1 files changed, 73 insertions, 4 deletions

diff --git a/src/api/routes/guilds/index.ts b/src/api/routes/guilds/index.ts
index 545beb18..242d49a0 100644
--- a/src/api/routes/guilds/index.ts
+++ b/src/api/routes/guilds/index.ts
@@ -26,16 +26,71 @@ import {
 	getRights,
 } from "@spacebar/util";
 import { Request, Response, Router } from "express";
+import { HTTPError } from "lambert-server";
+import { ILike, MoreThan } from "typeorm";
 
 const router: Router = Router();
 
+router.get(
+	"/",
+	route({
+		description: "Get a list of guilds",
+		right: "OPERATOR",
+		query: {
+			limit: {
+				description:
+					"max number of guilds to return (1-1000). default 100",
+				type: "number",
+				required: false,
+			},
+			after: {
+				description: "The amount of guilds to skip",
+				type: "number",
+				required: false,
+			},
+			query: {
+				description: "The search query",
+				type: "string",
+				required: false,
+			},
+		},
+		responses: {
+			200: {
+				body: "AdminGuildsResponse",
+			},
+			400: {
+				body: "APIErrorResponse",
+			},
+		},
+	}),
+	async (req: Request, res: Response) => {
+		const { after, query } = req.query as {
+			after?: number;
+			query?: string;
+		};
+
+		const limit = Number(req.query.limit) || 100;
+		if (limit > 1000 || limit < 1)
+			throw new HTTPError("Limit must be between 1 and 1000");
+
+		const guilds = await Guild.find({
+			where: {
+				...(after ? { id: MoreThan(`${after}`) } : {}),
+				...(query ? { name: ILike(`%${query}%`) } : {}),
+			},
+			take: limit,
+		});
+
+		res.send(guilds);
+	},
+);
+
 //TODO: create default channel
 
 router.post(
 	"/",
 	route({
 		requestBody: "GuildCreateSchema",
-		right: "CREATE_GUILDS",
 		responses: {
 			201: {
 				body: "GuildCreateResponse",
@@ -50,17 +105,31 @@ router.post(
 	}),
 	async (req: Request, res: Response) => {
 		const body = req.body as GuildCreateSchema;
+		const rights = await getRights(req.user_id);
+		if (!rights.has("CREATE_GUILDS") && !rights.has("OPERATOR")) {
+			throw new HTTPError(
+				`You are missing the following rights CREATE_GUILDS or OPERATOR`,
+				403,
+			);
+		}
 
 		const { maxGuilds } = Config.get().limits.user;
 		const guild_count = await Member.count({ where: { id: req.user_id } });
-		const rights = await getRights(req.user_id);
-		if (guild_count >= maxGuilds && !rights.has("MANAGE_GUILDS")) {
+		// allow admins to bypass guild limits
+		if (guild_count >= maxGuilds && !rights.has("OPERATOR")) {
 			throw DiscordApiErrors.MAXIMUM_GUILDS.withParams(maxGuilds);
 		}
 
+		let owner_id = req.user_id;
+
+		// only admins can do this, is ignored otherwise
+		if (body.owner_id && rights.has("OPERATOR")) {
+			owner_id = body.owner_id;
+		}
+
 		const guild = await Guild.createGuild({
 			...body,
-			owner_id: req.user_id,
+			owner_id,
 		});
 
 		const { autoJoin } = Config.get().guild;