forked from jmug/stoatchat
fix: check React permission on interactions
This commit is contained in:
@@ -116,7 +116,7 @@ pub async fn message_send(
|
||||
}
|
||||
|
||||
// 3. Ensure interactions information is correct
|
||||
message.interactions.validate(db).await?;
|
||||
message.interactions.validate(db, &mut permissions).await?;
|
||||
|
||||
// 4. Verify replies are valid.
|
||||
let mut replies = HashSet::new();
|
||||
|
||||
@@ -13,13 +13,14 @@ use crate::{
|
||||
},
|
||||
Channel, Emoji, Message, User,
|
||||
},
|
||||
permissions::PermissionCalculator,
|
||||
presence::presence_filter_online,
|
||||
tasks::ack::AckEvent,
|
||||
types::{
|
||||
january::{Embed, Text},
|
||||
push::PushNotification,
|
||||
},
|
||||
Database, Error, Result,
|
||||
Database, Error, Permission, Result,
|
||||
};
|
||||
|
||||
impl Message {
|
||||
@@ -406,8 +407,14 @@ impl BulkMessageResponse {
|
||||
|
||||
impl Interactions {
|
||||
/// Validate interactions info is correct
|
||||
pub async fn validate(&self, db: &Database) -> Result<()> {
|
||||
pub async fn validate(
|
||||
&self,
|
||||
db: &Database,
|
||||
permissions: &mut PermissionCalculator<'_>,
|
||||
) -> Result<()> {
|
||||
if let Some(reactions) = &self.reactions {
|
||||
permissions.throw_permission(db, Permission::React).await?;
|
||||
|
||||
if reactions.len() > 20 {
|
||||
return Err(Error::InvalidOperation);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user