prevent put /guilds/id/members/id for others until we have oauth2 scopes impled

author: Madeline <46743919+MaddyUnderStars@users.noreply.github.com> 2023-08-27 16:54:54 +1000
committer: Madeline <46743919+MaddyUnderStars@users.noreply.github.com> 2023-08-27 16:54:54 +1000
commit: 3498ffdc013e82efec16aa7b985f1e3d08bdfe99 (patch)
tree: 7ba507e8454cf44fb2c066a85b1f9a86a19db2e7
parent: what the fuck is session_id: "all"??? (diff)
download: server-3498ffdc013e82efec16aa7b985f1e3d08bdfe99.tar.xz
1 files changed, 4 insertions, 1 deletions
diff --git a/src/api/routes/guilds/#guild_id/members/#member_id/index.ts b/src/api/routes/guilds/#guild_id/members/#member_id/index.ts
index cafb922e..c168f2dc 100644
--- a/src/api/routes/guilds/#guild_id/members/#member_id/index.ts
+++ b/src/api/routes/guilds/#guild_id/members/#member_id/index.ts
@@ -18,6 +18,7 @@
 
 import { route } from "@spacebar/api";
 import {
+	DiscordApiErrors,
 	emitEvent,
 	Emoji,
 	getPermission,
@@ -198,7 +199,9 @@ router.put(
 			member_id = req.user_id;
 			rights.hasThrow("JOIN_GUILDS");
 		} else {
-			// TODO: join others by controller
+			// TODO: check oauth2 scope
+
+			throw DiscordApiErrors.MISSING_REQUIRED_OAUTH2_SCOPE;
 		}
 
 		const guild = await Guild.findOneOrFail({
author	Madeline <46743919+MaddyUnderStars@users.noreply.github.com>	2023-08-27 16:54:54 +1000
committer	Madeline <46743919+MaddyUnderStars@users.noreply.github.com>	2023-08-27 16:54:54 +1000
commit	3498ffdc013e82efec16aa7b985f1e3d08bdfe99 (patch)
tree	7ba507e8454cf44fb2c066a85b1f9a86a19db2e7
parent	what the fuck is session_id: "all"??? (diff)
download	server-3498ffdc013e82efec16aa7b985f1e3d08bdfe99.tar.xz