feat(roles edit): ensure users can't move role above their own ranking

This commit is contained in:
Paul Makles
2022-02-23 14:39:09 +00:00
parent d45b32bce6
commit 04c2f8f293

View File

@@ -35,11 +35,14 @@ pub async fn req(
.map_err(|error| Error::FailedValidation { error })?;
let mut server = target.as_server(db).await?;
perms(&user)
.server(&server)
let mut permissions = perms(&user).server(&server);
permissions
.throw_permission(db, Permission::ManageRole)
.await?;
let member_rank = permissions.get_member_rank();
if let Some(mut role) = server.roles.remove(&role_id) {
let Data {
name,
@@ -49,6 +52,12 @@ pub async fn req(
remove,
} = data;
if let Some(rank) = &rank {
if rank <= &member_rank.unwrap_or(i64::MIN) {
return Err(Error::NotElevated);
}
}
let partial = PartialRole {
name,
colour,