fix: don't allow users to time themselves out

closes #376
This commit is contained in:
Paul Makles
2025-02-10 18:54:15 +00:00
committed by Zomatree
parent 9e5fbec9b0
commit ae15a0b4c7
2 changed files with 10 additions and 5 deletions

View File

@@ -117,6 +117,7 @@ pub enum ErrorType {
max: usize,
},
AlreadyInServer,
CannotTimeoutYourself,
// ? Bot related errors
ReachedMaximumBots,

View File

@@ -21,13 +21,13 @@ use validator::Validate;
///
/// Edit a member by their id.
#[openapi(tag = "Server Members")]
#[patch("/<server>/members/<target>", data = "<data>")]
#[patch("/<server>/members/<member>", data = "<data>")]
pub async fn edit(
db: &State<Database>,
voice_client: &State<VoiceClient>,
user: User,
server: Reference,
target: Reference,
member: Reference,
data: Json<v0::DataMemberEdit>,
) -> Result<Json<v0::Member>> {
let data = data.into_inner();
@@ -37,10 +37,10 @@ pub async fn edit(
})
})?;
// Fetch server and target member
// Fetch server and member
let mut server = server.as_server(db).await?;
let mut member = target.as_member(db, &server.id).await?;
let target_user = target.as_user(&db).await?;
let target_user = member.as_user(&db).await?;
let mut member = member.as_member(db, &server.id).await?;
// Fetch our currrent permissions
let mut query = DatabasePermissionQuery::new(db, &user).server(&server);
@@ -92,6 +92,10 @@ pub async fn edit(
.map(|x| x.contains(&v0::FieldsMember::Timeout))
.unwrap_or_default()
{
if data.timeout.is_some() && member.id.user == user.id {
return Err(create_error!(CannotTimeoutYourself));
}
permissions.throw_if_lacking_channel_permission(ChannelPermission::TimeoutMembers)?;
}