initial progress for admin api feat/admin-api

author: Puyodead1 <puyodead@proton.me> 2023-12-20 03:33:28 -0500
committer: Puyodead1 <puyodead@proton.me> 2023-12-20 03:33:28 -0500
commit: e34887261f8d86aa4e98f4b8ccd6e57ce72c6620 (patch)
tree: b7cb601c7e818349b3000eaf20bc75e44c22ff87 /src/api/routes/guilds/#guild_id/roles
parent: add missing license headers (diff)
download: server-feat/admin-api.tar.xz
4 files changed, 24 insertions, 11 deletions
diff --git a/src/api/routes/guilds/#guild_id/roles/#role_id/index.ts b/src/api/routes/guilds/#guild_id/roles/#role_id/index.ts
index ea1a782a..d854c1f1 100644
--- a/src/api/routes/guilds/#guild_id/roles/#role_id/index.ts
+++ b/src/api/routes/guilds/#guild_id/roles/#role_id/index.ts
@@ -19,6 +19,7 @@
 import { route } from "@spacebar/api";
 import {
 	emitEvent,
+	getRights,
 	GuildRoleDeleteEvent,
 	GuildRoleUpdateEvent,
 	handleFile,
@@ -48,7 +49,10 @@ router.get(
 	}),
 	async (req: Request, res: Response) => {
 		const { guild_id, role_id } = req.params;
-		await Member.IsInGuildOrFail(req.user_id, guild_id);
+		const rights = await getRights(req.user_id);
+		// admins dont need to be in the guild
+		if (!rights.has("OPERATOR"))
+			await Member.IsInGuildOrFail(req.user_id, guild_id);
 		const role = await Role.findOneOrFail({
 			where: { guild_id, id: role_id },
 		});
@@ -59,6 +63,7 @@ router.get(
 router.delete(
 	"/",
 	route({
+		right: "OPERATOR",
 		permission: "MANAGE_ROLES",
 		responses: {
 			204: {},
@@ -103,6 +108,7 @@ router.patch(
 	"/",
 	route({
 		requestBody: "RoleModifySchema",
+		right: "OPERATOR",
 		permission: "MANAGE_ROLES",
 		responses: {
 			200: {
diff --git a/src/api/routes/guilds/#guild_id/roles/#role_id/members.ts b/src/api/routes/guilds/#guild_id/roles/#role_id/members.ts
index 539cd5d8..22744abe 100644
--- a/src/api/routes/guilds/#guild_id/roles/#role_id/members.ts
+++ b/src/api/routes/guilds/#guild_id/roles/#role_id/members.ts
@@ -16,15 +16,15 @@
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 
-import { Router, Request, Response } from "express";
-import { DiscordApiErrors, Member, partition } from "@spacebar/util";
 import { route } from "@spacebar/api";
+import { DiscordApiErrors, Member, partition } from "@spacebar/util";
+import { Request, Response, Router } from "express";
 
 const router = Router();
 
 router.patch(
 	"/",
-	route({ permission: "MANAGE_ROLES" }),
+	route({ permission: "MANAGE_ROLES", right: "OPERATOR" }),
 	async (req: Request, res: Response) => {
 		// Payload is JSON containing a list of member_ids, the new list of members to have the role
 		const { guild_id, role_id } = req.params;
diff --git a/src/api/routes/guilds/#guild_id/roles/index.ts b/src/api/routes/guilds/#guild_id/roles/index.ts
index e2c34e7f..4f56232d 100644
--- a/src/api/routes/guilds/#guild_id/roles/index.ts
+++ b/src/api/routes/guilds/#guild_id/roles/index.ts
@@ -49,6 +49,7 @@ router.post(
 	route({
 		requestBody: "RoleModifySchema",
 		permission: "MANAGE_ROLES",
+		right: "OPERATOR",
 		responses: {
 			200: {
 				body: "Role",
@@ -65,11 +66,14 @@ router.post(
 		const guild_id = req.params.guild_id;
 		const body = req.body as RoleModifySchema;
 
-		const role_count = await Role.count({ where: { guild_id } });
-		const { maxRoles } = Config.get().limits.guild;
+		// admins can bypass this
+		if (!req.has_right) {
+			const role_count = await Role.count({ where: { guild_id } });
+			const { maxRoles } = Config.get().limits.guild;
 
-		if (role_count > maxRoles)
-			throw DiscordApiErrors.MAXIMUM_ROLES.withParams(maxRoles);
+			if (role_count > maxRoles)
+				throw DiscordApiErrors.MAXIMUM_ROLES.withParams(maxRoles);
+		}
 
 		const role = Role.create({
 			// values before ...body are default and can be overriden
diff --git a/src/api/routes/guilds/#guild_id/roles/member-counts.ts b/src/api/routes/guilds/#guild_id/roles/member-counts.ts
index 88243b42..8b098dcf 100644
--- a/src/api/routes/guilds/#guild_id/roles/member-counts.ts
+++ b/src/api/routes/guilds/#guild_id/roles/member-counts.ts
@@ -16,16 +16,19 @@
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 
-import { Request, Response, Router } from "express";
-import { Role, Member } from "@spacebar/util";
 import { route } from "@spacebar/api";
+import { Member, Role, getRights } from "@spacebar/util";
+import { Request, Response, Router } from "express";
 import {} from "typeorm";
 
 const router: Router = Router();
 
 router.get("/", route({}), async (req: Request, res: Response) => {
 	const { guild_id } = req.params;
-	await Member.IsInGuildOrFail(req.user_id, guild_id);
+	const rights = await getRights(req.user_id);
+	// admins dont need to be in the guild
+	if (!rights.has("OPERATOR"))
+		await Member.IsInGuildOrFail(req.user_id, guild_id);
 
 	const role_ids = await Role.find({ where: { guild_id }, select: ["id"] });
 	const counts: { [id: string]: number } = {};
author	Puyodead1 <puyodead@proton.me>	2023-12-20 03:33:28 -0500
committer	Puyodead1 <puyodead@proton.me>	2023-12-20 03:33:28 -0500
commit	e34887261f8d86aa4e98f4b8ccd6e57ce72c6620 (patch)
tree	b7cb601c7e818349b3000eaf20bc75e44c22ff87 /src/api/routes/guilds/#guild_id/roles
parent	add missing license headers (diff)
download	server-feat/admin-api.tar.xz