diff options
| author | Erkin Alp Güney <erkinalp9035@gmail.com> | 2022-04-08 00:00:22 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-08 00:00:22 +0300 |
| commit | a8bd754d0c52dc41887c5e664d59dec505037a6d (patch) | |
| tree | 31e610ddfb2eb4f2c3898cb7aee2eac8daad2a08 /api | |
| parent | More rights stuff (diff) | |
| download | server-a8bd754d0c52dc41887c5e664d59dec505037a6d.tar.xz | |
Update index.ts
Diffstat (limited to 'api')
| -rw-r--r-- | api/src/routes/channels/#channel_id/messages/#message_id/index.ts | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts index 7f7de264..bdc34a81 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts +++ b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts @@ -1,4 +1,4 @@ -import { Channel, emitEvent, getPermission, MessageDeleteEvent, Message, MessageUpdateEvent } from "@fosscord/util"; +import { Channel, emitEvent, getPermission, getRight MessageDeleteEvent, Message, MessageUpdateEvent } from "@fosscord/util"; import { Router, Response, Request } from "express"; import { route } from "@fosscord/api"; import { handleMessage, postHandleMessage } from "@fosscord/api"; @@ -7,18 +7,21 @@ import { MessageCreateSchema } from "../index"; const router = Router(); // TODO: message content/embed string length limit -router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES" }), async (req: Request, res: Response) => { +router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES", right: "SEND_MESSAGES" }), async (req: Request, res: Response) => { const { message_id, channel_id } = req.params; var body = req.body as MessageCreateSchema; const message = await Message.findOneOrFail({ where: { id: message_id, channel_id }, relations: ["attachments"] }); const permissions = await getPermission(req.user_id, undefined, channel_id); + + const rights = await getRights(req.user_id); - if (req.user_id !== message.author_id) { + if ((req.user_id !== message.author_id)) { + if (rights.has("MANAGE_MESSAGES")) break; permissions.hasThrow("MANAGE_MESSAGES"); body = { flags: body.flags }; // admins can only suppress embeds of other messages - } + } else rights.hasThrow("SELF_EDIT_MESSAGES"); const new_message = await handleMessage({ ...message, @@ -46,17 +49,17 @@ router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGE return res.json(message); }); -// permission check only if deletes messagr from other user router.delete("/", route({}), async (req: Request, res: Response) => { const { message_id, channel_id } = req.params; const channel = await Channel.findOneOrFail({ id: channel_id }); const message = await Message.findOneOrFail({ id: message_id }); - if (message.author_id !== req.user_id) { + if ((message.author_id !== req.user_id)) { + if (rights.has("MANAGE_MESSAGES")) break; const permission = await getPermission(req.user_id, channel.guild_id, channel_id); permission.hasThrow("MANAGE_MESSAGES"); - } + } else rights.hasThrow("SELF_DELETE_MESSAGES"); await Message.delete({ id: message_id }); |