mirror of
https://github.com/stoatchat/stoatchat.git
synced 2026-07-14 05:26:59 +00:00
feat(roles edit): ensure users can't move role above their own ranking
This commit is contained in:
@@ -35,11 +35,14 @@ pub async fn req(
|
||||
.map_err(|error| Error::FailedValidation { error })?;
|
||||
|
||||
let mut server = target.as_server(db).await?;
|
||||
perms(&user)
|
||||
.server(&server)
|
||||
let mut permissions = perms(&user).server(&server);
|
||||
|
||||
permissions
|
||||
.throw_permission(db, Permission::ManageRole)
|
||||
.await?;
|
||||
|
||||
let member_rank = permissions.get_member_rank();
|
||||
|
||||
if let Some(mut role) = server.roles.remove(&role_id) {
|
||||
let Data {
|
||||
name,
|
||||
@@ -49,6 +52,12 @@ pub async fn req(
|
||||
remove,
|
||||
} = data;
|
||||
|
||||
if let Some(rank) = &rank {
|
||||
if rank <= &member_rank.unwrap_or(i64::MIN) {
|
||||
return Err(Error::NotElevated);
|
||||
}
|
||||
}
|
||||
|
||||
let partial = PartialRole {
|
||||
name,
|
||||
colour,
|
||||
|
||||
Reference in New Issue
Block a user