fix: replace user with target user when editing someone else

This commit is contained in:
Paul Makles
2024-06-26 18:24:38 +01:00
parent fa598dd6f8
commit 00e881799f

View File

@@ -24,23 +24,26 @@ pub async fn edit(
})
})?;
// Filter out invalid edit fields
if !user.privileged && (data.badges.is_some() || data.flags.is_some()) {
return Err(create_error!(NotPrivileged));
}
// If we want to edit a different user than self, ensure we have
// permissions and subsequently replace the user in question
if target.id != "@me" && target.id != user.id {
let target_user = target.as_user(db).await?;
let is_bot_owner = target_user
.bot
.as_ref()
.map(|bot| bot.owner == user.id)
.unwrap_or_default();
if !is_bot_owner && !user.privileged {
return Err(create_error!(NotPrivileged));
}
}
// Otherwise, filter out invalid edit fields
if !user.privileged && (data.badges.is_some() || data.flags.is_some()) {
return Err(create_error!(NotPrivileged));
user = target_user;
}
// Exit out early if nothing is changed