From 4abd4070f7a7d0cff6fa9611e98cf8883a9c9606 Mon Sep 17 00:00:00 2001 From: Paul Makles Date: Wed, 31 May 2023 17:10:57 +0100 Subject: [PATCH] feat: allow editing owned bots using user edit route --- crates/delta/src/routes/users/edit_user.rs | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/crates/delta/src/routes/users/edit_user.rs b/crates/delta/src/routes/users/edit_user.rs index c7c2b30c..e91d8919 100644 --- a/crates/delta/src/routes/users/edit_user.rs +++ b/crates/delta/src/routes/users/edit_user.rs @@ -66,14 +66,20 @@ pub async fn req( // If we want to edit a different user than self, ensure we have // permissions and subsequently replace the user in question - if target.id != "@me" { - if !user.privileged { + if target.id != "@me" && target.id != user.id { + let target_user = target.as_user(db).await?; + let is_bot_owner = target_user + .bot + .map(|bot| bot.owner == user.id) + .unwrap_or_default(); + + if !is_bot_owner && !user.privileged { return Err(Error::NotPrivileged); } + } - user = target.as_user(db).await?; // Otherwise, filter out invalid edit fields - } else if data.badges.is_some() || data.flags.is_some() { + if !user.privileged && (data.badges.is_some() || data.flags.is_some()) { return Err(Error::NotPrivileged); }