Merge branch 'master' into maddyrtc

3 files changed, 32 insertions, 11 deletions

diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts

index 7ccf34d7..1ce41936 100644
--- a/api/src/routes/guilds/#guild_id/bans.ts
+++ b/api/src/routes/guilds/#guild_id/bans.ts
@@ -33,17 +33,32 @@ router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res:
 	const { guild_id } = req.params;
 
 	let bans = await Ban.find({ guild_id: guild_id });
+	let promisesToAwait: object[] = [];
+	const bansObj: object[] = [];
 
-	/* Filter secret from database registry.*/
+	bans.filter((ban) => ban.user_id !== ban.executor_id); // pretend self-bans don't exist to prevent victim chasing
 
-	bans.filter(ban => ban.user_id !== ban.executor_id);
-	// pretend self-bans don't exist to prevent victim chasing
-	
-	bans.forEach((registry: BanRegistrySchema) => {
-	delete registry.ip;
+	bans.forEach((ban) => {
+		promisesToAwait.push(User.getPublicUser(ban.user_id));
 	});
-	
-	return res.json(bans);
+
+	const bannedUsers: object[] = await Promise.all(promisesToAwait);
+
+	bans.forEach((ban, index) => {
+		const user = bannedUsers[index] as User;
+		bansObj.push({
+			reason: ban.reason,
+			user: {
+				username: user.username,
+				discriminator: user.discriminator,
+				id: user.id,
+				avatar: user.avatar,
+				public_flags: user.public_flags
+			}
+		});
+	});
+
+	return res.json(bansObj);
 });
 
 router.get("/:user", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => {
diff --git a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts

index 24c74af7..34836292 100644
--- a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
+++ b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
@@ -25,13 +25,19 @@ router.patch("/", route({ body: "MemberChangeSchema" }), async (req: Request, re
 
 	const member = await Member.findOneOrFail({ where: { id: member_id, guild_id }, relations: ["roles", "user"] });
 	const permission = await getPermission(req.user_id, guild_id);
+	const everyone = await Role.findOneOrFail({ guild_id: guild_id, name: "@everyone", position: 0 });
 
 	if (body.roles) {
 		permission.hasThrow("MANAGE_ROLES");
+
+		if (body.roles.indexOf(everyone.id) === -1) body.roles.push(everyone.id);
 		member.roles = body.roles.map((x) => new Role({ id: x })); // foreign key constraint will fail if role doesn't exist
 	}
 
 	await member.save();
+
+	member.roles = member.roles.filter((x) => x.id !== everyone.id);
+
 	// do not use promise.all as we have to first write to db before emitting the event to catch errors
 	await emitEvent({
 		event: "GUILD_MEMBER_UPDATE",
diff --git a/api/src/routes/users/@me/notes.ts b/api/src/routes/users/@me/notes.ts

index 2ef27bc0..96067bf5 100644
--- a/api/src/routes/users/@me/notes.ts
+++ b/api/src/routes/users/@me/notes.ts
@@ -6,9 +6,9 @@ const router: Router = Router();
 router.put("/:id", route({}), async (req: Request, res: Response) => {
 	//TODO
 	res.json({
-		message: "400: Bad Request",
-		code: 0
-	}).status(400);
+		message: "Unknown User",
+		code: 10013
+	}).status(404);
 });
 
 export default router;