diff options
author | Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> | 2021-08-15 14:41:50 +0200 |
---|---|---|
committer | Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> | 2021-08-15 14:41:50 +0200 |
commit | aa5ed0a5baeca5e303e62d3aeb8e4a040641fe92 (patch) | |
tree | 9c2f0e376b8c707cbb66f2c3c88d0d0642eaf9d9 /api/src | |
parent | :construction: auto update (diff) | |
download | server-aa5ed0a5baeca5e303e62d3aeb8e4a040641fe92.tar.xz |
:bug: prevent @everyone role deletion
Diffstat (limited to 'api/src')
-rw-r--r-- | api/src/routes/guilds/#guild_id/roles.ts | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/api/src/routes/guilds/#guild_id/roles.ts b/api/src/routes/guilds/#guild_id/roles.ts index a4bc44e0..36370bb4 100644 --- a/api/src/routes/guilds/#guild_id/roles.ts +++ b/api/src/routes/guilds/#guild_id/roles.ts @@ -67,15 +67,12 @@ router.post("/", check(RoleModifySchema), async (req: Request, res: Response) => router.delete("/:role_id", async (req: Request, res: Response) => { const guild_id = req.params.guild_id; const { role_id } = req.params; + if (role_id === guild_id) throw new HTTPError("You can't delete the @everyone role"); - const guild = await GuildModel.findOne({ id: guild_id }, { id: true }).exec(); - const user = await UserModel.findOne({ id: req.user_id }).exec(); - - const perms = await getPermission(req.user_id, guild_id); - - if (!perms.has("MANAGE_ROLES")) throw new HTTPError("You missing the MANAGE_ROLES permission", 401); + const permissions = await getPermission(req.user_id, guild_id); + permissions.hasThrow("MANAGE_ROLES"); - await RoleModel.findOneAndDelete({ + await RoleModel.deleteOne({ id: role_id, guild_id: guild_id }).exec(); |