1 files changed, 23 insertions, 21 deletions

diff --git a/api/src/routes/guilds/#guild_id/roles.ts b/api/src/routes/guilds/#guild_id/roles.ts
index 6a318688..6b2902d9 100644
--- a/api/src/routes/guilds/#guild_id/roles.ts
+++ b/api/src/routes/guilds/#guild_id/roles.ts
@@ -2,23 +2,34 @@ import { Request, Response, Router } from "express";
 import {
 	Role,
 	getPermission,
-	Snowflake,
 	Member,
 	GuildRoleCreateEvent,
 	GuildRoleUpdateEvent,
 	GuildRoleDeleteEvent,
 	emitEvent,
-	Config
+	Config,
+	DiscordApiErrors
 } from "@fosscord/util";
 import { HTTPError } from "lambert-server";
-
-import { check } from "../../../util/instanceOf";
-import { RoleModifySchema, RolePositionUpdateSchema } from "../../../schema/Roles";
-import { DiscordApiErrors } from "@fosscord/util";
+import { check, route } from "@fosscord/api";
 import { In } from "typeorm";
 
 const router: Router = Router();
 
+export interface RoleModifySchema {
+	name?: string;
+	permissions?: bigint;
+	color?: number;
+	hoist?: boolean; // whether the role should be displayed separately in the sidebar
+	mentionable?: boolean; // whether the role should be mentionable
+	position?: number;
+}
+
+export type RolePositionUpdateSchema = {
+	id: string;
+	position: number;
+}[];
+
 router.get("/", async (req: Request, res: Response) => {
 	const guild_id = req.params.guild_id;
 
@@ -29,13 +40,10 @@ router.get("/", async (req: Request, res: Response) => {
 	return res.json(roles);
 });
 
-router.post("/", check(RoleModifySchema), async (req: Request, res: Response) => {
+router.post("/", route({ body: "RoleModifySchema", permission: "MANAGE_ROLES" }), async (req: Request, res: Response) => {
 	const guild_id = req.params.guild_id;
 	const body = req.body as RoleModifySchema;
 
-	const perms = await getPermission(req.user_id, guild_id);
-	perms.hasThrow("MANAGE_ROLES");
-
 	const role_count = await Role.count({ guild_id });
 	const { maxRoles } = Config.get().limits.guild;
 
@@ -50,7 +58,7 @@ router.post("/", check(RoleModifySchema), async (req: Request, res: Response) =>
 		...body,
 		guild_id: guild_id,
 		managed: false,
-		permissions: String(perms.bitfield & (body.permissions || 0n)),
+		permissions: String(req.permission!.bitfield & (body.permissions || 0n)),
 		tags: undefined
 	});
 
@@ -69,14 +77,11 @@ router.post("/", check(RoleModifySchema), async (req: Request, res: Response) =>
 	res.json(role);
 });
 
-router.delete("/:role_id", async (req: Request, res: Response) => {
+router.delete("/:role_id", route({ permission: "MANAGE_ROLES" }), async (req: Request, res: Response) => {
 	const guild_id = req.params.guild_id;
 	const { role_id } = req.params;
 	if (role_id === guild_id) throw new HTTPError("You can't delete the @everyone role");
 
-	const permissions = await getPermission(req.user_id, guild_id);
-	permissions.hasThrow("MANAGE_ROLES");
-
 	await Promise.all([
 		Role.delete({
 			id: role_id,
@@ -97,14 +102,11 @@ router.delete("/:role_id", async (req: Request, res: Response) => {
 
 // TODO: check role hierarchy
 
-router.patch("/:role_id", check(RoleModifySchema), async (req: Request, res: Response) => {
+router.patch("/:role_id", route({ body: "RoleModifySchema", permission: "MANAGE_ROLES" }), async (req: Request, res: Response) => {
 	const { role_id, guild_id } = req.params;
 	const body = req.body as RoleModifySchema;
 
-	const perms = await getPermission(req.user_id, guild_id);
-	perms.hasThrow("MANAGE_ROLES");
-
-	const role = new Role({ ...body, id: role_id, guild_id, permissions: String(perms.bitfield & (body.permissions || 0n)) });
+	const role = new Role({ ...body, id: role_id, guild_id, permissions: String(req.permission!.bitfield & (body.permissions || 0n)) });
 
 	await Promise.all([
 		role.save(),
@@ -121,7 +123,7 @@ router.patch("/:role_id", check(RoleModifySchema), async (req: Request, res: Res
 	res.json(role);
 });
 
-router.patch("/", check(RolePositionUpdateSchema), async (req: Request, res: Response) => {
+router.patch("/", route({ body: "RolePositionUpdateSchema" }), async (req: Request, res: Response) => {
 	const { guild_id } = req.params;
 	const body = req.body as RolePositionUpdateSchema;