diff --git a/src/api/routes/guilds/#guild_id/index.ts b/src/api/routes/guilds/#guild_id/index.ts
index 839ec363..86a75d40 100644
--- a/src/api/routes/guilds/#guild_id/index.ts
+++ b/src/api/routes/guilds/#guild_id/index.ts
@@ -19,7 +19,6 @@
import { route } from "@spacebar/api";
import {
Channel,
- DiscordApiErrors,
Guild,
GuildUpdateEvent,
GuildUpdateSchema,
@@ -27,7 +26,6 @@ import {
Permissions,
SpacebarApiErrors,
emitEvent,
- getPermission,
getRights,
handleFile,
} from "@spacebar/util";
@@ -53,12 +51,13 @@ router.get(
}),
async (req: Request, res: Response) => {
const { guild_id } = req.params;
+ const rights = await getRights(req.user_id);
const [guild, member] = await Promise.all([
Guild.findOneOrFail({ where: { id: guild_id } }),
Member.findOne({ where: { guild_id: guild_id, id: req.user_id } }),
]);
- if (!member)
+ if (!rights.has("OPERATOR") || !member)
throw new HTTPError(
"You are not a member of the guild you are trying to access",
401,
@@ -76,6 +75,7 @@ router.patch(
route({
requestBody: "GuildUpdateSchema",
permission: "MANAGE_GUILD",
+ right: "OPERATOR",
responses: {
"200": {
body: "GuildUpdateSchema",
@@ -95,14 +95,6 @@ router.patch(
const body = req.body as GuildUpdateSchema;
const { guild_id } = req.params;
- const rights = await getRights(req.user_id);
- const permission = await getPermission(req.user_id, guild_id);
-
- if (!rights.has("MANAGE_GUILDS") && !permission.has("MANAGE_GUILD"))
- throw DiscordApiErrors.MISSING_PERMISSIONS.withParams(
- "MANAGE_GUILDS",
- );
-
const guild = await Guild.findOneOrFail({
where: { id: guild_id },
relations: ["emojis", "roles", "stickers"],
|
