From 755f278e5395207db02af8011f08857abef8be71 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Sun, 24 Apr 2022 09:23:52 +0300 Subject: Backfilling privilege does not imply right to post messages --- api/src/routes/channels/#channel_id/messages/#message_id/index.ts | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts index 8d2bd5cb..cf25f916 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts +++ b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts @@ -92,10 +92,13 @@ router.put( const { channel_id, message_id } = req.params; var body = req.body as MessageCreateSchema; const attachments: Attachment[] = []; + + const rights = getRights(req.user_id); + rights.hasThrow("SEND_MESSAGES"); // regex to check if message contains anything other than numerals ( also no decimals ) if (!message_id.match(/^\+?\d+$/)) { - throw new HTTPError("Message IDs must be positive integers") + throw new HTTPError("Message IDs must be positive integers", 400); } const snowflake = Snowflake.deconstruct(message_id) @@ -106,7 +109,7 @@ router.put( const exists = await Message.findOne({ where: { id: message_id, channel_id: channel_id }}); if (exists) { - throw new HTTPError("Cannot backfill to message ID that already exists", 400); + throw new HTTPError("Cannot backfill to message ID that already exists", 409); } if (req.file) { -- cgit 1.4.1