summary refs log tree commit diff
diff options
context:
space:
mode:
authorFlam3rboy <34555296+Flam3rboy@users.noreply.github.com>2021-08-15 14:41:50 +0200
committerFlam3rboy <34555296+Flam3rboy@users.noreply.github.com>2021-08-15 14:41:50 +0200
commitaa5ed0a5baeca5e303e62d3aeb8e4a040641fe92 (patch)
tree9c2f0e376b8c707cbb66f2c3c88d0d0642eaf9d9
parent:construction: auto update (diff)
downloadserver-aa5ed0a5baeca5e303e62d3aeb8e4a040641fe92.tar.xz
:bug: prevent @everyone role deletion
-rw-r--r--api/src/routes/guilds/#guild_id/roles.ts11
1 files changed, 4 insertions, 7 deletions
diff --git a/api/src/routes/guilds/#guild_id/roles.ts b/api/src/routes/guilds/#guild_id/roles.ts
index a4bc44e0..36370bb4 100644
--- a/api/src/routes/guilds/#guild_id/roles.ts
+++ b/api/src/routes/guilds/#guild_id/roles.ts
@@ -67,15 +67,12 @@ router.post("/", check(RoleModifySchema), async (req: Request, res: Response) =>
 router.delete("/:role_id", async (req: Request, res: Response) => {
 	const guild_id = req.params.guild_id;
 	const { role_id } = req.params;
+	if (role_id === guild_id) throw new HTTPError("You can't delete the @everyone role");
 
-	const guild = await GuildModel.findOne({ id: guild_id }, { id: true }).exec();
-	const user = await UserModel.findOne({ id: req.user_id }).exec();
-
-	const perms = await getPermission(req.user_id, guild_id);
-
-	if (!perms.has("MANAGE_ROLES")) throw new HTTPError("You missing the MANAGE_ROLES permission", 401);
+	const permissions = await getPermission(req.user_id, guild_id);
+	permissions.hasThrow("MANAGE_ROLES");
 
-	await RoleModel.findOneAndDelete({
+	await RoleModel.deleteOne({
 		id: role_id,
 		guild_id: guild_id
 	}).exec();