From 3a5a90007e7ad8942cd121cf410f7996ecb1e35a Mon Sep 17 00:00:00 2001
From: Erkin Alp Güney <erkinalp9035@gmail.com>
Date: Fri, 8 Apr 2022 11:23:09 +0300
Subject: MANAGE_GUILDS

---
 api/src/routes/guilds/#guild_id/index.ts | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'api/src')

diff --git a/api/src/routes/guilds/#guild_id/index.ts b/api/src/routes/guilds/#guild_id/index.ts
index 991c3f93..8e1e74f7 100644
--- a/api/src/routes/guilds/#guild_id/index.ts
+++ b/api/src/routes/guilds/#guild_id/index.ts
@@ -1,5 +1,5 @@
 import { Request, Response, Router } from "express";
-import { emitEvent, getPermission, Guild, GuildUpdateEvent, handleFile, Member } from "@fosscord/util";
+import { DiscordApiErrors, emitEvent, getPermission, getRights, Guild, GuildUpdateEvent, handleFile, Member } from "@fosscord/util";
 import { HTTPError } from "lambert-server";
 import { route } from "@fosscord/api";
 import "missing-native-js-functions";
@@ -37,9 +37,17 @@ router.get("/", route({}), async (req: Request, res: Response) => {
 	return res.send(guild);
 });
 
-router.patch("/", route({ body: "GuildUpdateSchema", permission: "MANAGE_GUILD" }), async (req: Request, res: Response) => {
+router.patch("/", route({ body: "GuildUpdateSchema"}), async (req: Request, res: Response) => {
 	const body = req.body as GuildUpdateSchema;
 	const { guild_id } = req.params;
+	
+	
+	const rights = await getRight(req.user_id);
+	const permission = await getPermission(req.user_id, guild_id);
+	
+	if (!rights.has("MANAGE_GUILDS")||!permission.has("MANAGE_GUILD"))
+		throw DiscordApiErrors.MISSING_PERMISSIONS("MANAGE_GUILD");
+	
 	// TODO: guild update check image
 
 	if (body.icon) body.icon = await handleFile(`/icons/${guild_id}`, body.icon);
-- 
cgit 1.4.1