REST resolves the user's group on each request now.

TShockAPI/Rest/RestManager.cs

@@ -109,7 +109,7 @@ namespace TShockAPI
 			if (string.IsNullOrWhiteSpace(parameters["cmd"]))
 				return RestMissingParam("cmd");
 
-			TSRestPlayer tr = new TSRestPlayer(tokenData.Username, tokenData.UserGroup);
+			TSRestPlayer tr = new TSRestPlayer(tokenData.Username, TShock.Groups.GetGroupByName(tokenData.UserGroupName));
 			Commands.HandleCommand(tr, parameters["cmd"]);
 			return RestResponse(string.Join("\n", tr.GetCommandOutput()));
 		}
@@ -119,7 +119,7 @@ namespace TShockAPI
 			if (string.IsNullOrWhiteSpace(parameters["cmd"]))
 				return RestMissingParam("cmd");
 
-			TSRestPlayer tr = new TSRestPlayer(tokenData.Username, tokenData.UserGroup);
+			TSRestPlayer tr = new TSRestPlayer(tokenData.Username, TShock.Groups.GetGroupByName(tokenData.UserGroupName));
 			Commands.HandleCommand(tr, parameters["cmd"]);
 			return new RestObject()
 			{
@@ -153,7 +153,7 @@ namespace TShockAPI
 
 		private object ServerReload(RestVerbs verbs, IParameterCollection parameters, SecureRest.TokenData tokenData)
 		{
-			TShock.Utils.Reload(new TSRestPlayer(tokenData.Username, tokenData.UserGroup));
+			TShock.Utils.Reload(new TSRestPlayer(tokenData.Username, TShock.Groups.GetGroupByName(tokenData.UserGroupName)));
 			
 			return RestResponse("Configuration, permissions, and regions reload complete. Some changes may require a server restart.");
 		}

TShockAPI/Rest/SecureRest.cs

@@ -33,7 +33,7 @@ namespace Rests
 			public static readonly TokenData None = default(TokenData);
 
 			public string Username { get; set; }
-			public Group UserGroup { get; set; }
+			public string UserGroupName { get; set; }
 		}
 
 		public Dictionary<string,TokenData> Tokens { get; protected set; }
@@ -112,7 +112,7 @@ namespace Rests
 				tokenHash = randbytes.Aggregate("", (s, b) => s + b.ToString("X2"));
 			} while (Tokens.ContainsKey(tokenHash));
 
-			Tokens.Add(tokenHash, new TokenData { Username = userAccount.Name, UserGroup = userGroup });
+			Tokens.Add(tokenHash, new TokenData { Username = userAccount.Name, UserGroupName = userGroup.Name });
 
 			RestObject response = new RestObject("200") { Response = "Successful login" };
 			response["token"] = tokenHash;
@@ -141,7 +141,22 @@ namespace Rests
 					}
 				};
 
-			if (secureCmd.Permissions.Length > 0 && secureCmd.Permissions.All(perm => !tokenData.UserGroup.HasPermission(perm)))
+			Group userGroup = TShock.Groups.GetGroupByName(tokenData.UserGroupName);
+			if (userGroup == null)
+			{
+				Tokens.Remove(token);
+
+				return new Dictionary<string, string>
+				{
+					{"status", "403"},
+					{
+						"error",
+						"Not authorized. The provided token became invalid due to group changes, please create a new token."
+					}
+				};
+			}
+
+			if (secureCmd.Permissions.Length > 0 && secureCmd.Permissions.All(perm => !userGroup.HasPermission(perm)))
 			{
 				return new Dictionary<string, string>
 				{

TShockAPI/TShock.cs

@@ -479,7 +479,7 @@ namespace TShockAPI
 						break;
 					case "-rest-token":
 						string token = Convert.ToString(parms[++i]);
-						RESTStartupTokens.Add(token, new SecureRest.TokenData { Username = "null", UserGroup = new SuperAdminGroup() });
+						RESTStartupTokens.Add(token, new SecureRest.TokenData { Username = "null", UserGroupName = "superadmin" });
 						Console.WriteLine("Startup parameter overrode REST token.");
 						break;
 					case "-rest-enabled":