mirror of
https://github.com/stoatchat/stoatchat.git
synced 2026-07-14 05:26:59 +00:00
feat(roles delete): only allow members to delete roles lower ranking then themself
This commit is contained in:
@@ -3,14 +3,19 @@ use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Permission, Re
|
||||
#[delete("/<target>/roles/<role_id>")]
|
||||
pub async fn req(db: &Db, user: User, target: Ref, role_id: String) -> Result<EmptyResponse> {
|
||||
let mut server = target.as_server(db).await?;
|
||||
perms(&user)
|
||||
.server(&server)
|
||||
let mut permissions = perms(&user).server(&server);
|
||||
|
||||
permissions
|
||||
.throw_permission(db, Permission::ManageRole)
|
||||
.await?;
|
||||
|
||||
// ! FIXME_PERMISSIONS
|
||||
let member_rank = permissions.get_member_rank().unwrap_or(0);
|
||||
|
||||
if let Some(role) = server.roles.remove(&role_id) {
|
||||
if role.rank <= member_rank {
|
||||
return Err(Error::NotElevated);
|
||||
}
|
||||
|
||||
role.delete(db, &server.id, &role_id)
|
||||
.await
|
||||
.map(|_| EmptyResponse)
|
||||
|
||||
@@ -41,7 +41,7 @@ pub async fn req(
|
||||
.throw_permission(db, Permission::ManageRole)
|
||||
.await?;
|
||||
|
||||
let member_rank = permissions.get_member_rank();
|
||||
let member_rank = permissions.get_member_rank().unwrap_or(i64::MIN);
|
||||
|
||||
if let Some(mut role) = server.roles.remove(&role_id) {
|
||||
let Data {
|
||||
@@ -53,7 +53,7 @@ pub async fn req(
|
||||
} = data;
|
||||
|
||||
if let Some(rank) = &rank {
|
||||
if rank <= &member_rank.unwrap_or(i64::MIN) {
|
||||
if rank <= &member_rank {
|
||||
return Err(Error::NotElevated);
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user