diff --git a/api/src/routes/channels/#channel_id/pins.ts b/api/src/routes/channels/#channel_id/pins.ts
index 33309c86..e71e659f 100644
--- a/api/src/routes/channels/#channel_id/pins.ts
+++ b/api/src/routes/channels/#channel_id/pins.ts
@@ -1,19 +1,26 @@
-import { Channel, ChannelPinsUpdateEvent, Config, emitEvent, getPermission, Message, MessageUpdateEvent } from "@fosscord/util";
+import {
+ Channel,
+ ChannelPinsUpdateEvent,
+ Config,
+ emitEvent,
+ getPermission,
+ Message,
+ MessageUpdateEvent,
+ DiscordApiErrors
+} from "@fosscord/util";
import { Router, Request, Response } from "express";
import { HTTPError } from "lambert-server";
-import { DiscordApiErrors } from "@fosscord/util";
+import { route } from "@fosscord/api";
const router: Router = Router();
-router.put("/:message_id", async (req: Request, res: Response) => {
+router.put("/:message_id", route({ permission: "VIEW_CHANNEL" }), async (req: Request, res: Response) => {
const { channel_id, message_id } = req.params;
const message = await Message.findOneOrFail({ id: message_id });
- const permission = await getPermission(req.user_id, message.guild_id, channel_id);
- permission.hasThrow("VIEW_CHANNEL");
// * in dm channels anyone can pin messages -> only check for guilds
- if (message.guild_id) permission.hasThrow("MANAGE_MESSAGES");
+ if (message.guild_id) req.permission!.hasThrow("MANAGE_MESSAGES");
const pinned_count = await Message.count({ channel: { id: channel_id }, pinned: true });
const { maxPins } = Config.get().limits.channel;
@@ -26,7 +33,6 @@ router.put("/:message_id", async (req: Request, res: Response) => {
channel_id,
data: message
} as MessageUpdateEvent),
-
emitEvent({
event: "CHANNEL_PINS_UPDATE",
channel_id,
@@ -41,14 +47,11 @@ router.put("/:message_id", async (req: Request, res: Response) => {
res.sendStatus(204);
});
-router.delete("/:message_id", async (req: Request, res: Response) => {
+router.delete("/:message_id", route({ permission: "VIEW_CHANNEL" }), async (req: Request, res: Response) => {
const { channel_id, message_id } = req.params;
const channel = await Channel.findOneOrFail({ id: channel_id });
-
- const permission = await getPermission(req.user_id, channel.guild_id, channel_id);
- permission.hasThrow("VIEW_CHANNEL");
- if (channel.guild_id) permission.hasThrow("MANAGE_MESSAGES");
+ if (channel.guild_id) req.permission!.hasThrow("MANAGE_MESSAGES");
const message = await Message.findOneOrFail({ id: message_id });
message.pinned = false;
@@ -76,13 +79,9 @@ router.delete("/:message_id", async (req: Request, res: Response) => {
res.sendStatus(204);
});
-router.get("/", async (req: Request, res: Response) => {
+router.get("/", route({ permission: ["READ_MESSAGE_HISTORY"] }), async (req: Request, res: Response) => {
const { channel_id } = req.params;
- const channel = await Channel.findOneOrFail({ id: channel_id });
- const permission = await getPermission(req.user_id, channel.guild_id, channel_id);
- permission.hasThrow("VIEW_CHANNEL");
-
let pins = await Message.find({ channel_id: channel_id, pinned: true });
res.send(pins);
|
