diff options
| author | Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> | 2021-02-19 15:42:15 +0100 |
|---|---|---|
| committer | Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> | 2021-02-19 15:42:15 +0100 |
| commit | 00ef8958b99d5f7b5ac129304ccff465165560db (patch) | |
| tree | 1acf0f2b6eb4a6334dc001f26cc6b6a8f4e6f679 /src/routes | |
| parent | :bug: update user model on guild creation (diff) | |
| download | server-00ef8958b99d5f7b5ac129304ccff465165560db.tar.xz | |
:art: [Guild] check if user is allowed to created a guild
Diffstat (limited to 'src/routes')
| -rw-r--r-- | src/routes/api/v8/guilds/index.ts | 15 |
1 files changed, 5 insertions, 10 deletions
diff --git a/src/routes/api/v8/guilds/index.ts b/src/routes/api/v8/guilds/index.ts index 3aace64b..aec83d09 100644 --- a/src/routes/api/v8/guilds/index.ts +++ b/src/routes/api/v8/guilds/index.ts @@ -10,8 +10,6 @@ import { Snowflake, getPermission, Guild, - Member, - PublicMember, } from "fosscord-server-util"; import { HTTPError } from "lambert-server"; import { check } from "./../../../../util/instanceOf"; @@ -37,7 +35,6 @@ router.patch("/:id", check(GuildUpdateSchema), async (req: Request, res: Respons const body = req.body as GuildUpdateSchema; const guild_id = BigInt(req.params.id); - // // TODO: check permission of member const perms = await getPermission(req.userid, guild_id); if (!perms.has("MANAGE_GUILD")) throw new HTTPError("User is missing the 'MANAGE_GUILD' permission", 401); @@ -47,12 +44,13 @@ router.patch("/:id", check(GuildUpdateSchema), async (req: Request, res: Respons return res.status(204); }); -// // TODO: finish POST route router.post("/", check(GuildCreateSchema), async (req: Request, res: Response) => { const body = req.body as GuildCreateSchema; - // // TODO: check if user is in more than (config max guilds) - const { maxGuilds } = Config.get().limits.user; + // TODO: allow organization admins to bypass this + // TODO: comprehensive organization wide permission management + if (!Config.get().permissions.user.createGuilds) throw new HTTPError("You are not allowed to create guilds", 401); + const user = await UserModel.findOne( { id: req.userid }, "guilds username discriminator id public_flags avatar" @@ -60,7 +58,7 @@ router.post("/", check(GuildCreateSchema), async (req: Request, res: Response) = if (!user) throw new HTTPError("User not found", 404); - if (user.guilds.length >= maxGuilds) { + if (user.guilds.length >= Config.get().limits.user.maxGuilds) { throw new HTTPError("User is already in 100 guilds", 403); } @@ -105,7 +103,6 @@ router.post("/", check(GuildCreateSchema), async (req: Request, res: Response) = try { await new GuildModel(guild).save(); - // // TODO: insert default everyone role await new RoleModel({ id: guildID, guild_id: guildID, @@ -119,7 +116,6 @@ router.post("/", check(GuildCreateSchema), async (req: Request, res: Response) = tags: null, }).save(); - // // TODO: automatically add user to guild const member = { id: req.userid, guild_id: guildID, @@ -153,7 +149,6 @@ router.post("/", check(GuildCreateSchema), async (req: Request, res: Response) = user.guilds.push(guildID.toString()); await user.save(); - // // TODO: emit Event await emitEvent({ event: "GUILD_MEMBER_ADD", data: { |