From f8ec6ba5ffc9f195e67e0a8d1163deb9e25b0cd0 Mon Sep 17 00:00:00 2001 From: Paul Makles Date: Sun, 28 Jul 2024 17:33:59 +0100 Subject: [PATCH] fix(delta): add check to roles_fetch route --- crates/delta/src/routes/servers/roles_fetch.rs | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/crates/delta/src/routes/servers/roles_fetch.rs b/crates/delta/src/routes/servers/roles_fetch.rs index 74b2aa1d..5c646b44 100644 --- a/crates/delta/src/routes/servers/roles_fetch.rs +++ b/crates/delta/src/routes/servers/roles_fetch.rs @@ -1,5 +1,9 @@ -use revolt_database::{util::reference::Reference, Database}; +use revolt_database::{ + util::{permissions::DatabasePermissionQuery, reference::Reference}, + Database, User, +}; use revolt_models::v0; +use revolt_permissions::PermissionQuery; use revolt_result::{create_error, Result}; use rocket::{serde::json::Json, State}; @@ -10,10 +14,16 @@ use rocket::{serde::json::Json, State}; #[get("//roles/")] pub async fn fetch( db: &State, + user: User, target: Reference, role_id: String, ) -> Result> { let mut server = target.as_server(db).await?; + let mut query = DatabasePermissionQuery::new(db, &user).server(&server); + if !query.are_we_a_member().await { + return Err(create_error!(NotFound)); + } + let role = server.roles.remove(&role_id); if let Some(role) = role {