diff options
Diffstat (limited to 'src/api/routes/guilds/#guild_id/roles/#role_id')
| -rw-r--r-- | src/api/routes/guilds/#guild_id/roles/#role_id/index.ts | 8 | ||||
| -rw-r--r-- | src/api/routes/guilds/#guild_id/roles/#role_id/members.ts | 6 |
2 files changed, 10 insertions, 4 deletions
diff --git a/src/api/routes/guilds/#guild_id/roles/#role_id/index.ts b/src/api/routes/guilds/#guild_id/roles/#role_id/index.ts index ea1a782a..d854c1f1 100644 --- a/src/api/routes/guilds/#guild_id/roles/#role_id/index.ts +++ b/src/api/routes/guilds/#guild_id/roles/#role_id/index.ts @@ -19,6 +19,7 @@ import { route } from "@spacebar/api"; import { emitEvent, + getRights, GuildRoleDeleteEvent, GuildRoleUpdateEvent, handleFile, @@ -48,7 +49,10 @@ router.get( }), async (req: Request, res: Response) => { const { guild_id, role_id } = req.params; - await Member.IsInGuildOrFail(req.user_id, guild_id); + const rights = await getRights(req.user_id); + // admins dont need to be in the guild + if (!rights.has("OPERATOR")) + await Member.IsInGuildOrFail(req.user_id, guild_id); const role = await Role.findOneOrFail({ where: { guild_id, id: role_id }, }); @@ -59,6 +63,7 @@ router.get( router.delete( "/", route({ + right: "OPERATOR", permission: "MANAGE_ROLES", responses: { 204: {}, @@ -103,6 +108,7 @@ router.patch( "/", route({ requestBody: "RoleModifySchema", + right: "OPERATOR", permission: "MANAGE_ROLES", responses: { 200: { diff --git a/src/api/routes/guilds/#guild_id/roles/#role_id/members.ts b/src/api/routes/guilds/#guild_id/roles/#role_id/members.ts index 539cd5d8..22744abe 100644 --- a/src/api/routes/guilds/#guild_id/roles/#role_id/members.ts +++ b/src/api/routes/guilds/#guild_id/roles/#role_id/members.ts @@ -16,15 +16,15 @@ along with this program. If not, see <https://www.gnu.org/licenses/>. */ -import { Router, Request, Response } from "express"; -import { DiscordApiErrors, Member, partition } from "@spacebar/util"; import { route } from "@spacebar/api"; +import { DiscordApiErrors, Member, partition } from "@spacebar/util"; +import { Request, Response, Router } from "express"; const router = Router(); router.patch( "/", - route({ permission: "MANAGE_ROLES" }), + route({ permission: "MANAGE_ROLES", right: "OPERATOR" }), async (req: Request, res: Response) => { // Payload is JSON containing a list of member_ids, the new list of members to have the role const { guild_id, role_id } = req.params; |