diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts
index bdc34a81..58dfb1cc 100644
--- a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts
+++ b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts
@@ -1,4 +1,4 @@
-import { Channel, emitEvent, getPermission, getRight MessageDeleteEvent, Message, MessageUpdateEvent } from "@fosscord/util";
+import { Channel, emitEvent, getPermission, getRights, MessageDeleteEvent, Message, MessageUpdateEvent } from "@fosscord/util";
import { Router, Response, Request } from "express";
import { route } from "@fosscord/api";
import { handleMessage, postHandleMessage } from "@fosscord/api";
@@ -18,9 +18,11 @@ router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGE
const rights = await getRights(req.user_id);
if ((req.user_id !== message.author_id)) {
- if (rights.has("MANAGE_MESSAGES")) break;
- permissions.hasThrow("MANAGE_MESSAGES");
- body = { flags: body.flags }; // admins can only suppress embeds of other messages
+ if (!rights.has("MANAGE_MESSAGES")) {
+ permissions.hasThrow("MANAGE_MESSAGES");
+ body = { flags: body.flags };
+// guild admins can only suppress embeds of other messages, no such restriction imposed to instance-wide admins
+ }
} else rights.hasThrow("SELF_EDIT_MESSAGES");
const new_message = await handleMessage({
@@ -54,11 +56,14 @@ router.delete("/", route({}), async (req: Request, res: Response) => {
const channel = await Channel.findOneOrFail({ id: channel_id });
const message = await Message.findOneOrFail({ id: message_id });
+
+ const rights = await getRights(req.user_id);
if ((message.author_id !== req.user_id)) {
- if (rights.has("MANAGE_MESSAGES")) break;
- const permission = await getPermission(req.user_id, channel.guild_id, channel_id);
- permission.hasThrow("MANAGE_MESSAGES");
+ if (!rights.has("MANAGE_MESSAGES")) {
+ const permission = await getPermission(req.user_id, channel.guild_id, channel_id);
+ permission.hasThrow("MANAGE_MESSAGES");
+ }
} else rights.hasThrow("SELF_DELETE_MESSAGES");
await Message.delete({ id: message_id });
diff --git a/util/src/util/Rights.ts b/util/src/util/Rights.ts
index dedbfe30..35ad9514 100644
--- a/util/src/util/Rights.ts
+++ b/util/src/util/Rights.ts
@@ -87,15 +87,14 @@ export class Rights extends BitField {
throw new HTTPError(`You are missing the following rights ${permission}`, 403);
}
- export async function getRight(
- user_id: string,
- /** opts: {
- in_behalf?: (keyof User)[];
- } = {} **/)
- {
- user = await User.findOneOrFail({ where: { id: user_id } });
- return new Rights(user.right);
- }
}
const ALL_RIGHTS = Object.values(Rights.FLAGS).reduce((total, val) => total | val, BigInt(0));
+
+export async function getRights( user_id: string
+ /**, opts: {
+ in_behalf?: (keyof User)[];
+ } = {} **/) {
+ let user = await User.findOneOrFail({ where: { id: user_id } });
+ return new Rights(user.rights);
+}
|
