diff --git a/src/routes/bots/invite.rs b/src/routes/bots/invite.rs index 77e12c57..105250bb 100644 --- a/src/routes/bots/invite.rs +++ b/src/routes/bots/invite.rs @@ -32,14 +32,11 @@ pub async fn invite_bot( match dest.into_inner() { Destination::Server { server } => { let server = db.fetch_server(&server).await?; - if !perms(&user) + + perms(&user) .server(&server) - .calc(db) - .await - .can_manage_server() - { - return Error::from_permission(Permission::ManageServer); - } + .throw_permission(db, Permission::ManageServer) + .await?; let member = Member { id: MemberCompositeKey { @@ -53,14 +50,11 @@ pub async fn invite_bot( } Destination::Group { group } => { let channel = db.fetch_channel(&group).await?; - if !perms(&user) + + perms(&user) .channel(&channel) - .calc(db) - .await - .can_invite_others() - { - return Error::from_permission(Permission::InviteOthers); - } + .throw_permission_and_view_channel(db, Permission::InviteOthers) + .await?; if let Channel::Group { id, .. } = channel { db.add_user_to_group(&id, &bot.id) diff --git a/src/routes/channels/channel_ack.rs b/src/routes/channels/channel_ack.rs index 9386f8d1..7ecbf5d2 100644 --- a/src/routes/channels/channel_ack.rs +++ b/src/routes/channels/channel_ack.rs @@ -1,16 +1,12 @@ -use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Ref, Result}; +use revolt_quark::{models::User, perms, Db, EmptyResponse, Permission, Ref, Result}; #[put("//ack/")] pub async fn req(db: &Db, user: User, target: Ref, message: Ref) -> Result { let channel = target.as_channel(db).await?; - if !perms(&user) + perms(&user) .channel(&channel) - .calc(db) - .await - .can_view_channel() - { - return Err(Error::NotFound); - } + .throw_permission(db, Permission::ViewChannel) + .await?; channel .ack(db, &user.id, &message.id) diff --git a/src/routes/channels/channel_delete.rs b/src/routes/channels/channel_delete.rs index 205d7eb3..dbef31ee 100644 --- a/src/routes/channels/channel_delete.rs +++ b/src/routes/channels/channel_delete.rs @@ -6,11 +6,8 @@ use revolt_quark::{ #[delete("/")] pub async fn req(db: &Db, user: User, target: Ref) -> Result { let channel = target.as_channel(db).await?; - let perm = perms(&user).channel(&channel).calc(db).await; - - if !perm.can_view_channel() { - return Err(Error::NotFound); - } + let mut perms = perms(&user).channel(&channel); + perms.throw_permission(db, Permission::ViewChannel).await?; match &channel { Channel::SavedMessages { .. } => Err(Error::NoEffect), @@ -30,11 +27,11 @@ pub async fn req(db: &Db, user: User, target: Ref) -> Result { .await .map(|_| EmptyResponse), Channel::TextChannel { .. } | Channel::VoiceChannel { .. } => { - if perm.can_manage_channel() { - channel.delete(db).await.map(|_| EmptyResponse) - } else { - Error::from_permission(Permission::ManageChannel) - } + perms + .throw_permission(db, Permission::ManageChannel) + .await?; + + channel.delete(db).await.map(|_| EmptyResponse) } } } diff --git a/src/routes/channels/channel_edit.rs b/src/routes/channels/channel_edit.rs index 866cd2e6..a948de2b 100644 --- a/src/routes/channels/channel_edit.rs +++ b/src/routes/channels/channel_edit.rs @@ -38,14 +38,10 @@ pub async fn req( .map_err(|error| Error::FailedValidation { error })?; let mut channel = target.as_channel(db).await?; - if !perms(&user) + perms(&user) .channel(&channel) - .calc(db) - .await - .can_manage_channel() - { - return Error::from_permission(Permission::ManageChannel); - } + .throw_permission_and_view_channel(db, Permission::ManageChannel) + .await?; if data.name.is_none() && data.description.is_none() diff --git a/src/routes/channels/channel_fetch.rs b/src/routes/channels/channel_fetch.rs index 34135abb..d6fd57d7 100644 --- a/src/routes/channels/channel_fetch.rs +++ b/src/routes/channels/channel_fetch.rs @@ -1,22 +1,17 @@ use revolt_quark::{ models::{Channel, User}, - perms, Database, Error, Permission, Ref, Result, + perms, Database, Permission, Ref, Result, }; use rocket::{serde::json::Json, State}; #[get("/")] pub async fn req(db: &State, user: User, target: Ref) -> Result> { - let target = target.as_channel(db).await?; + let channel = target.as_channel(db).await?; + perms(&user) + .channel(&channel) + .throw_permission(db, Permission::ViewChannel) + .await?; - if perms(&user) - .channel(&target) - .calc(db) - .await - .can_view_channel() - { - Ok(Json(target)) - } else { - Error::from_permission(Permission::ViewChannel) - } + Ok(Json(channel)) } diff --git a/src/routes/channels/group_add_member.rs b/src/routes/channels/group_add_member.rs index 802c8efa..00ed5fb4 100644 --- a/src/routes/channels/group_add_member.rs +++ b/src/routes/channels/group_add_member.rs @@ -6,14 +6,10 @@ use revolt_quark::{ #[put("//recipients/")] pub async fn req(db: &Db, user: User, target: Ref, member: Ref) -> Result { let channel = target.as_channel(db).await?; - if !perms(&user) + perms(&user) .channel(&channel) - .calc(db) - .await - .can_invite_others() - { - return Error::from_permission(Permission::InviteOthers); - } + .throw_permission_and_view_channel(db, Permission::InviteOthers) + .await?; match &channel { Channel::Group { .. } => { diff --git a/src/routes/channels/invite_create.rs b/src/routes/channels/invite_create.rs index 308e06f8..51bd97b8 100644 --- a/src/routes/channels/invite_create.rs +++ b/src/routes/channels/invite_create.rs @@ -1,6 +1,6 @@ use revolt_quark::{ models::{Invite, User}, - perms, Db, Error, Permission, Ref, Result, + perms, Db, Permission, Ref, Result, }; use rocket::serde::json::Json; @@ -8,15 +8,10 @@ use rocket::serde::json::Json; #[post("//invites")] pub async fn req(db: &Db, user: User, target: Ref) -> Result> { let channel = target.as_channel(db).await?; - - if !perms(&user) + perms(&user) .channel(&channel) - .calc(db) - .await - .can_invite_others() - { - return Error::from_permission(Permission::InviteOthers); - } + .throw_permission_and_view_channel(db, Permission::InviteOthers) + .await?; Invite::create(db, &user, &channel).await.map(Json) } diff --git a/src/routes/channels/members_fetch.rs b/src/routes/channels/members_fetch.rs index cb9c684d..e8259899 100644 --- a/src/routes/channels/members_fetch.rs +++ b/src/routes/channels/members_fetch.rs @@ -1,6 +1,6 @@ use revolt_quark::{ models::{Channel, User}, - perms, Db, Error, Ref, Result, + perms, Db, Error, Permission, Ref, Result, }; use rocket::serde::json::Json; @@ -8,14 +8,10 @@ use rocket::serde::json::Json; #[get("//members")] pub async fn req(db: &Db, user: User, target: Ref) -> Result>> { let channel = target.as_channel(db).await?; - if !perms(&user) + perms(&user) .channel(&channel) - .calc(db) - .await - .can_view_channel() - { - return Err(Error::NotFound); - } + .throw_permission(db, Permission::ViewChannel) + .await?; if let Channel::Group { recipients, .. } = channel { Ok(Json( diff --git a/src/routes/channels/message_delete.rs b/src/routes/channels/message_delete.rs index 95799497..40f4f2b1 100644 --- a/src/routes/channels/message_delete.rs +++ b/src/routes/channels/message_delete.rs @@ -11,9 +11,8 @@ pub async fn req(db: &Db, user: User, target: Ref, msg: Ref) -> Result/messages/")] pub async fn req(db: &Db, user: User, target: Ref, msg: Ref) -> Result> { let channel = target.as_channel(db).await?; - if !perms(&user) + perms(&user) .channel(&channel) - .calc(db) - .await - .can_view_channel() - { - return Err(Error::NotFound); - } + .throw_permission(db, Permission::ViewChannel) + .await?; let message = msg.as_message(db).await?; if message.channel != channel.as_id() { diff --git a/src/routes/channels/message_query.rs b/src/routes/channels/message_query.rs index 90bf3586..b591d965 100644 --- a/src/routes/channels/message_query.rs +++ b/src/routes/channels/message_query.rs @@ -3,7 +3,7 @@ use revolt_quark::{ message::{BulkMessageResponse, MessageSort}, User, }, - perms, Db, Error, Ref, Result, + perms, Db, Error, Permission, Ref, Result, }; use rocket::serde::json::Json; use serde::{Deserialize, Serialize}; @@ -42,14 +42,10 @@ pub async fn req( } let channel = target.as_channel(db).await?; - if !perms(&user) + perms(&user) .channel(&channel) - .calc(db) - .await - .can_view_channel() - { - return Err(Error::NotFound); - } + .throw_permission_and_view_channel(db, Permission::ReadMessageHistory) + .await?; let Options { limit, diff --git a/src/routes/channels/message_search.rs b/src/routes/channels/message_search.rs index 95dd0b31..bb0d25c3 100644 --- a/src/routes/channels/message_search.rs +++ b/src/routes/channels/message_search.rs @@ -3,7 +3,7 @@ use revolt_quark::{ message::{BulkMessageResponse, MessageSort}, User, }, - perms, Db, Error, Ref, Result, + perms, Db, Error, Permission, Ref, Result, }; use rocket::serde::json::Json; @@ -39,14 +39,10 @@ pub async fn req( .map_err(|error| Error::FailedValidation { error })?; let channel = target.as_channel(db).await?; - if !perms(&user) + perms(&user) .channel(&channel) - .calc(db) - .await - .can_view_channel() - { - return Err(Error::NotFound); - } + .throw_permission_and_view_channel(db, Permission::ReadMessageHistory) + .await?; let Options { query, diff --git a/src/routes/channels/message_send.rs b/src/routes/channels/message_send.rs index efa76cc2..7473ba3f 100644 --- a/src/routes/channels/message_send.rs +++ b/src/routes/channels/message_send.rs @@ -51,11 +51,10 @@ pub async fn message_send( idempotency.consume_nonce(data.nonce).await?; let channel = target.as_channel(db).await?; - let permissions = perms(&user).channel(&channel).calc(db).await; - - if !permissions.can_send_message() { - return Error::from_permission(Permission::SendMessage); - } + let mut permissions = perms(&user).channel(&channel); + permissions + .throw_permission_and_view_channel(db, Permission::SendMessage) + .await?; if data.content.is_empty() && (data.attachments.is_none() || data.attachments.as_ref().unwrap().is_empty()) @@ -66,8 +65,8 @@ pub async fn message_send( let message_id = Ulid::new().to_string(); let mut message = Message { id: message_id.clone(), - channel: channel.as_id(), - author: user.id, + channel: channel.id().to_string(), + author: user.id.clone(), ..Default::default() }; @@ -80,8 +79,10 @@ pub async fn message_send( } // 2. Verify permissions for masquerade. - if data.masquerade.is_some() && !permissions.can_masquerade() { - return Error::from_permission(Permission::Masquerade); + if data.masquerade.is_some() { + permissions + .throw_permission(db, Permission::Masquerade) + .await?; } // 3. Verify replies are valid. @@ -117,8 +118,10 @@ pub async fn message_send( // 4. Add attachments to message. let mut attachments = vec![]; if let Some(ids) = &data.attachments { - if !ids.is_empty() && !permissions.can_upload_files() { - return Error::from_permission(Permission::UploadFiles); + if !ids.is_empty() { + permissions + .throw_permission(db, Permission::UploadFiles) + .await?; } // ! FIXME: move this to app config diff --git a/src/routes/channels/permissions_set.rs b/src/routes/channels/permissions_set.rs index 29d502e9..c9a34808 100644 --- a/src/routes/channels/permissions_set.rs +++ b/src/routes/channels/permissions_set.rs @@ -3,7 +3,7 @@ use serde::{Deserialize, Serialize}; use revolt_quark::{ models::{Channel, User}, - perms, Db, Error, Permission, Ref, Result, + perms, Db, Permission, Ref, Result, }; #[derive(Serialize, Deserialize)] @@ -20,14 +20,10 @@ pub async fn req( data: Json, ) -> Result> { let mut channel = target.as_channel(db).await?; - if !perms(&user) + perms(&user) .channel(&channel) - .calc(db) - .await - .can_manage_permissions() - { - return Error::from_permission(Permission::ManageChannel); - } + .throw_permission_and_view_channel(db, Permission::ManagePermissions) + .await?; // ! FIXME_PERMISSIONS diff --git a/src/routes/channels/permissions_set_default.rs b/src/routes/channels/permissions_set_default.rs index 96c3bf7e..bf15befa 100644 --- a/src/routes/channels/permissions_set_default.rs +++ b/src/routes/channels/permissions_set_default.rs @@ -14,14 +14,10 @@ pub struct Data { #[put("//permissions/default", data = "", rank = 1)] pub async fn req(db: &Db, user: User, target: Ref, data: Json) -> Result> { let mut channel = target.as_channel(db).await?; - if !perms(&user) + perms(&user) .channel(&channel) - .calc(db) - .await - .can_manage_permissions() - { - return Error::from_permission(Permission::ManagePermissions); - } + .throw_permission_and_view_channel(db, Permission::ManagePermissions) + .await?; match &channel { Channel::Group { .. } => { diff --git a/src/routes/invites/invite_delete.rs b/src/routes/invites/invite_delete.rs index 2d8b567b..e2b12b3a 100644 --- a/src/routes/invites/invite_delete.rs +++ b/src/routes/invites/invite_delete.rs @@ -1,6 +1,6 @@ use revolt_quark::{ models::{Invite, User}, - perms, Db, EmptyResponse, Error, Permission, Ref, Result, + perms, Db, EmptyResponse, Permission, Ref, Result, }; #[delete("/")] @@ -13,14 +13,10 @@ pub async fn req(db: &Db, user: User, target: Ref) -> Result { match invite { Invite::Server { code, server, .. } => { let server = db.fetch_server(&server).await?; - if !perms(&user) + perms(&user) .server(&server) - .calc(db) - .await - .can_manage_server() - { - return Error::from_permission(Permission::ManageServer); - } + .throw_permission(db, Permission::ManageServer) + .await?; db.delete_invite(&code).await } diff --git a/src/routes/servers/ban_create.rs b/src/routes/servers/ban_create.rs index 355df6be..8d3fec3c 100644 --- a/src/routes/servers/ban_create.rs +++ b/src/routes/servers/ban_create.rs @@ -26,14 +26,10 @@ pub async fn req( .map_err(|error| Error::FailedValidation { error })?; let server = server.as_server(db).await?; - if !perms(&user) + perms(&user) .server(&server) - .calc(db) - .await - .can_ban_members() - { - return Error::from_permission(Permission::BanMembers); - } + .throw_permission(db, Permission::BanMembers) + .await?; let member = target.as_member(db, &server.id).await?; // ! FIXME_PERMISSIONS diff --git a/src/routes/servers/ban_list.rs b/src/routes/servers/ban_list.rs index ae461bd1..2656322e 100644 --- a/src/routes/servers/ban_list.rs +++ b/src/routes/servers/ban_list.rs @@ -1,5 +1,5 @@ use revolt_quark::models::{File, ServerBan, User}; -use revolt_quark::{perms, Db, Error, Permission, Ref, Result}; +use revolt_quark::{perms, Db, Permission, Ref, Result}; use rocket::serde::json::Json; use serde::{Deserialize, Serialize}; @@ -14,14 +14,10 @@ struct BannedUser { #[get("//bans")] pub async fn req(db: &Db, user: User, target: Ref) -> Result>> { let server = target.as_server(db).await?; - if !perms(&user) + perms(&user) .server(&server) - .calc(db) - .await - .can_ban_members() - { - return Error::from_permission(Permission::BanMembers); - } + .throw_permission(db, Permission::BanMembers) + .await?; db.fetch_bans(&server.id).await.map(Json) } diff --git a/src/routes/servers/ban_remove.rs b/src/routes/servers/ban_remove.rs index 378d1fc5..b317f2cb 100644 --- a/src/routes/servers/ban_remove.rs +++ b/src/routes/servers/ban_remove.rs @@ -1,16 +1,12 @@ -use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Permission, Ref, Result}; +use revolt_quark::{models::User, perms, Db, EmptyResponse, Permission, Ref, Result}; #[delete("//bans/")] pub async fn req(db: &Db, user: User, server: Ref, target: Ref) -> Result { let server = server.as_server(db).await?; - if !perms(&user) + perms(&user) .server(&server) - .calc(db) - .await - .can_ban_members() - { - return Error::from_permission(Permission::BanMembers); - } + .throw_permission(db, Permission::BanMembers) + .await?; let ban = target.as_ban(db, &server.id).await?; db.delete_ban(&ban.id).await.map(|_| EmptyResponse) diff --git a/src/routes/servers/channel_create.rs b/src/routes/servers/channel_create.rs index cfec394d..3d861153 100644 --- a/src/routes/servers/channel_create.rs +++ b/src/routes/servers/channel_create.rs @@ -41,14 +41,10 @@ pub async fn req(db: &Db, user: User, target: Ref, info: Json) -> Result/invites")] pub async fn req(db: &Db, user: User, target: Ref) -> Result>> { let server = target.as_server(db).await?; - if !perms(&user) + perms(&user) .server(&server) - .calc(db) - .await - .can_manage_server() - { - return Error::from_permission(Permission::ManageServer); - } + .throw_permission(db, Permission::ManageServer) + .await?; db.fetch_invites_for_server(&server.id).await.map(Json) } diff --git a/src/routes/servers/member_edit.rs b/src/routes/servers/member_edit.rs index 60f8ee34..65c29a48 100644 --- a/src/routes/servers/member_edit.rs +++ b/src/routes/servers/member_edit.rs @@ -33,10 +33,7 @@ pub async fn req( .map_err(|error| Error::FailedValidation { error })?; let server = server.as_server(db).await?; - let permissions = perms(&user).server(&server).calc(db).await; - if !permissions.can_view_channel() { - return Err(Error::NotFound); - } + perms(&user).server(&server).calc(db).await?; let mut member = target.as_member(db, &server.id).await?; diff --git a/src/routes/servers/member_fetch.rs b/src/routes/servers/member_fetch.rs index 22220e41..fe07a62e 100644 --- a/src/routes/servers/member_fetch.rs +++ b/src/routes/servers/member_fetch.rs @@ -1,20 +1,13 @@ use revolt_quark::{ models::{Member, User}, - perms, Db, Error, Ref, Result, + perms, Db, Ref, Result, }; use rocket::serde::json::Json; #[get("//members/")] pub async fn req(db: &Db, user: User, target: Ref, member: Ref) -> Result> { let server = target.as_server(db).await?; - if !perms(&user) - .server(&server) - .calc(db) - .await - .can_view_channel() - { - return Err(Error::NotFound); - } + perms(&user).server(&server).calc(db).await?; member.as_member(db, &server.id).await.map(Json) } diff --git a/src/routes/servers/member_fetch_all.rs b/src/routes/servers/member_fetch_all.rs index 26e374d3..0b7a720c 100644 --- a/src/routes/servers/member_fetch_all.rs +++ b/src/routes/servers/member_fetch_all.rs @@ -1,18 +1,11 @@ -use revolt_quark::{models::User, perms, presence::presence_filter_online, Db, Error, Ref, Result}; +use revolt_quark::{models::User, perms, presence::presence_filter_online, Db, Ref, Result}; use rocket::serde::json::Value; #[get("//members")] pub async fn req(db: &Db, user: User, target: Ref) -> Result { let server = target.as_server(db).await?; - if !perms(&user) - .server(&server) - .calc(db) - .await - .can_view_channel() - { - return Err(Error::NotFound); - } + perms(&user).server(&server).calc(db).await?; let members = db.fetch_all_members(&server.id).await?; diff --git a/src/routes/servers/member_remove.rs b/src/routes/servers/member_remove.rs index 8a37da36..c90875e7 100644 --- a/src/routes/servers/member_remove.rs +++ b/src/routes/servers/member_remove.rs @@ -1,16 +1,12 @@ -use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Permission, Ref, Result}; +use revolt_quark::{models::User, perms, Db, EmptyResponse, Permission, Ref, Result}; #[delete("//members/")] pub async fn req(db: &Db, user: User, target: Ref, member: Ref) -> Result { let server = target.as_server(db).await?; - if !perms(&user) + perms(&user) .server(&server) - .calc(db) - .await - .can_kick_members() - { - return Error::from_permission(Permission::KickMembers); - } + .throw_permission(db, Permission::KickMembers) + .await?; let member = member.as_member(db, &server.id).await?; // ! FIXME_PERMISSIONS diff --git a/src/routes/servers/permissions_set.rs b/src/routes/servers/permissions_set.rs index 4b4559ba..d32a5206 100644 --- a/src/routes/servers/permissions_set.rs +++ b/src/routes/servers/permissions_set.rs @@ -3,7 +3,7 @@ use serde::{Deserialize, Serialize}; use revolt_quark::{ models::{Server, User}, - perms, Db, Error, Ref, Result, + perms, Db, Permission, Ref, Result, }; #[derive(Serialize, Deserialize)] @@ -26,16 +26,12 @@ pub async fn req( data: Json, ) -> Result> { let mut server = target.as_server(db).await?; - if !perms(&user) + perms(&user) .server(&server) - .calc(db) - .await - .can_manage_permissions() - { - return Err(Error::NotFound); - } + .throw_permission(db, Permission::ManagePermissions) + .await?; - // ! FIXME: calculate permission against role + // ! FIXME_PERMISSIONS server .set_role_permission( diff --git a/src/routes/servers/permissions_set_default.rs b/src/routes/servers/permissions_set_default.rs index a4403d58..8af256d1 100644 --- a/src/routes/servers/permissions_set_default.rs +++ b/src/routes/servers/permissions_set_default.rs @@ -3,7 +3,7 @@ use serde::{Deserialize, Serialize}; use revolt_quark::{ models::{server::PartialServer, Server, User}, - perms, Db, Error, Ref, Result, + perms, Db, Permission, Ref, Result, }; #[derive(Serialize, Deserialize)] @@ -22,14 +22,12 @@ pub async fn req(db: &Db, user: User, target: Ref, data: Json) -> Result) -> Result/roles/")] pub async fn req(db: &Db, user: User, target: Ref, role_id: String) -> Result { let mut server = target.as_server(db).await?; - if !perms(&user) + perms(&user) .server(&server) - .calc(db) - .await - .can_manage_roles() - { - return Err(Error::NotFound); - } + .throw_permission(db, Permission::ManageRole) + .await?; // ! FIXME_PERMISSIONS diff --git a/src/routes/servers/roles_edit.rs b/src/routes/servers/roles_edit.rs index da32c940..60f03745 100644 --- a/src/routes/servers/roles_edit.rs +++ b/src/routes/servers/roles_edit.rs @@ -3,7 +3,7 @@ use revolt_quark::{ server::{FieldsRole, PartialRole, Role}, User, }, - perms, Db, Error, Ref, Result, + perms, Db, Error, Permission, Ref, Result, }; use rocket::serde::json::Json; @@ -35,14 +35,10 @@ pub async fn req( .map_err(|error| Error::FailedValidation { error })?; let mut server = target.as_server(db).await?; - if !perms(&user) + perms(&user) .server(&server) - .calc(db) - .await - .can_manage_roles() - { - return Err(Error::NotFound); - } + .throw_permission(db, Permission::ManageRole) + .await?; if let Some(mut role) = server.roles.remove(&role_id) { let Data { diff --git a/src/routes/servers/server_ack.rs b/src/routes/servers/server_ack.rs index 288c7f85..837467ba 100644 --- a/src/routes/servers/server_ack.rs +++ b/src/routes/servers/server_ack.rs @@ -1,16 +1,9 @@ -use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Ref, Result}; +use revolt_quark::{models::User, perms, Db, EmptyResponse, Ref, Result}; #[put("//ack")] pub async fn req(db: &Db, user: User, target: Ref) -> Result { let server = target.as_server(db).await?; - if !perms(&user) - .server(&server) - .calc(db) - .await - .can_view_channel() - { - return Err(Error::NotFound); - } + perms(&user).server(&server).calc(db).await?; db.acknowledge_channels(&user.id, &server.channels) .await diff --git a/src/routes/servers/server_edit.rs b/src/routes/servers/server_edit.rs index 69b166c7..a50debf9 100644 --- a/src/routes/servers/server_edit.rs +++ b/src/routes/servers/server_edit.rs @@ -38,7 +38,7 @@ pub async fn req(db: &Db, user: User, target: Ref, data: Json) -> Result")] pub async fn req(db: &Db, user: User, target: Ref) -> Result> { let server = target.as_server(db).await?; - if !perms(&user) - .server(&server) - .calc(db) - .await - .can_view_channel() - { - return Err(Error::NotFound); - } + perms(&user).server(&server).calc(db).await?; Ok(Json(server)) }