mirror of
https://github.com/stoatchat/stoatchat.git
synced 2026-07-14 05:26:59 +00:00
fix: add elevation check to role edit route
This commit is contained in:
@@ -36,10 +36,12 @@ pub async fn req(
|
||||
.throw_permission(db, Permission::ManagePermissions)
|
||||
.await?;
|
||||
|
||||
// Prevent us from editing roles above us
|
||||
if rank <= permissions.get_member_rank().unwrap_or(i64::MIN) {
|
||||
return Err(Error::NotElevated);
|
||||
}
|
||||
|
||||
// Ensure we have access to grant these permissions forwards
|
||||
let current_value: Override = current_value.into();
|
||||
permissions
|
||||
.throw_permission_override(db, current_value, data.permissions)
|
||||
|
||||
@@ -24,6 +24,7 @@ pub async fn req(
|
||||
.throw_permission(db, Permission::ManagePermissions)
|
||||
.await?;
|
||||
|
||||
// Ensure we have permissions to grant these permissions forwards
|
||||
permissions
|
||||
.throw_permission_value(db, data.permissions)
|
||||
.await?;
|
||||
|
||||
@@ -58,6 +58,11 @@ pub async fn req(
|
||||
let member_rank = permissions.get_member_rank().unwrap_or(i64::MIN);
|
||||
|
||||
if let Some(mut role) = server.roles.remove(&role_id) {
|
||||
// Prevent us from editing roles above us
|
||||
if role.rank <= member_rank {
|
||||
return Err(Error::NotElevated);
|
||||
}
|
||||
|
||||
let DataEditRole {
|
||||
name,
|
||||
colour,
|
||||
@@ -66,6 +71,7 @@ pub async fn req(
|
||||
remove,
|
||||
} = data;
|
||||
|
||||
// Prevent us from moving a role above other roles
|
||||
if let Some(rank) = &rank {
|
||||
if rank <= &member_rank {
|
||||
return Err(Error::NotElevated);
|
||||
|
||||
Reference in New Issue
Block a user