diff options
author | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-12-05 19:16:40 +1100 |
---|---|---|
committer | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-12-05 19:16:40 +1100 |
commit | b68ac6a54d01962f1ebdba31b07d41ed7fa04c7a (patch) | |
tree | 2b69d465c8d2229c496e1751bac7c90c5b7c12e4 /src/api | |
parent | Fix prune (diff) | |
download | server-b68ac6a54d01962f1ebdba31b07d41ed7fa04c7a.tar.xz |
Fix bug allowing any member from kicking any member instance-wide
Diffstat (limited to 'src/api')
-rw-r--r-- | src/api/routes/guilds/#guild_id/members/#member_id/index.ts | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/api/routes/guilds/#guild_id/members/#member_id/index.ts b/src/api/routes/guilds/#guild_id/members/#member_id/index.ts index 2d867920..28085752 100644 --- a/src/api/routes/guilds/#guild_id/members/#member_id/index.ts +++ b/src/api/routes/guilds/#guild_id/members/#member_id/index.ts @@ -109,10 +109,10 @@ router.put("/", route({}), async (req: Request, res: Response) => { }); router.delete("/", route({}), async (req: Request, res: Response) => { - const permission = await getPermission(req.user_id); - const rights = await getRights(req.user_id); const { guild_id, member_id } = req.params; - if (member_id !== "@me" || member_id === req.user_id) { + const permission = await getPermission(req.user_id, guild_id); + const rights = await getRights(req.user_id); + if (member_id === "@me" || member_id === req.user_id) { // TODO: unless force-joined rights.hasThrow("SELF_LEAVE_GROUPS"); } else { |