1 files changed, 41 insertions, 41 deletions

diff --git a/api/src/routes/channels/#channel_id/permissions.ts b/api/src/routes/channels/#channel_id/permissions.ts
index 0465ca31..827e46f2 100644
--- a/api/src/routes/channels/#channel_id/permissions.ts
+++ b/api/src/routes/channels/#channel_id/permissions.ts
@@ -2,61 +2,61 @@ import { Channel, ChannelPermissionOverwrite, ChannelUpdateEvent, emitEvent, get
 import { Router, Response, Request } from "express";
 import { HTTPError } from "lambert-server";
 
-import { check } from "@fosscord/api";
+import { check, route } from "@fosscord/api";
 const router: Router = Router();
 
 // TODO: Only permissions your bot has in the guild or channel can be allowed/denied (unless your bot has a MANAGE_ROLES overwrite in the channel)
 
-router.put("/:overwrite_id", check({ allow: String, deny: String, type: Number, id: String }), async (req: Request, res: Response) => {
-	const { channel_id, overwrite_id } = req.params;
-	const body = req.body as { allow: bigint; deny: bigint; type: number; id: string };
+export interface ChannelPermissionOverwriteSchema extends ChannelPermissionOverwrite {}
 
-	var channel = await Channel.findOneOrFail({ id: channel_id });
-	if (!channel.guild_id) throw new HTTPError("Channel not found", 404);
+router.put(
+	"/:overwrite_id",
+	route({ body: "ChannelPermissionOverwriteSchema", permission: "MANAGE_ROLES" }),
+	async (req: Request, res: Response) => {
+		const { channel_id, overwrite_id } = req.params;
+		const body = req.body as { allow: bigint; deny: bigint; type: number; id: string };
 
-	const permissions = await getPermission(req.user_id, channel.guild_id, channel_id);
-	permissions.hasThrow("MANAGE_ROLES");
+		var channel = await Channel.findOneOrFail({ id: channel_id });
+		if (!channel.guild_id) throw new HTTPError("Channel not found", 404);
 
-	if (body.type === 0) {
-		if (!(await Role.count({ id: overwrite_id }))) throw new HTTPError("role not found", 404);
-	} else if (body.type === 1) {
-		if (!(await Member.count({ id: overwrite_id }))) throw new HTTPError("user not found", 404);
-	} else throw new HTTPError("type not supported", 501);
+		if (body.type === 0) {
+			if (!(await Role.count({ id: overwrite_id }))) throw new HTTPError("role not found", 404);
+		} else if (body.type === 1) {
+			if (!(await Member.count({ id: overwrite_id }))) throw new HTTPError("user not found", 404);
+		} else throw new HTTPError("type not supported", 501);
 
-	// @ts-ignore
-	var overwrite: ChannelPermissionOverwrite = channel.permission_overwrites.find((x) => x.id === overwrite_id);
-	if (!overwrite) {
 		// @ts-ignore
-		overwrite = {
-			id: overwrite_id,
-			type: body.type,
-			allow: body.allow,
-			deny: body.deny
-		};
-		channel.permission_overwrites.push(overwrite);
+		var overwrite: ChannelPermissionOverwrite = channel.permission_overwrites.find((x) => x.id === overwrite_id);
+		if (!overwrite) {
+			// @ts-ignore
+			overwrite = {
+				id: overwrite_id,
+				type: body.type,
+				allow: body.allow,
+				deny: body.deny
+			};
+			channel.permission_overwrites.push(overwrite);
+		}
+		overwrite.allow = body.allow;
+		overwrite.deny = body.deny;
+
+		await Promise.all([
+			channel.save(),
+			emitEvent({
+				event: "CHANNEL_UPDATE",
+				channel_id,
+				data: channel
+			} as ChannelUpdateEvent)
+		]);
+
+		return res.sendStatus(204);
 	}
-	overwrite.allow = body.allow;
-	overwrite.deny = body.deny;
-
-	// @ts-ignore
-	channel = await Channel.findOneOrFailAndUpdate({ id: channel_id }, channel, { new: true });
-
-	await emitEvent({
-		event: "CHANNEL_UPDATE",
-		channel_id,
-		data: channel
-	} as ChannelUpdateEvent);
-
-	return res.sendStatus(204);
-});
+);
 
 // TODO: check permission hierarchy
-router.delete("/:overwrite_id", async (req: Request, res: Response) => {
+router.delete("/:overwrite_id", route({ permission: "MANAGE_ROLES" }), async (req: Request, res: Response) => {
 	const { channel_id, overwrite_id } = req.params;
 
-	const permissions = await getPermission(req.user_id, undefined, channel_id);
-	permissions.hasThrow("MANAGE_ROLES");
-
 	const channel = await Channel.findOneOrFail({ id: channel_id });
 	if (!channel.guild_id) throw new HTTPError("Channel not found", 404);