enforce the rights

author: Erkin Alp Güney <erkinalp9035@gmail.com> 2022-04-08 11:02:11 +0300
committer: GitHub <noreply@github.com> 2022-04-08 11:02:11 +0300
commit: 22952ef928808d4112e0bd3c2a5b867d3e4c4b1a (patch)
tree: 324d5aae9c1dca5669b8907ca81034161882840f
parent: optional (diff)
download: server-22952ef928808d4112e0bd3c2a5b867d3e4c4b1a.tar.xz
1 files changed, 5 insertions, 3 deletions
diff --git a/api/src/util/handlers/Message.ts b/api/src/util/handlers/Message.ts
index 2d9f7032..f0ecf416 100644
--- a/api/src/util/handlers/Message.ts
+++ b/api/src/util/handlers/Message.ts
@@ -7,6 +7,7 @@ import {
 	MessageCreateEvent,
 	MessageUpdateEvent,
 	getPermission,
+	getRights,
 	CHANNEL_MENTION,
 	Snowflake,
 	USER_MENTION,
@@ -61,17 +62,18 @@ export async function handleMessage(opts: MessageOptions): Promise<Message> {
 		throw new HTTPError("Content length over max character limit")
 	}
 
-	// TODO: are tts messages allowed in dm channels? should permission be checked?
 	if (opts.author_id) {
 		message.author = await User.getPublicUser(opts.author_id);
-	}
+		const rights = await getRights(opts.author_id);
+		rights.hasThrow("SEND_MESSAGES");
+	}	
 	if (opts.application_id) {
 		message.application = await Application.findOneOrFail({ id: opts.application_id });
 	}
 	if (opts.webhook_id) {
 		message.webhook = await Webhook.findOneOrFail({ id: opts.webhook_id });
 	}
-
+	
 	const permission = await getPermission(opts.author_id, channel.guild_id, opts.channel_id);
 	permission.hasThrow("SEND_MESSAGES"); // TODO: add the rights check
 	if (permission.cache.member) {
author	Erkin Alp Güney <erkinalp9035@gmail.com>	2022-04-08 11:02:11 +0300
committer	GitHub <noreply@github.com>	2022-04-08 11:02:11 +0300
commit	22952ef928808d4112e0bd3c2a5b867d3e4c4b1a (patch)
tree	324d5aae9c1dca5669b8907ca81034161882840f
parent	optional (diff)
download	server-22952ef928808d4112e0bd3c2a5b867d3e4c4b1a.tar.xz