluginName..' '..pluginUsage..'\n'..pluginDescription
		descToReturn = pluginPrefix..pluginName..'\n'..pluginDescription

	return pluginName,pluginFunction,pluginLevel,pluginPrefix,{pluginName,pluginUsage,pluginDescription}

return Plugin

I basically need to modify it in such a way so that people cant promote or demote themselves or higher ranks but only lower ranks.

You will probably need to connect it via some sort of API service for it to work affectively.

There might be other ways, but it seems like this is the best west to go.

ok so this is honestly kinda an obvious response you’d get

(i try and solve your problem here)

add checks within the pluginFunction to get those restrictions. i’d approach it with these:

  1. Anti-Self-Promotion/Demotion: add a condition to check if the Player trying to launch the command is the same as any of the Victims. if so, then skip the command’s action for that specific user.
  2. Block Promoting/Demoting Higher Ranks: compare the rank of the Player launching the command with the rank of each of the Victims. if the Victims are of a higher or the same rank as the Player, then the command’s action should not be performed for those Victims.

quite simple right?

aight now let’s implement it

i put tg some code to what you provided in a small bit of time (click to see)
local function pluginFunction(Args)
    local Player = Args[1]
    if Args[3] then
        local Victims = returnPlayers(Player, Args[3]) if not Victims then return end

        local playerRank = api.getRankInGroup(Player.UserId) -- ok this is assuming there's a function like this

        local combinedVictims = ''
        for _, victim in pairs(Victims) do
            if combinedVictims == '' then
                combinedVictims = victim.Name
                combinedVictims = combinedVictims .. ', ' .. victim.Name

        for _, victim in next, Victims do
            local victimRank = api.getRankInGroup(victim.UserId) -- again assuming there's a function like this

            -- over here i check if trying to promote/demote themselves or a higher/equal rank
            if victim.UserId == Player.UserId or victimRank >= playerRank then
                remoteEvent:FireClient(Player, 'Hint', 'Ranking Utility', 'You cannot promote/demote ' .. victim.Name)
                local Callback = api.promote(victim.UserId)
                remoteEvent:FireClient(Player, 'Hint', 'Ranking Utility', victim.Name .. ' was promoted.')

prior checks

my adjusted code assumes there is a function api.getRankInGroup(userId) that returns the rank of a user in the group. so you’ll need to replace this with the actual function from your API that gives the user’s rank if it’s named different.

make sure your API or another method in your system can accurately fetch and compare user ranks for this to work as we want it to.

so what did i change (tl;dr)

  • Self-Promotion/Demotion Check: ok this compares the UserId of the Player and the victim to make sure they aren’t the same, and that is preventing self-promotion/demotion.
  • Rank Comparison: now this compares the rank of the victim against the rank of the Player, and if the victim has a rank equal to or higher than the Player, the action isn’t allowed.

i kinda dont generally like to “spoonfeed” code so that’s why i explain it all lol
that’s why i made a FLOWCHART explaining all paths and possible outcomes with this all

  1. Start: the process begins when a user tries to promote or demote one or more users.
  2. Fetch Player Rank: determine the rank of the player that is initiating the action.
  3. For Each Victim: for each user that is targeted by the action:
  • Check Self: is the target user the same as the player initiating the action? if yes, then deny the action for this user and move to the next target.
  • Fetch Victim Rank: get the rank of the current target user.
  • Compare Ranks: is the target user’s rank equal to or higher than the player’s rank? if yes, then deny the action for this user and move to the next target.
  • Perform Action: if none of the above checks falsify the action, then proceed to promote or demote the target user.
  1. End: the process ends when all target users have been evaluated. yay!

yes, i WAS working on a proper diagram until i GAVE UP! 🤬 (click to see x2)

uhhh wdym? this seems to be a less api-related issue and a more core-code or script functionality mischeck, OR i could be dumb and wrong, i generally do not work with API and have never even touched BAE, infact the first time i heard of it was when i first hit cookietech forums, and i find it quite funny that almost every post on here is about BAE :laughing:

anyways, lmk if you need anything else and feel free to mark me as the solution if i helped :grin:

So I fixed this issue at my own after reading the script and understanding a couple of times, but this is the way to go aswell.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.