diff options
author | Nobody <git@n0bodysec.com> | 2022-03-08 09:36:21 -0300 |
---|---|---|
committer | Erkin Alp Güney <erkinalp9035@gmail.com> | 2022-03-08 18:07:28 +0300 |
commit | a3091e9d1acce09d18311d55f75ae2d17ca7b383 (patch) | |
tree | e38cc7f3df3ee24f6091e75293b47bb4b434084e /api/src | |
parent | fix(api): prevent @everyone role duplication (diff) | |
download | server-a3091e9d1acce09d18311d55f75ae2d17ca7b383.tar.xz |
fix(api): don't send @everyone in route response
The response of `PATCH /guilds/{guild.id}/members/{user.id}` should not include "@everyone" role
Diffstat (limited to 'api/src')
-rw-r--r-- | api/src/routes/guilds/#guild_id/members/#member_id/index.ts | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts index 3234a405..34836292 100644 --- a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts +++ b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts @@ -25,16 +25,19 @@ router.patch("/", route({ body: "MemberChangeSchema" }), async (req: Request, re const member = await Member.findOneOrFail({ where: { id: member_id, guild_id }, relations: ["roles", "user"] }); const permission = await getPermission(req.user_id, guild_id); + const everyone = await Role.findOneOrFail({ guild_id: guild_id, name: "@everyone", position: 0 }); if (body.roles) { permission.hasThrow("MANAGE_ROLES"); - const everyone = await Role.findOneOrFail({ guild_id: guild_id, name: "@everyone", position: 0 }); if (body.roles.indexOf(everyone.id) === -1) body.roles.push(everyone.id); member.roles = body.roles.map((x) => new Role({ id: x })); // foreign key constraint will fail if role doesn't exist } await member.save(); + + member.roles = member.roles.filter((x) => x.id !== everyone.id); + // do not use promise.all as we have to first write to db before emitting the event to catch errors await emitEvent({ event: "GUILD_MEMBER_UPDATE", |