diff options
| author | Erkin Alp Güney <erkinalp9035@gmail.com> | 2022-04-08 11:02:11 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-08 11:02:11 +0300 |
| commit | 22952ef928808d4112e0bd3c2a5b867d3e4c4b1a (patch) | |
| tree | 324d5aae9c1dca5669b8907ca81034161882840f | |
| parent | optional (diff) | |
| download | server-22952ef928808d4112e0bd3c2a5b867d3e4c4b1a.tar.xz | |
enforce the rights
| -rw-r--r-- | api/src/util/handlers/Message.ts | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/api/src/util/handlers/Message.ts b/api/src/util/handlers/Message.ts index 2d9f7032..f0ecf416 100644 --- a/api/src/util/handlers/Message.ts +++ b/api/src/util/handlers/Message.ts @@ -7,6 +7,7 @@ import { MessageCreateEvent, MessageUpdateEvent, getPermission, + getRights, CHANNEL_MENTION, Snowflake, USER_MENTION, @@ -61,17 +62,18 @@ export async function handleMessage(opts: MessageOptions): Promise<Message> { throw new HTTPError("Content length over max character limit") } - // TODO: are tts messages allowed in dm channels? should permission be checked? if (opts.author_id) { message.author = await User.getPublicUser(opts.author_id); - } + const rights = await getRights(opts.author_id); + rights.hasThrow("SEND_MESSAGES"); + } if (opts.application_id) { message.application = await Application.findOneOrFail({ id: opts.application_id }); } if (opts.webhook_id) { message.webhook = await Webhook.findOneOrFail({ id: opts.webhook_id }); } - + const permission = await getPermission(opts.author_id, channel.guild_id, opts.channel_id); permission.hasThrow("SEND_MESSAGES"); // TODO: add the rights check if (permission.cache.member) { |