forked from jmug/stoatchat
feat(roles edit): ensure users can't move role above their own ranking
This commit is contained in:
@@ -35,11 +35,14 @@ pub async fn req(
|
|||||||
.map_err(|error| Error::FailedValidation { error })?;
|
.map_err(|error| Error::FailedValidation { error })?;
|
||||||
|
|
||||||
let mut server = target.as_server(db).await?;
|
let mut server = target.as_server(db).await?;
|
||||||
perms(&user)
|
let mut permissions = perms(&user).server(&server);
|
||||||
.server(&server)
|
|
||||||
|
permissions
|
||||||
.throw_permission(db, Permission::ManageRole)
|
.throw_permission(db, Permission::ManageRole)
|
||||||
.await?;
|
.await?;
|
||||||
|
|
||||||
|
let member_rank = permissions.get_member_rank();
|
||||||
|
|
||||||
if let Some(mut role) = server.roles.remove(&role_id) {
|
if let Some(mut role) = server.roles.remove(&role_id) {
|
||||||
let Data {
|
let Data {
|
||||||
name,
|
name,
|
||||||
@@ -49,6 +52,12 @@ pub async fn req(
|
|||||||
remove,
|
remove,
|
||||||
} = data;
|
} = data;
|
||||||
|
|
||||||
|
if let Some(rank) = &rank {
|
||||||
|
if rank <= &member_rank.unwrap_or(i64::MIN) {
|
||||||
|
return Err(Error::NotElevated);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
let partial = PartialRole {
|
let partial = PartialRole {
|
||||||
name,
|
name,
|
||||||
colour,
|
colour,
|
||||||
|
|||||||
Reference in New Issue
Block a user