From 22952ef928808d4112e0bd3c2a5b867d3e4c4b1a Mon Sep 17 00:00:00 2001
From: Erkin Alp Güney <erkinalp9035@gmail.com>
Date: Fri, 8 Apr 2022 11:02:11 +0300
Subject: enforce the rights

---
 api/src/util/handlers/Message.ts | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'api/src/util/handlers/Message.ts')

diff --git a/api/src/util/handlers/Message.ts b/api/src/util/handlers/Message.ts
index 2d9f7032..f0ecf416 100644
--- a/api/src/util/handlers/Message.ts
+++ b/api/src/util/handlers/Message.ts
@@ -7,6 +7,7 @@ import {
 	MessageCreateEvent,
 	MessageUpdateEvent,
 	getPermission,
+	getRights,
 	CHANNEL_MENTION,
 	Snowflake,
 	USER_MENTION,
@@ -61,17 +62,18 @@ export async function handleMessage(opts: MessageOptions): Promise<Message> {
 		throw new HTTPError("Content length over max character limit")
 	}
 
-	// TODO: are tts messages allowed in dm channels? should permission be checked?
 	if (opts.author_id) {
 		message.author = await User.getPublicUser(opts.author_id);
-	}
+		const rights = await getRights(opts.author_id);
+		rights.hasThrow("SEND_MESSAGES");
+	}	
 	if (opts.application_id) {
 		message.application = await Application.findOneOrFail({ id: opts.application_id });
 	}
 	if (opts.webhook_id) {
 		message.webhook = await Webhook.findOneOrFail({ id: opts.webhook_id });
 	}
-
+	
 	const permission = await getPermission(opts.author_id, channel.guild_id, opts.channel_id);
 	permission.hasThrow("SEND_MESSAGES"); // TODO: add the rights check
 	if (permission.cache.member) {
-- 
cgit 1.4.1