1 files changed, 3 insertions, 11 deletions

diff --git a/src/api/routes/guilds/#guild_id/index.ts b/src/api/routes/guilds/#guild_id/index.ts
index 839ec363..86a75d40 100644
--- a/src/api/routes/guilds/#guild_id/index.ts
+++ b/src/api/routes/guilds/#guild_id/index.ts
@@ -19,7 +19,6 @@
 import { route } from "@spacebar/api";
 import {
 	Channel,
-	DiscordApiErrors,
 	Guild,
 	GuildUpdateEvent,
 	GuildUpdateSchema,
@@ -27,7 +26,6 @@ import {
 	Permissions,
 	SpacebarApiErrors,
 	emitEvent,
-	getPermission,
 	getRights,
 	handleFile,
 } from "@spacebar/util";
@@ -53,12 +51,13 @@ router.get(
 	}),
 	async (req: Request, res: Response) => {
 		const { guild_id } = req.params;
+		const rights = await getRights(req.user_id);
 
 		const [guild, member] = await Promise.all([
 			Guild.findOneOrFail({ where: { id: guild_id } }),
 			Member.findOne({ where: { guild_id: guild_id, id: req.user_id } }),
 		]);
-		if (!member)
+		if (!rights.has("OPERATOR") || !member)
 			throw new HTTPError(
 				"You are not a member of the guild you are trying to access",
 				401,
@@ -76,6 +75,7 @@ router.patch(
 	route({
 		requestBody: "GuildUpdateSchema",
 		permission: "MANAGE_GUILD",
+		right: "OPERATOR",
 		responses: {
 			"200": {
 				body: "GuildUpdateSchema",
@@ -95,14 +95,6 @@ router.patch(
 		const body = req.body as GuildUpdateSchema;
 		const { guild_id } = req.params;
 
-		const rights = await getRights(req.user_id);
-		const permission = await getPermission(req.user_id, guild_id);
-
-		if (!rights.has("MANAGE_GUILDS") && !permission.has("MANAGE_GUILD"))
-			throw DiscordApiErrors.MISSING_PERMISSIONS.withParams(
-				"MANAGE_GUILDS",
-			);
-
 		const guild = await Guild.findOneOrFail({
 			where: { id: guild_id },
 			relations: ["emojis", "roles", "stickers"],