diff options
| author | Erkin Alp Güney <erkinalp9035@gmail.com> | 2022-04-18 21:21:40 +0300 |
|---|---|---|
| committer | Erkin Alp Güney <erkinalp9035@gmail.com> | 2022-04-18 21:21:40 +0300 |
| commit | 53ca3925bf09c6b00d62edc27d93560578a09c34 (patch) | |
| tree | 8674ea14bf76f9e6cc5f67c7226acdc8f7fa58ef | |
| parent | reactions rights enforcement (diff) | |
| download | server-53ca3925bf09c6b00d62edc27d93560578a09c34.tar.xz | |
get single message && message rights enforcement
| -rw-r--r-- | api/src/routes/channels/#channel_id/messages/#message_id/index.ts | 12 | ||||
| -rw-r--r-- | api/src/routes/channels/#channel_id/messages/index.ts | 5 |
2 files changed, 15 insertions, 2 deletions
diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts index 58dfb1cc..a27c71e1 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts +++ b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts @@ -51,6 +51,18 @@ router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGE return res.json(message); }); +router.get("/", route({ permission: "VIEW_CHANNEL" }), async (req: Request, res: Response) => { + const { message_id, channel_id } = req.params; + + const message = await Message.findOneOrFail({ where: { id: message_id, channel_id }, relations: ["attachments"] }); + + const permissions = await getPermission(req.user_id, undefined, channel_id); + + if (message.author_id !== req.user_id) permissions.hasThrow("READ_MESSAGE_HISTORY"); + + return res.json(message); +}); + router.delete("/", route({}), async (req: Request, res: Response) => { const { message_id, channel_id } = req.params; diff --git a/api/src/routes/channels/#channel_id/messages/index.ts b/api/src/routes/channels/#channel_id/messages/index.ts index 2fd08b04..4cfaf247 100644 --- a/api/src/routes/channels/#channel_id/messages/index.ts +++ b/api/src/routes/channels/#channel_id/messages/index.ts @@ -8,6 +8,7 @@ import { Embed, emitEvent, getPermission, + getRights, Message, MessageCreateEvent, uploadFile, @@ -149,7 +150,7 @@ const messageUpload = multer({ }); // max upload 50 mb // TODO: dynamically change limit of MessageCreateSchema with config -// TODO: check: sum of all characters in an embed structure must not exceed 6000 characters +// TODO: check: sum of all characters in an embed structure must not exceed instance limits // https://discord.com/developers/docs/resources/channel#create-message // TODO: text channel slowdown @@ -167,7 +168,7 @@ router.post( next(); }, - route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES" }), + route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES", right: "SEND_MESSAGES" }), async (req: Request, res: Response) => { const { channel_id } = req.params; var body = req.body as MessageCreateSchema; |