diff --git a/crates/delta/src/routes/servers/permissions_set.rs b/crates/delta/src/routes/servers/permissions_set.rs index 3b6128e4..11939156 100644 --- a/crates/delta/src/routes/servers/permissions_set.rs +++ b/crates/delta/src/routes/servers/permissions_set.rs @@ -36,10 +36,12 @@ pub async fn req( .throw_permission(db, Permission::ManagePermissions) .await?; + // Prevent us from editing roles above us if rank <= permissions.get_member_rank().unwrap_or(i64::MIN) { return Err(Error::NotElevated); } + // Ensure we have access to grant these permissions forwards let current_value: Override = current_value.into(); permissions .throw_permission_override(db, current_value, data.permissions) diff --git a/crates/delta/src/routes/servers/permissions_set_default.rs b/crates/delta/src/routes/servers/permissions_set_default.rs index 134cbc52..477be513 100644 --- a/crates/delta/src/routes/servers/permissions_set_default.rs +++ b/crates/delta/src/routes/servers/permissions_set_default.rs @@ -24,6 +24,7 @@ pub async fn req( .throw_permission(db, Permission::ManagePermissions) .await?; + // Ensure we have permissions to grant these permissions forwards permissions .throw_permission_value(db, data.permissions) .await?; diff --git a/crates/delta/src/routes/servers/roles_edit.rs b/crates/delta/src/routes/servers/roles_edit.rs index 71fd6cb7..cbd38e12 100644 --- a/crates/delta/src/routes/servers/roles_edit.rs +++ b/crates/delta/src/routes/servers/roles_edit.rs @@ -58,6 +58,11 @@ pub async fn req( let member_rank = permissions.get_member_rank().unwrap_or(i64::MIN); if let Some(mut role) = server.roles.remove(&role_id) { + // Prevent us from editing roles above us + if role.rank <= member_rank { + return Err(Error::NotElevated); + } + let DataEditRole { name, colour, @@ -66,6 +71,7 @@ pub async fn req( remove, } = data; + // Prevent us from moving a role above other roles if let Some(rank) = &rank { if rank <= &member_rank { return Err(Error::NotElevated);