diff --git a/src/routes/servers/roles_delete.rs b/src/routes/servers/roles_delete.rs index bdefc636..2e9121cb 100644 --- a/src/routes/servers/roles_delete.rs +++ b/src/routes/servers/roles_delete.rs @@ -3,14 +3,19 @@ use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Permission, Re #[delete("//roles/")] pub async fn req(db: &Db, user: User, target: Ref, role_id: String) -> Result { let mut server = target.as_server(db).await?; - perms(&user) - .server(&server) + let mut permissions = perms(&user).server(&server); + + permissions .throw_permission(db, Permission::ManageRole) .await?; - // ! FIXME_PERMISSIONS + let member_rank = permissions.get_member_rank().unwrap_or(0); if let Some(role) = server.roles.remove(&role_id) { + if role.rank <= member_rank { + return Err(Error::NotElevated); + } + role.delete(db, &server.id, &role_id) .await .map(|_| EmptyResponse) diff --git a/src/routes/servers/roles_edit.rs b/src/routes/servers/roles_edit.rs index 9ea83b31..6a9cae3c 100644 --- a/src/routes/servers/roles_edit.rs +++ b/src/routes/servers/roles_edit.rs @@ -41,7 +41,7 @@ pub async fn req( .throw_permission(db, Permission::ManageRole) .await?; - let member_rank = permissions.get_member_rank(); + let member_rank = permissions.get_member_rank().unwrap_or(i64::MIN); if let Some(mut role) = server.roles.remove(&role_id) { let Data { @@ -53,7 +53,7 @@ pub async fn req( } = data; if let Some(rank) = &rank { - if rank <= &member_rank.unwrap_or(i64::MIN) { + if rank <= &member_rank { return Err(Error::NotElevated); } }