feat(roles delete): only allow members to delete roles lower ranking then themself

This commit is contained in:
Paul Makles
2022-02-23 14:42:08 +00:00
parent 04c2f8f293
commit 0ecce98056
2 changed files with 10 additions and 5 deletions

View File

@@ -3,14 +3,19 @@ use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Permission, Re
#[delete("/<target>/roles/<role_id>")]
pub async fn req(db: &Db, user: User, target: Ref, role_id: String) -> Result<EmptyResponse> {
let mut server = target.as_server(db).await?;
perms(&user)
.server(&server)
let mut permissions = perms(&user).server(&server);
permissions
.throw_permission(db, Permission::ManageRole)
.await?;
// ! FIXME_PERMISSIONS
let member_rank = permissions.get_member_rank().unwrap_or(0);
if let Some(role) = server.roles.remove(&role_id) {
if role.rank <= member_rank {
return Err(Error::NotElevated);
}
role.delete(db, &server.id, &role_id)
.await
.map(|_| EmptyResponse)

View File

@@ -41,7 +41,7 @@ pub async fn req(
.throw_permission(db, Permission::ManageRole)
.await?;
let member_rank = permissions.get_member_rank();
let member_rank = permissions.get_member_rank().unwrap_or(i64::MIN);
if let Some(mut role) = server.roles.remove(&role_id) {
let Data {
@@ -53,7 +53,7 @@ pub async fn req(
} = data;
if let Some(rank) = &rank {
if rank <= &member_rank.unwrap_or(i64::MIN) {
if rank <= &member_rank {
return Err(Error::NotElevated);
}
}