From a495a8dfd79385f1c9c5f3f9a4717e851ea0d864 Mon Sep 17 00:00:00 2001 From: Paul Makles Date: Wed, 23 Feb 2022 18:08:25 +0000 Subject: [PATCH] feat(permissions): handle rankings on kick / ban --- src/routes/servers/ban_create.rs | 21 ++++++++++++++++++--- src/routes/servers/member_remove.rs | 23 +++++++++++++++++++---- 2 files changed, 37 insertions(+), 7 deletions(-) diff --git a/src/routes/servers/ban_create.rs b/src/routes/servers/ban_create.rs index 8e2fc233..426c8327 100644 --- a/src/routes/servers/ban_create.rs +++ b/src/routes/servers/ban_create.rs @@ -26,13 +26,28 @@ pub async fn req( .map_err(|error| Error::FailedValidation { error })?; let server = server.as_server(db).await?; - perms(&user) - .server(&server) + + if target.id == user.id { + return Err(Error::CannotRemoveYourself); + } + + if target.id == server.owner { + return Err(Error::InvalidOperation); + } + + let mut permissions = perms(&user).server(&server); + + permissions .throw_permission(db, Permission::BanMembers) .await?; let member = target.as_member(db, &server.id).await?; - // ! FIXME_PERMISSIONS + + if member.get_ranking(permissions.server.get().unwrap()) + <= permissions.get_member_rank().unwrap_or(i64::MIN) + { + return Err(Error::NotElevated); + } member.ban(db, data.reason).await.map(Json) } diff --git a/src/routes/servers/member_remove.rs b/src/routes/servers/member_remove.rs index c90875e7..c0181db2 100644 --- a/src/routes/servers/member_remove.rs +++ b/src/routes/servers/member_remove.rs @@ -1,15 +1,30 @@ -use revolt_quark::{models::User, perms, Db, EmptyResponse, Permission, Ref, Result}; +use revolt_quark::{models::User, perms, Db, EmptyResponse, Error, Permission, Ref, Result}; #[delete("//members/")] pub async fn req(db: &Db, user: User, target: Ref, member: Ref) -> Result { let server = target.as_server(db).await?; - perms(&user) - .server(&server) + + if member.id == user.id { + return Err(Error::CannotRemoveYourself); + } + + if member.id == server.owner { + return Err(Error::InvalidOperation); + } + + let mut permissions = perms(&user).server(&server); + + permissions .throw_permission(db, Permission::KickMembers) .await?; let member = member.as_member(db, &server.id).await?; - // ! FIXME_PERMISSIONS + + if member.get_ranking(permissions.server.get().unwrap()) + <= permissions.get_member_rank().unwrap_or(i64::MIN) + { + return Err(Error::NotElevated); + } member.delete(db).await.map(|_| EmptyResponse) }