fix(delta): add check to roles_fetch route
This commit is contained in:
@@ -1,5 +1,9 @@
|
|||||||
use revolt_database::{util::reference::Reference, Database};
|
use revolt_database::{
|
||||||
|
util::{permissions::DatabasePermissionQuery, reference::Reference},
|
||||||
|
Database, User,
|
||||||
|
};
|
||||||
use revolt_models::v0;
|
use revolt_models::v0;
|
||||||
|
use revolt_permissions::PermissionQuery;
|
||||||
use revolt_result::{create_error, Result};
|
use revolt_result::{create_error, Result};
|
||||||
use rocket::{serde::json::Json, State};
|
use rocket::{serde::json::Json, State};
|
||||||
|
|
||||||
@@ -10,10 +14,16 @@ use rocket::{serde::json::Json, State};
|
|||||||
#[get("/<target>/roles/<role_id>")]
|
#[get("/<target>/roles/<role_id>")]
|
||||||
pub async fn fetch(
|
pub async fn fetch(
|
||||||
db: &State<Database>,
|
db: &State<Database>,
|
||||||
|
user: User,
|
||||||
target: Reference,
|
target: Reference,
|
||||||
role_id: String,
|
role_id: String,
|
||||||
) -> Result<Json<v0::Role>> {
|
) -> Result<Json<v0::Role>> {
|
||||||
let mut server = target.as_server(db).await?;
|
let mut server = target.as_server(db).await?;
|
||||||
|
let mut query = DatabasePermissionQuery::new(db, &user).server(&server);
|
||||||
|
if !query.are_we_a_member().await {
|
||||||
|
return Err(create_error!(NotFound));
|
||||||
|
}
|
||||||
|
|
||||||
let role = server.roles.remove(&role_id);
|
let role = server.roles.remove(&role_id);
|
||||||
|
|
||||||
if let Some(role) = role {
|
if let Some(role) = role {
|
||||||
|
|||||||
Reference in New Issue
Block a user