feat(roles edit): ensure users can't move role above their own ranking

This commit is contained in:
Paul Makles
2022-02-23 14:39:09 +00:00
parent d45b32bce6
commit 04c2f8f293

View File

@@ -35,11 +35,14 @@ pub async fn req(
.map_err(|error| Error::FailedValidation { error })?; .map_err(|error| Error::FailedValidation { error })?;
let mut server = target.as_server(db).await?; let mut server = target.as_server(db).await?;
perms(&user) let mut permissions = perms(&user).server(&server);
.server(&server)
permissions
.throw_permission(db, Permission::ManageRole) .throw_permission(db, Permission::ManageRole)
.await?; .await?;
let member_rank = permissions.get_member_rank();
if let Some(mut role) = server.roles.remove(&role_id) { if let Some(mut role) = server.roles.remove(&role_id) {
let Data { let Data {
name, name,
@@ -49,6 +52,12 @@ pub async fn req(
remove, remove,
} = data; } = data;
if let Some(rank) = &rank {
if rank <= &member_rank.unwrap_or(i64::MIN) {
return Err(Error::NotElevated);
}
}
let partial = PartialRole { let partial = PartialRole {
name, name,
colour, colour,