fix: don't allow users to time themselves out

closes #376
This commit is contained in:
Paul Makles
2025-02-10 18:54:15 +00:00
committed by Zomatree
parent 9e5fbec9b0
commit ae15a0b4c7
2 changed files with 10 additions and 5 deletions

View File

@@ -117,6 +117,7 @@ pub enum ErrorType {
max: usize, max: usize,
}, },
AlreadyInServer, AlreadyInServer,
CannotTimeoutYourself,
// ? Bot related errors // ? Bot related errors
ReachedMaximumBots, ReachedMaximumBots,

View File

@@ -21,13 +21,13 @@ use validator::Validate;
/// ///
/// Edit a member by their id. /// Edit a member by their id.
#[openapi(tag = "Server Members")] #[openapi(tag = "Server Members")]
#[patch("/<server>/members/<target>", data = "<data>")] #[patch("/<server>/members/<member>", data = "<data>")]
pub async fn edit( pub async fn edit(
db: &State<Database>, db: &State<Database>,
voice_client: &State<VoiceClient>, voice_client: &State<VoiceClient>,
user: User, user: User,
server: Reference, server: Reference,
target: Reference, member: Reference,
data: Json<v0::DataMemberEdit>, data: Json<v0::DataMemberEdit>,
) -> Result<Json<v0::Member>> { ) -> Result<Json<v0::Member>> {
let data = data.into_inner(); let data = data.into_inner();
@@ -37,10 +37,10 @@ pub async fn edit(
}) })
})?; })?;
// Fetch server and target member // Fetch server and member
let mut server = server.as_server(db).await?; let mut server = server.as_server(db).await?;
let mut member = target.as_member(db, &server.id).await?; let target_user = member.as_user(&db).await?;
let target_user = target.as_user(&db).await?; let mut member = member.as_member(db, &server.id).await?;
// Fetch our currrent permissions // Fetch our currrent permissions
let mut query = DatabasePermissionQuery::new(db, &user).server(&server); let mut query = DatabasePermissionQuery::new(db, &user).server(&server);
@@ -92,6 +92,10 @@ pub async fn edit(
.map(|x| x.contains(&v0::FieldsMember::Timeout)) .map(|x| x.contains(&v0::FieldsMember::Timeout))
.unwrap_or_default() .unwrap_or_default()
{ {
if data.timeout.is_some() && member.id.user == user.id {
return Err(create_error!(CannotTimeoutYourself));
}
permissions.throw_if_lacking_channel_permission(ChannelPermission::TimeoutMembers)?; permissions.throw_if_lacking_channel_permission(ChannelPermission::TimeoutMembers)?;
} }