fix(api): always add @everyone in user's roles

When you add or delete an user's role, you MUST always add "@everyone" role to the roles map
author: Nobody <git@n0bodysec.com> 2022-03-08 09:18:19 -0300
committer: Erkin Alp Güney <erkinalp9035@gmail.com> 2022-03-08 18:07:28 +0300
commit: 4a617faf02d931e5c69a509aa3764ef2b8999bea (patch)
tree: 9987c58282e7a7893aa03fcb6216618dc0f5c6f2 /api
parent: refactor(gateway): delete hardcoded guild boosts (diff)
download: server-4a617faf02d931e5c69a509aa3764ef2b8999bea.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
index 24c74af7..c33eb2fe 100644
--- a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
+++ b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
@@ -28,6 +28,9 @@ router.patch("/", route({ body: "MemberChangeSchema" }), async (req: Request, re
 
 	if (body.roles) {
 		permission.hasThrow("MANAGE_ROLES");
+
+		const everyone = await Role.findOneOrFail({ guild_id: guild_id, name: "@everyone", position: 0 });
+		body.roles.push(everyone?.id);
 		member.roles = body.roles.map((x) => new Role({ id: x })); // foreign key constraint will fail if role doesn't exist
 	}
author	Nobody <git@n0bodysec.com>	2022-03-08 09:18:19 -0300
committer	Erkin Alp Güney <erkinalp9035@gmail.com>	2022-03-08 18:07:28 +0300
commit	4a617faf02d931e5c69a509aa3764ef2b8999bea (patch)
tree	9987c58282e7a7893aa03fcb6216618dc0f5c6f2 /api
parent	refactor(gateway): delete hardcoded guild boosts (diff)
download	server-4a617faf02d931e5c69a509aa3764ef2b8999bea.tar.xz