summary refs log tree commit diff
path: root/src/api
diff options
context:
space:
mode:
authorMadeline <46743919+MaddyUnderStars@users.noreply.github.com>2022-12-05 19:16:40 +1100
committerMadeline <46743919+MaddyUnderStars@users.noreply.github.com>2022-12-05 19:16:40 +1100
commitb68ac6a54d01962f1ebdba31b07d41ed7fa04c7a (patch)
tree2b69d465c8d2229c496e1751bac7c90c5b7c12e4 /src/api
parentFix prune (diff)
downloadserver-b68ac6a54d01962f1ebdba31b07d41ed7fa04c7a.tar.xz
Fix bug allowing any member from kicking any member instance-wide
Diffstat (limited to 'src/api')
-rw-r--r--src/api/routes/guilds/#guild_id/members/#member_id/index.ts6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/api/routes/guilds/#guild_id/members/#member_id/index.ts b/src/api/routes/guilds/#guild_id/members/#member_id/index.ts
index 2d867920..28085752 100644
--- a/src/api/routes/guilds/#guild_id/members/#member_id/index.ts
+++ b/src/api/routes/guilds/#guild_id/members/#member_id/index.ts
@@ -109,10 +109,10 @@ router.put("/", route({}), async (req: Request, res: Response) => {
 });
 
 router.delete("/", route({}), async (req: Request, res: Response) => {
-	const permission = await getPermission(req.user_id);
-	const rights = await getRights(req.user_id);
 	const { guild_id, member_id } = req.params;
-	if (member_id !== "@me" || member_id === req.user_id) {
+	const permission = await getPermission(req.user_id, guild_id);
+	const rights = await getRights(req.user_id);
+	if (member_id === "@me" || member_id === req.user_id) {
 		// TODO: unless force-joined
 		rights.hasThrow("SELF_LEAVE_GROUPS");
 	} else {