From 22952ef928808d4112e0bd3c2a5b867d3e4c4b1a Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 11:02:11 +0300 Subject: enforce the rights --- api/src/util/handlers/Message.ts | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'api/src/util/handlers/Message.ts') diff --git a/api/src/util/handlers/Message.ts b/api/src/util/handlers/Message.ts index 2d9f7032..f0ecf416 100644 --- a/api/src/util/handlers/Message.ts +++ b/api/src/util/handlers/Message.ts @@ -7,6 +7,7 @@ import { MessageCreateEvent, MessageUpdateEvent, getPermission, + getRights, CHANNEL_MENTION, Snowflake, USER_MENTION, @@ -61,17 +62,18 @@ export async function handleMessage(opts: MessageOptions): Promise { throw new HTTPError("Content length over max character limit") } - // TODO: are tts messages allowed in dm channels? should permission be checked? if (opts.author_id) { message.author = await User.getPublicUser(opts.author_id); - } + const rights = await getRights(opts.author_id); + rights.hasThrow("SEND_MESSAGES"); + } if (opts.application_id) { message.application = await Application.findOneOrFail({ id: opts.application_id }); } if (opts.webhook_id) { message.webhook = await Webhook.findOneOrFail({ id: opts.webhook_id }); } - + const permission = await getPermission(opts.author_id, channel.guild_id, opts.channel_id); permission.hasThrow("SEND_MESSAGES"); // TODO: add the rights check if (permission.cache.member) { -- cgit 1.5.1 From be3f796f3462ce925c445d710e848425ac1f9d94 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 11:05:19 +0300 Subject: remove todos that are implemented --- api/src/util/handlers/Message.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'api/src/util/handlers/Message.ts') diff --git a/api/src/util/handlers/Message.ts b/api/src/util/handlers/Message.ts index f0ecf416..5a5ac666 100644 --- a/api/src/util/handlers/Message.ts +++ b/api/src/util/handlers/Message.ts @@ -75,7 +75,7 @@ export async function handleMessage(opts: MessageOptions): Promise { } const permission = await getPermission(opts.author_id, channel.guild_id, opts.channel_id); - permission.hasThrow("SEND_MESSAGES"); // TODO: add the rights check + permission.hasThrow("SEND_MESSAGES"); if (permission.cache.member) { message.member = permission.cache.member; } @@ -83,7 +83,7 @@ export async function handleMessage(opts: MessageOptions): Promise { if (opts.tts) permission.hasThrow("SEND_TTS_MESSAGES"); if (opts.message_reference) { permission.hasThrow("READ_MESSAGE_HISTORY"); - // code below has to be redone when we add custom message routing and cross-channel replies + // code below has to be redone when we add custom message routing if (message.guild_id !== null) { const guild = await Guild.findOneOrFail({ id: channel.guild_id }); if (!guild.features.includes("CROSS_CHANNEL_REPLIES")) { @@ -91,7 +91,7 @@ export async function handleMessage(opts: MessageOptions): Promise { if (opts.message_reference.channel_id !== opts.channel_id) throw new HTTPError("You can only reference messages from this channel"); } } - // TODO: should be checked if the referenced message exists? + // Q: should be checked if the referenced message exists? ANSWER: NO // @ts-ignore message.type = MessageType.REPLY; } -- cgit 1.5.1