Servers: Fix create / leave.

Prevent removal of self / owner.
This commit is contained in:
Paul
2021-06-07 16:14:48 +01:00
parent 4e90cf1f58
commit fce92382bf
4 changed files with 14 additions and 22 deletions

View File

@@ -16,6 +16,14 @@ pub async fn req(user: User, server: Ref, target: Ref) -> Result<()> {
Err(Error::MissingPermission)?
}
if target.id == user.id {
return Err(Error::InvalidOperation)
}
if target.id == server.owner {
return Err(Error::MissingPermission)
}
let target = target.fetch_ban(&server.id).await?;
get_collection("server_bans")
.delete_one(

View File

@@ -21,5 +21,9 @@ pub async fn req(user: User, target: Ref, member: String) -> Result<()> {
return Err(Error::InvalidOperation)
}
if target.id == target.owner {
return Err(Error::MissingPermission)
}
target.remove_member(&member.id.user).await
}

View File

@@ -57,8 +57,6 @@ pub async fn req(user: User, info: Json<Data>) -> Result<JsonValue> {
banner: None,
};
server.join_member(&user.id).await?;
Channel::TextChannel {
id: cid,
server: id,
@@ -71,6 +69,7 @@ pub async fn req(user: User, info: Json<Data>) -> Result<JsonValue> {
.await?;
server.clone().publish().await?;
server.join_member(&user.id).await?;
Ok(json!(server))
}

View File

@@ -1,6 +1,5 @@
use crate::database::*;
use crate::util::result::{Error, Result};
use crate::notifications::events::ClientboundNotification;
use mongodb::bson::doc;
@@ -19,24 +18,6 @@ pub async fn req(user: User, target: Ref) -> Result<()> {
if user.id == target.owner {
target.delete().await
} else {
get_collection("server_members")
.delete_one(
doc! {
},
None
)
.await
.map_err(|_| Error::DatabaseError {
operation: "delete_one",
with: "server_member"
})?;
ClientboundNotification::ServerMemberLeave {
id: target.id.clone(),
user: user.id
}.publish(target.id);
Ok(())
target.remove_member(&user.id).await
}
}