summary refs log tree commit diff
path: root/api
diff options
context:
space:
mode:
authorFlam3rboy <34555296+Flam3rboy@users.noreply.github.com>2021-08-15 14:41:50 +0200
committerFlam3rboy <34555296+Flam3rboy@users.noreply.github.com>2021-08-15 14:41:50 +0200
commit503cacb1e007eba546678c9ad5ca6c5936f005d2 (patch)
treeca50a492b53518d3b3a342b5788c240aff7949f4 /api
parent:construction: auto update (diff)
downloadserver-503cacb1e007eba546678c9ad5ca6c5936f005d2.tar.xz
:bug: prevent @everyone role deletion
Diffstat (limited to 'api')
-rw-r--r--api/src/routes/guilds/#guild_id/roles.ts11


1 files changed, 4 insertions, 7 deletions
diff --git a/api/src/routes/guilds/#guild_id/roles.ts b/api/src/routes/guilds/#guild_id/roles.ts
index a4bc44e0..36370bb4 100644
--- a/api/src/routes/guilds/#guild_id/roles.ts
+++ b/api/src/routes/guilds/#guild_id/roles.ts
@@ -67,15 +67,12 @@ router.post("/", check(RoleModifySchema), async (req: Request, res: Response) =>
 router.delete("/:role_id", async (req: Request, res: Response) => {
 	const guild_id = req.params.guild_id;
 	const { role_id } = req.params;
+	if (role_id === guild_id) throw new HTTPError("You can't delete the @everyone role");
 
-	const guild = await GuildModel.findOne({ id: guild_id }, { id: true }).exec();
-	const user = await UserModel.findOne({ id: req.user_id }).exec();
-
-	const perms = await getPermission(req.user_id, guild_id);
-
-	if (!perms.has("MANAGE_ROLES")) throw new HTTPError("You missing the MANAGE_ROLES permission", 401);
+	const permissions = await getPermission(req.user_id, guild_id);
+	permissions.hasThrow("MANAGE_ROLES");
 
-	await RoleModel.findOneAndDelete({
+	await RoleModel.deleteOne({
 		id: role_id,
 		guild_id: guild_id
 	}).exec();

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-20 09:49:19 +0000