forked from jmug/stoatchat
fix(delta): add check to roles_fetch route
This commit is contained in:
@@ -1,5 +1,9 @@
|
||||
use revolt_database::{util::reference::Reference, Database};
|
||||
use revolt_database::{
|
||||
util::{permissions::DatabasePermissionQuery, reference::Reference},
|
||||
Database, User,
|
||||
};
|
||||
use revolt_models::v0;
|
||||
use revolt_permissions::PermissionQuery;
|
||||
use revolt_result::{create_error, Result};
|
||||
use rocket::{serde::json::Json, State};
|
||||
|
||||
@@ -10,10 +14,16 @@ use rocket::{serde::json::Json, State};
|
||||
#[get("/<target>/roles/<role_id>")]
|
||||
pub async fn fetch(
|
||||
db: &State<Database>,
|
||||
user: User,
|
||||
target: Reference,
|
||||
role_id: String,
|
||||
) -> Result<Json<v0::Role>> {
|
||||
let mut server = target.as_server(db).await?;
|
||||
let mut query = DatabasePermissionQuery::new(db, &user).server(&server);
|
||||
if !query.are_we_a_member().await {
|
||||
return Err(create_error!(NotFound));
|
||||
}
|
||||
|
||||
let role = server.roles.remove(&role_id);
|
||||
|
||||
if let Some(role) = role {
|
||||
|
||||
Reference in New Issue
Block a user