rights enforcement in guild create

author: Erkin Alp Güney <erkinalp9035@gmail.com> 2022-04-08 11:29:04 +0300
committer: GitHub <noreply@github.com> 2022-04-08 11:29:04 +0300
commit: a4e4d40bb967a73130363b134cf9072e08ea4d3f (patch)
tree: e32c59e7c715268ec9817f5e55b6aecbed38cb9c /api
parent: MANAGE_GUILDS (diff)
download: server-a4e4d40bb967a73130363b134cf9072e08ea4d3f.tar.xz
1 files changed, 4 insertions, 3 deletions
diff --git a/api/src/routes/guilds/index.ts b/api/src/routes/guilds/index.ts
index 7b676211..10721413 100644
--- a/api/src/routes/guilds/index.ts
+++ b/api/src/routes/guilds/index.ts
@@ -1,5 +1,5 @@
 import { Router, Request, Response } from "express";
-import { Role, Guild, Snowflake, Config, Member, Channel, DiscordApiErrors, handleFile } from "@fosscord/util";
+import { Role, Guild, Snowflake, Config, getRights, Member, Channel, DiscordApiErrors, handleFile } from "@fosscord/util";
 import { route } from "@fosscord/api";
 import { ChannelModifySchema } from "../channels/#channel_id";
 
@@ -20,12 +20,13 @@ export interface GuildCreateSchema {
 
 //TODO: create default channel
 
-router.post("/", route({ body: "GuildCreateSchema" }), async (req: Request, res: Response) => {
+router.post("/", route({ body: "GuildCreateSchema", right: "CREATE_GUILDS" }), async (req: Request, res: Response) => {
 	const body = req.body as GuildCreateSchema;
 
 	const { maxGuilds } = Config.get().limits.user;
 	const guild_count = await Member.count({ id: req.user_id });
-	if (guild_count >= maxGuilds) {
+	const rights = await getRights(req.user_id);
+	if ((guild_count >= maxGuilds)&&!rights.has("MANAGE_GUILDS")) {
 		throw DiscordApiErrors.MAXIMUM_GUILDS.withParams(maxGuilds);
 	}
author	Erkin Alp Güney <erkinalp9035@gmail.com>	2022-04-08 11:29:04 +0300
committer	GitHub <noreply@github.com>	2022-04-08 11:29:04 +0300
commit	a4e4d40bb967a73130363b134cf9072e08ea4d3f (patch)
tree	e32c59e7c715268ec9817f5e55b6aecbed38cb9c /api
parent	MANAGE_GUILDS (diff)
download	server-a4e4d40bb967a73130363b134cf9072e08ea4d3f.tar.xz