Fix bug allowing any member from kicking any member instance-wide

author: Madeline <46743919+MaddyUnderStars@users.noreply.github.com> 2022-12-05 19:16:40 +1100
committer: Madeline <46743919+MaddyUnderStars@users.noreply.github.com> 2022-12-05 19:16:40 +1100
commit: b380cf19ba1af3977ab3cd9271728d0ab67c3591 (patch)
tree: 0edabda59f327eb075a3e4e7b8f9996f7312df27
parent: Fix prune (diff)
download: server-b380cf19ba1af3977ab3cd9271728d0ab67c3591.tar.xz
1 files changed, 3 insertions, 3 deletions
diff --git a/src/api/routes/guilds/#guild_id/members/#member_id/index.ts b/src/api/routes/guilds/#guild_id/members/#member_id/index.ts
index 2d867920..28085752 100644
--- a/src/api/routes/guilds/#guild_id/members/#member_id/index.ts
+++ b/src/api/routes/guilds/#guild_id/members/#member_id/index.ts
@@ -109,10 +109,10 @@ router.put("/", route({}), async (req: Request, res: Response) => {
 });
 
 router.delete("/", route({}), async (req: Request, res: Response) => {
-	const permission = await getPermission(req.user_id);
-	const rights = await getRights(req.user_id);
 	const { guild_id, member_id } = req.params;
-	if (member_id !== "@me" || member_id === req.user_id) {
+	const permission = await getPermission(req.user_id, guild_id);
+	const rights = await getRights(req.user_id);
+	if (member_id === "@me" || member_id === req.user_id) {
 		// TODO: unless force-joined
 		rights.hasThrow("SELF_LEAVE_GROUPS");
 	} else {
author	Madeline <46743919+MaddyUnderStars@users.noreply.github.com>	2022-12-05 19:16:40 +1100
committer	Madeline <46743919+MaddyUnderStars@users.noreply.github.com>	2022-12-05 19:16:40 +1100
commit	b380cf19ba1af3977ab3cd9271728d0ab67c3591 (patch)
tree	0edabda59f327eb075a3e4e7b8f9996f7312df27
parent	Fix prune (diff)
download	server-b380cf19ba1af3977ab3cd9271728d0ab67c3591.tar.xz