fix(api): always add @everyone in user's roles

When you add or delete an user's role, you MUST always add "@everyone" role to the roles map
author: Nobody <git@n0bodysec.com> 2022-03-08 09:18:19 -0300
committer: Erkin Alp Güney <erkinalp9035@gmail.com> 2022-03-08 18:07:28 +0300
commit: 8b5a9171862e9bc14b9a6cb4a612d87966ea327a (patch)
tree: dbdd489a169d6243a017511e1c1f09321b855e26 /api/src/routes
parent: refactor(gateway): delete hardcoded guild boosts (diff)
download: server-8b5a9171862e9bc14b9a6cb4a612d87966ea327a.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
index 24c74af7..c33eb2fe 100644
--- a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
+++ b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
@@ -28,6 +28,9 @@ router.patch("/", route({ body: "MemberChangeSchema" }), async (req: Request, re
 
 	if (body.roles) {
 		permission.hasThrow("MANAGE_ROLES");
+
+		const everyone = await Role.findOneOrFail({ guild_id: guild_id, name: "@everyone", position: 0 });
+		body.roles.push(everyone?.id);
 		member.roles = body.roles.map((x) => new Role({ id: x })); // foreign key constraint will fail if role doesn't exist
 	}
author	Nobody <git@n0bodysec.com>	2022-03-08 09:18:19 -0300
committer	Erkin Alp Güney <erkinalp9035@gmail.com>	2022-03-08 18:07:28 +0300
commit	8b5a9171862e9bc14b9a6cb4a612d87966ea327a (patch)
tree	dbdd489a169d6243a017511e1c1f09321b855e26 /api/src/routes
parent	refactor(gateway): delete hardcoded guild boosts (diff)
download	server-8b5a9171862e9bc14b9a6cb4a612d87966ea327a.tar.xz