diff options
Diffstat (limited to 'api/src/routes/guilds/#guild_id')
| -rw-r--r-- | api/src/routes/guilds/#guild_id/members/#member_id/index.ts | 38 | ||||
| -rw-r--r-- | api/src/routes/guilds/#guild_id/members/index.ts | 1 | ||||
| -rw-r--r-- | api/src/routes/guilds/#guild_id/prune.ts | 8 | ||||
| -rw-r--r-- | api/src/routes/guilds/#guild_id/roles/#role_id/index.ts | 68 | ||||
| -rw-r--r-- | api/src/routes/guilds/#guild_id/roles/index.ts (renamed from api/src/routes/guilds/#guild_id/roles.ts) | 53 |
5 files changed, 103 insertions, 65 deletions
diff --git a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts index 34836292..c285abb3 100644 --- a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts +++ b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts @@ -1,5 +1,5 @@ import { Request, Response, Router } from "express"; -import { Member, getPermission, Role, GuildMemberUpdateEvent, emitEvent, Sticker, Emoji, Guild } from "@fosscord/util"; +import { Member, getPermission, getRights, Role, GuildMemberUpdateEvent, emitEvent, Sticker, Emoji, Rights, Guild } from "@fosscord/util"; import { HTTPError } from "lambert-server"; import { route } from "@fosscord/api"; @@ -52,27 +52,47 @@ router.put("/", route({}), async (req: Request, res: Response) => { // TODO: Lurker mode + const rights = await getRights(req.user_id); + let { guild_id, member_id } = req.params; - if (member_id === "@me") member_id = req.user_id; + if (member_id === "@me") { + member_id = req.user_id; + rights.hasThrow("JOIN_GUILDS"); + } else { + // TODO: join others by controller + } var guild = await Guild.findOneOrFail({ - where: { id: guild_id } }); + where: { id: guild_id } + }); var emoji = await Emoji.find({ - where: { guild_id: guild_id } }); + where: { guild_id: guild_id } + }); var roles = await Role.find({ - where: { guild_id: guild_id } }); + where: { guild_id: guild_id } + }); var stickers = await Sticker.find({ - where: { guild_id: guild_id } }); - + where: { guild_id: guild_id } + }); + await Member.addToGuild(member_id, guild_id); - res.send({...guild, emojis: emoji, roles: roles, stickers: stickers}); + res.send({ ...guild, emojis: emoji, roles: roles, stickers: stickers }); }); -router.delete("/", route({ permission: "KICK_MEMBERS" }), async (req: Request, res: Response) => { +router.delete("/", route({}), async (req: Request, res: Response) => { + const permission = await getPermission(req.user_id); + const rights = await getRights(req.user_id); const { guild_id, member_id } = req.params; + if (member_id !== "@me" || member_id === req.user_id) { + // TODO: unless force-joined + rights.hasThrow("SELF_LEAVE_GROUPS"); + } else { + rights.hasThrow("KICK_BAN_MEMBERS"); + permission.hasThrow("KICK_MEMBERS"); + } await Member.removeFromGuild(member_id, guild_id); res.sendStatus(204); diff --git a/api/src/routes/guilds/#guild_id/members/index.ts b/api/src/routes/guilds/#guild_id/members/index.ts index 386276c8..b730a4e7 100644 --- a/api/src/routes/guilds/#guild_id/members/index.ts +++ b/api/src/routes/guilds/#guild_id/members/index.ts @@ -6,7 +6,6 @@ import { HTTPError } from "lambert-server"; const router = Router(); -// TODO: not allowed for user -> only allowed for bots with privileged intents // TODO: send over websocket // TODO: check for GUILD_MEMBERS intent diff --git a/api/src/routes/guilds/#guild_id/prune.ts b/api/src/routes/guilds/#guild_id/prune.ts index 0dd4d610..0e587d22 100644 --- a/api/src/routes/guilds/#guild_id/prune.ts +++ b/api/src/routes/guilds/#guild_id/prune.ts @@ -11,6 +11,10 @@ export const inactiveMembers = async (guild_id: string, user_id: string, days: n //Snowflake should have `generateFromTime` method? Or similar? var minId = BigInt(date.valueOf() - Snowflake.EPOCH) << BigInt(22); + /** + idea: ability to customise the cutoff variable + possible candidates: public read receipt, last presence, last VC leave + **/ var members = await Member.find({ where: [ { @@ -47,7 +51,7 @@ export const inactiveMembers = async (guild_id: string, user_id: string, days: n return members; }; -router.get("/", route({ permission: "KICK_MEMBERS" }), async (req: Request, res: Response) => { +router.get("/", route({}), async (req: Request, res: Response) => { const days = parseInt(req.query.days as string); var roles = req.query.include_roles; @@ -65,7 +69,7 @@ export interface PruneSchema { days: number; } -router.post("/", route({ permission: "KICK_MEMBERS" }), async (req: Request, res: Response) => { +router.post("/", route({ permission: "KICK_MEMBERS", right: "KICK_BAN_MEMBERS" }), async (req: Request, res: Response) => { const days = parseInt(req.body.days); var roles = req.query.include_roles; diff --git a/api/src/routes/guilds/#guild_id/roles/#role_id/index.ts b/api/src/routes/guilds/#guild_id/roles/#role_id/index.ts new file mode 100644 index 00000000..2ad01682 --- /dev/null +++ b/api/src/routes/guilds/#guild_id/roles/#role_id/index.ts @@ -0,0 +1,68 @@ +import { Router, Request, Response } from "express"; +import { Role, Member, GuildRoleUpdateEvent, GuildRoleDeleteEvent, emitEvent, handleFile } from "@fosscord/util"; +import { route } from "@fosscord/api"; +import { HTTPError } from "lambert-server"; +import { RoleModifySchema } from "../"; + +const router = Router(); + +router.get("/", route({}), async (req: Request, res: Response) => { + const { guild_id, role_id } = req.params; + await Member.IsInGuildOrFail(req.user_id, guild_id); + const role = await Role.findOneOrFail({ guild_id, id: role_id }); + return res.json(role); +}); + +router.delete("/", route({ permission: "MANAGE_ROLES" }), async (req: Request, res: Response) => { + const { guild_id, role_id } = req.params; + if (role_id === guild_id) throw new HTTPError("You can't delete the @everyone role"); + + await Promise.all([ + Role.delete({ + id: role_id, + guild_id: guild_id + }), + emitEvent({ + event: "GUILD_ROLE_DELETE", + guild_id, + data: { + guild_id, + role_id + } + } as GuildRoleDeleteEvent) + ]); + + res.sendStatus(204); +}); + +// TODO: check role hierarchy + +router.patch("/", route({ body: "RoleModifySchema", permission: "MANAGE_ROLES" }), async (req: Request, res: Response) => { + const { role_id, guild_id } = req.params; + const body = req.body as RoleModifySchema; + + if (body.icon) body.icon = await handleFile(`/role-icons/${role_id}`, body.icon as string); + + const role = new Role({ + ...body, + id: role_id, + guild_id, + permissions: String(req.permission!.bitfield & BigInt(body.permissions || "0")) + }); + + await Promise.all([ + role.save(), + emitEvent({ + event: "GUILD_ROLE_UPDATE", + guild_id, + data: { + guild_id, + role + } + } as GuildRoleUpdateEvent) + ]); + + res.json(role); +}); + +export default router; diff --git a/api/src/routes/guilds/#guild_id/roles.ts b/api/src/routes/guilds/#guild_id/roles/index.ts index b6894e3f..53465105 100644 --- a/api/src/routes/guilds/#guild_id/roles.ts +++ b/api/src/routes/guilds/#guild_id/roles/index.ts @@ -81,59 +81,6 @@ router.post("/", route({ body: "RoleModifySchema", permission: "MANAGE_ROLES" }) res.json(role); }); -router.delete("/:role_id", route({ permission: "MANAGE_ROLES" }), async (req: Request, res: Response) => { - const guild_id = req.params.guild_id; - const { role_id } = req.params; - if (role_id === guild_id) throw new HTTPError("You can't delete the @everyone role"); - - await Promise.all([ - Role.delete({ - id: role_id, - guild_id: guild_id - }), - emitEvent({ - event: "GUILD_ROLE_DELETE", - guild_id, - data: { - guild_id, - role_id - } - } as GuildRoleDeleteEvent) - ]); - - res.sendStatus(204); -}); - -// TODO: check role hierarchy - -router.patch("/:role_id", route({ body: "RoleModifySchema", permission: "MANAGE_ROLES" }), async (req: Request, res: Response) => { - const { role_id, guild_id } = req.params; - const body = req.body as RoleModifySchema; - - if (body.icon) body.icon = await handleFile(`/role-icons/${role_id}`, body.icon as string); - - const role = new Role({ - ...body, - id: role_id, - guild_id, - permissions: String(req.permission!.bitfield & BigInt(body.permissions || "0")) - }); - - await Promise.all([ - role.save(), - emitEvent({ - event: "GUILD_ROLE_UPDATE", - guild_id, - data: { - guild_id, - role - } - } as GuildRoleUpdateEvent) - ]); - - res.json(role); -}); - router.patch("/", route({ body: "RolePositionUpdateSchema" }), async (req: Request, res: Response) => { const { guild_id } = req.params; const body = req.body as RolePositionUpdateSchema; |