Prevent access to bot routes as bot.

This commit is contained in:
Paul
2021-09-03 14:37:40 +01:00
parent 17a378494c
commit dbfed52f17
9 changed files with 30 additions and 2 deletions

View File

@@ -6,6 +6,10 @@ use mongodb::bson::doc;
#[delete("/<target>")]
pub async fn delete_bot(user: User, target: Ref) -> Result<EmptyResponse> {
if user.bot.is_some() {
return Err(Error::IsBot)
}
let bot = target.fetch_bot().await?;
if bot.owner != user.id {
return Err(Error::MissingPermission);