diff --git a/src/routes/guilds/#guild_id/welcome_screen.ts b/src/routes/guilds/#guild_id/welcome_screen.ts
index 213aad80..ff25b37c 100644
--- a/src/routes/guilds/#guild_id/welcome_screen.ts
+++ b/src/routes/guilds/#guild_id/welcome_screen.ts
@@ -3,22 +3,25 @@ import { GuildModel, getPermission, toObject, Snowflake } from "@fosscord/server
import { HTTPError } from "lambert-server";
import { emitEvent } from "../../../util/Event";
import { check } from "../../../util/instanceOf";
+import { isMember } from "../../../util/Member";
import { GuildAddChannelToWelcomeScreenSchema } from "../../../schema/Guild";
import { getPublicUser } from "../../../util/User";
const router: Router = Router();
router.get("/", async (req: Request, res: Response) => {
- const guild_id = req.params.id;
+ const guild_id = req.params.guild_id;
const guild = await GuildModel.findOne({ id: guild_id });
if (!guild) throw new HTTPError("Guild not found", 404);
+ if(!isMember(req.user_id, guild_id)) throw new HTTPError("You are not member of this guild", 403);
+
res.json(toObject(guild.welcome_screen));
});
router.post("/", check(GuildAddChannelToWelcomeScreenSchema), async (req: Request, res: Response) => {
- const guild_id = req.params.id;
+ const guild_id = req.params.guild_id;
const body = req.body as GuildAddChannelToWelcomeScreenSchema;
const guild = await GuildModel.findOne({ id: guild_id }).exec();
@@ -28,6 +31,11 @@ router.post("/", check(GuildAddChannelToWelcomeScreenSchema), async (req: Reques
...body
}
+ if(!isMember(req.user_id, guild_id)) throw new HTTPError("You are not member of this guild", 403);
+ const perms = await getPermission(req.user_id, guild_id);
+ perms.hasThrow("MANAGE_GUILD");
+
+ if(!guild.welcome_screen.enabled) throw new HTTPError("Welcome screen disabled", 400);
if(guild.welcome_screen.welcome_channels.some(channel => channel.channel_id === body.channel_id)) throw new Error("Welcome Channel exists")
|
