diff options
author | Erkin Alp Güney <erkinalp9035@gmail.com> | 2022-04-17 21:15:58 +0300 |
---|---|---|
committer | Erkin Alp Güney <erkinalp9035@gmail.com> | 2022-04-17 21:15:58 +0300 |
commit | f27afe0c5695f23a90b2f6b4aed1537ba6b87ba2 (patch) | |
tree | 91dbec602bdee6b9c6200b6c30b394e987909867 | |
parent | Update Intents.ts (diff) | |
download | server-f27afe0c5695f23a90b2f6b4aed1537ba6b87ba2.tar.xz |
reactions rights enforcement
-rw-r--r-- | api/src/routes/channels/#channel_id/messages/#message_id/ack.ts | 3 | ||||
-rw-r--r-- | api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts | 2 |
2 files changed, 3 insertions, 2 deletions
diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts b/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts index 208c1da4..885c5eca 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts +++ b/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts @@ -4,8 +4,9 @@ import { route } from "@fosscord/api"; const router = Router(); -// TODO: check if message exists +// TODO: public read receipts & privacy scoping // TODO: send read state event to all channel members +// TODO: advance-only notification cursor export interface MessageAcknowledgeSchema { manual?: boolean; diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts b/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts index 6b6a66b2..d93cf70f 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts +++ b/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts @@ -101,7 +101,7 @@ router.get("/:emoji", route({ permission: "VIEW_CHANNEL" }), async (req: Request res.json(users); }); -router.put("/:emoji/:user_id", route({ permission: "READ_MESSAGE_HISTORY" }), async (req: Request, res: Response) => { +router.put("/:emoji/:user_id", route({ permission: "READ_MESSAGE_HISTORY", right: "SELF_ADD_REACTIONS" }), async (req: Request, res: Response) => { const { message_id, channel_id, user_id } = req.params; if (user_id !== "@me") throw new HTTPError("Invalid user"); const emoji = getEmoji(req.params.emoji); |