diff options
Diffstat (limited to 'src/api/routes/guilds/#guild_id/members')
3 files changed, 18 insertions, 5 deletions
diff --git a/src/api/routes/guilds/#guild_id/members/#member_id/nick.ts b/src/api/routes/guilds/#guild_id/members/#member_id/nick.ts index 7b8e44d3..decc7bba 100644 --- a/src/api/routes/guilds/#guild_id/members/#member_id/nick.ts +++ b/src/api/routes/guilds/#guild_id/members/#member_id/nick.ts @@ -17,7 +17,12 @@ */ import { route } from "@spacebar/api"; -import { getPermission, Member, PermissionResolvable } from "@spacebar/util"; +import { + getPermission, + getRights, + Member, + PermissionResolvable, +} from "@spacebar/util"; import { Request, Response, Router } from "express"; const router = Router(); @@ -38,14 +43,18 @@ router.patch( }), async (req: Request, res: Response) => { const { guild_id } = req.params; + const rights = await getRights(req.user_id); let permissionString: PermissionResolvable = "MANAGE_NICKNAMES"; const member_id = req.params.member_id === "@me" ? ((permissionString = "CHANGE_NICKNAME"), req.user_id) : req.params.member_id; - const perms = await getPermission(req.user_id, guild_id); - perms.hasThrow(permissionString); + // admins dont need to be in the guild + if (member_id !== "@me" && !rights.has("OPERATOR")) { + const perms = await getPermission(req.user_id, guild_id); + perms.hasThrow(permissionString); + } await Member.changeNickname(member_id, guild_id, req.body.nick); res.status(200).send(); diff --git a/src/api/routes/guilds/#guild_id/members/#member_id/roles/#role_id/index.ts b/src/api/routes/guilds/#guild_id/members/#member_id/roles/#role_id/index.ts index 46dd70bb..f6da0ffb 100644 --- a/src/api/routes/guilds/#guild_id/members/#member_id/roles/#role_id/index.ts +++ b/src/api/routes/guilds/#guild_id/members/#member_id/roles/#role_id/index.ts @@ -26,6 +26,7 @@ router.delete( "/", route({ permission: "MANAGE_ROLES", + right: "OPERATOR", responses: { 204: {}, 403: { @@ -45,6 +46,7 @@ router.put( "/", route({ permission: "MANAGE_ROLES", + right: "OPERATOR", responses: { 204: {}, 403: {}, diff --git a/src/api/routes/guilds/#guild_id/members/index.ts b/src/api/routes/guilds/#guild_id/members/index.ts index 9260308d..07ed3acf 100644 --- a/src/api/routes/guilds/#guild_id/members/index.ts +++ b/src/api/routes/guilds/#guild_id/members/index.ts @@ -17,7 +17,7 @@ */ import { route } from "@spacebar/api"; -import { Member, PublicMemberProjection } from "@spacebar/util"; +import { Member, PublicMemberProjection, getRights } from "@spacebar/util"; import { Request, Response, Router } from "express"; import { HTTPError } from "lambert-server"; import { MoreThan } from "typeorm"; @@ -51,13 +51,15 @@ router.get( }), async (req: Request, res: Response) => { const { guild_id } = req.params; + const rights = await getRights(req.user_id); const limit = Number(req.query.limit) || 1; if (limit > 1000 || limit < 1) throw new HTTPError("Limit must be between 1 and 1000"); const after = `${req.query.after}`; const query = after ? { id: MoreThan(after) } : {}; - await Member.IsInGuildOrFail(req.user_id, guild_id); + if (!rights.has("OPERATOR")) + await Member.IsInGuildOrFail(req.user_id, guild_id); const members = await Member.find({ where: { guild_id, ...query }, |