From 3c981b496b23b49885452ac6ea41dd51d3d20e04 Mon Sep 17 00:00:00 2001
From: Madeline <46743919+MaddyUnderStars@users.noreply.github.com>
Date: Tue, 11 Apr 2023 13:51:55 +1000
Subject: don't allow editing @everyone role

---
 src/api/routes/guilds/#guild_id/roles/#role_id/members.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/api/routes/guilds/#guild_id/roles/#role_id/members.ts b/src/api/routes/guilds/#guild_id/roles/#role_id/members.ts
index 705848aa..539cd5d8 100644
--- a/src/api/routes/guilds/#guild_id/roles/#role_id/members.ts
+++ b/src/api/routes/guilds/#guild_id/roles/#role_id/members.ts
@@ -17,7 +17,7 @@
 */
 
 import { Router, Request, Response } from "express";
-import { Member, partition } from "@spacebar/util";
+import { DiscordApiErrors, Member, partition } from "@spacebar/util";
 import { route } from "@spacebar/api";
 
 const router = Router();
@@ -30,6 +30,9 @@ router.patch(
 		const { guild_id, role_id } = req.params;
 		const { member_ids } = req.body;
 
+		// don't mess with @everyone
+		if (role_id == guild_id) throw DiscordApiErrors.INVALID_ROLE;
+
 		const members = await Member.find({
 			where: { guild_id },
 			relations: ["roles"],
-- 
cgit 1.4.1