summary refs log tree commit diff
diff options
context:
space:
mode:
authorErkin Alp Güney <erkinalp9035@gmail.com>2022-04-17 21:15:58 +0300
committerErkin Alp Güney <erkinalp9035@gmail.com>2022-04-17 21:15:58 +0300
commitf27afe0c5695f23a90b2f6b4aed1537ba6b87ba2 (patch)
tree91dbec602bdee6b9c6200b6c30b394e987909867
parentUpdate Intents.ts (diff)
downloadserver-f27afe0c5695f23a90b2f6b4aed1537ba6b87ba2.tar.xz
reactions rights enforcement
-rw-r--r--api/src/routes/channels/#channel_id/messages/#message_id/ack.ts3
-rw-r--r--api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts2
2 files changed, 3 insertions, 2 deletions
diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts b/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts
index 208c1da4..885c5eca 100644
--- a/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts
+++ b/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts
@@ -4,8 +4,9 @@ import { route } from "@fosscord/api";
 
 const router = Router();
 
-// TODO: check if message exists
+// TODO: public read receipts & privacy scoping
 // TODO: send read state event to all channel members
+// TODO: advance-only notification cursor
 
 export interface MessageAcknowledgeSchema {
 	manual?: boolean;
diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts b/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts
index 6b6a66b2..d93cf70f 100644
--- a/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts
+++ b/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts
@@ -101,7 +101,7 @@ router.get("/:emoji", route({ permission: "VIEW_CHANNEL" }), async (req: Request
 	res.json(users);
 });
 
-router.put("/:emoji/:user_id", route({ permission: "READ_MESSAGE_HISTORY" }), async (req: Request, res: Response) => {
+router.put("/:emoji/:user_id", route({ permission: "READ_MESSAGE_HISTORY", right: "SELF_ADD_REACTIONS" }), async (req: Request, res: Response) => {
 	const { message_id, channel_id, user_id } = req.params;
 	if (user_id !== "@me") throw new HTTPError("Invalid user");
 	const emoji = getEmoji(req.params.emoji);