fix: replace user with target user when editing someone else
This commit is contained in:
@@ -24,23 +24,26 @@ pub async fn edit(
|
|||||||
})
|
})
|
||||||
})?;
|
})?;
|
||||||
|
|
||||||
|
// Filter out invalid edit fields
|
||||||
|
if !user.privileged && (data.badges.is_some() || data.flags.is_some()) {
|
||||||
|
return Err(create_error!(NotPrivileged));
|
||||||
|
}
|
||||||
|
|
||||||
// If we want to edit a different user than self, ensure we have
|
// If we want to edit a different user than self, ensure we have
|
||||||
// permissions and subsequently replace the user in question
|
// permissions and subsequently replace the user in question
|
||||||
if target.id != "@me" && target.id != user.id {
|
if target.id != "@me" && target.id != user.id {
|
||||||
let target_user = target.as_user(db).await?;
|
let target_user = target.as_user(db).await?;
|
||||||
let is_bot_owner = target_user
|
let is_bot_owner = target_user
|
||||||
.bot
|
.bot
|
||||||
|
.as_ref()
|
||||||
.map(|bot| bot.owner == user.id)
|
.map(|bot| bot.owner == user.id)
|
||||||
.unwrap_or_default();
|
.unwrap_or_default();
|
||||||
|
|
||||||
if !is_bot_owner && !user.privileged {
|
if !is_bot_owner && !user.privileged {
|
||||||
return Err(create_error!(NotPrivileged));
|
return Err(create_error!(NotPrivileged));
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
// Otherwise, filter out invalid edit fields
|
user = target_user;
|
||||||
if !user.privileged && (data.badges.is_some() || data.flags.is_some()) {
|
|
||||||
return Err(create_error!(NotPrivileged));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Exit out early if nothing is changed
|
// Exit out early if nothing is changed
|
||||||
|
|||||||
Reference in New Issue
Block a user