Fix default rights sucking, fix patch /guilds/:id/members/:id not checking perm for nick

3 files changed, 45 insertions, 33 deletions

diff --git a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
index 2ff89eae..b6314ec0 100644
--- a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
+++ b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
@@ -35,7 +35,10 @@ router.patch("/", route({ body: "MemberChangeSchema" }), async (req: Request, re
 		member.roles = body.roles.map((x) => new Role({ id: x })); // foreign key constraint will fail if role doesn't exist
 	}
 
-	if (body.nick) member.nick = body.nick;
+	if (body.nick) {
+		permission.hasThrow(req.user_id == member.user.id ? "CHANGE_NICKNAME" : "MANAGE_NICKNAMES");
+		member.nick = body.nick;
+	}
 
 	await member.save();
 
diff --git a/bundle/scripts/rights.js b/bundle/scripts/rights.js
new file mode 100644
index 00000000..33f0b550
--- /dev/null
+++ b/bundle/scripts/rights.js
@@ -0,0 +1,40 @@
+const path = require("path");
+const fs = require("fs");
+const { env } = require("process");
+const { execSync } = require("child_process");
+const { argv, stdout, exit } = require("process");
+
+const { execIn, getLines, parts } = require("../../util");
+
+let lines = fs.readFileSync(path.join(__dirname, "..", "src", "util", "util", "Rights.ts")).toString();
+let lines2 = lines.split("\n");
+let lines3 = lines2.filter((y) => y.includes(": BitFlag("));
+let lines4 = lines3.map((x) => x.split("//")[0].trim());
+
+function BitFlag(int) {
+	return 1n << BigInt(int);
+}
+
+let rights = [];
+let maxRights = 0n;
+lines4.forEach((x) => {
+	maxRights += eval(`rights.${x.replace(":", " = ").replace(",", ";")}`);
+});
+//max rights...
+console.log(`Maximum rights: ${maxRights}`);
+//discord rights...
+discordRights = maxRights;
+discordRights -= rights.SEND_BACKDATED_EVENTS;
+discordRights -= rights.MANAGE_GUILD_DIRECTORY;
+discordRights -= rights.CREDITABLE;
+discordRights -= rights.BYPASS_RATE_LIMITS;
+discordRights -= rights.ADD_MEMBERS;
+discordRights -= rights.MANAGE_USERS;
+discordRights -= rights.MANAGE_TICKETS;
+discordRights -= rights.MANAGE_ROUTING;
+discordRights -= rights.MANAGE_RATE_LIMITS;
+discordRights -= rights.MANAGE_MESSAGES;
+discordRights -= rights.MANAGE_GUILDS;
+discordRights -= rights.MANAGE_APPLICATIONS;
+discordRights -= rights.OPERATOR;
+console.log(`Discord-like rights: ${discordRights}`);
diff --git a/util/src/entities/Config.ts b/util/src/entities/Config.ts
index ac1af7f3..9aabc1a8 100644
--- a/util/src/entities/Config.ts
+++ b/util/src/entities/Config.ts
@@ -319,38 +319,7 @@ export const DefaultConfigOptions: ConfigValue = {
 			secret: null,
 		},
 		ipdataApiKey: "eca677b284b3bac29eb72f5e496aa9047f26543605efe99ff2ce35c9",
-		defaultRights: (
-			Rights.FLAGS.MANAGE_GUILDS +
-			Rights.FLAGS.MANAGE_MESSAGES +
-			Rights.FLAGS.MANAGE_TICKETS +
-			Rights.FLAGS.MANAGE_USERS +
-			Rights.FLAGS.CREATE_CHANNELS +
-			Rights.FLAGS.CREATE_DMS +
-			Rights.FLAGS.CREATE_DM_GROUPS +
-			Rights.FLAGS.CREATE_GUILDS +
-			Rights.FLAGS.CREATE_INVITES +
-			Rights.FLAGS.CREATE_ROLES +
-			Rights.FLAGS.CREATE_TEMPLATES +
-			Rights.FLAGS.CREATE_WEBHOOKS +
-			Rights.FLAGS.JOIN_GUILDS +
-			Rights.FLAGS.PIN_MESSAGES +
-			Rights.FLAGS.SELF_ADD_REACTIONS +
-			Rights.FLAGS.SELF_DELETE_MESSAGES +
-			Rights.FLAGS.SELF_EDIT_MESSAGES +
-			Rights.FLAGS.SELF_EDIT_NAME +
-			Rights.FLAGS.SEND_MESSAGES +
-			Rights.FLAGS.USE_ACTIVITIES +
-			Rights.FLAGS.USE_VIDEO +
-			Rights.FLAGS.USE_VOICE +
-			Rights.FLAGS.INVITE_USERS +
-			Rights.FLAGS.SELF_DELETE_DISABLE +
-			Rights.FLAGS.DEBTABLE +
-			Rights.FLAGS.KICK_BAN_MEMBERS +
-			Rights.FLAGS.SELF_LEAVE_GROUPS +
-			Rights.FLAGS.SELF_ADD_DISCOVERABLE +
-			Rights.FLAGS.USE_ACHIEVEMENTS +
-			Rights.FLAGS.USE_MASS_INVITES
-		).toString()
+		defaultRights: "30644591655936",	// See util/scripts/rights.js
 	},
 	login: {
 		requireCaptcha: false,