diff --git a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
index 34836292..c285abb3 100644
--- a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
+++ b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
@@ -1,5 +1,5 @@
import { Request, Response, Router } from "express";
-import { Member, getPermission, Role, GuildMemberUpdateEvent, emitEvent, Sticker, Emoji, Guild } from "@fosscord/util";
+import { Member, getPermission, getRights, Role, GuildMemberUpdateEvent, emitEvent, Sticker, Emoji, Rights, Guild } from "@fosscord/util";
import { HTTPError } from "lambert-server";
import { route } from "@fosscord/api";
@@ -52,27 +52,47 @@ router.put("/", route({}), async (req: Request, res: Response) => {
// TODO: Lurker mode
+ const rights = await getRights(req.user_id);
+
let { guild_id, member_id } = req.params;
- if (member_id === "@me") member_id = req.user_id;
+ if (member_id === "@me") {
+ member_id = req.user_id;
+ rights.hasThrow("JOIN_GUILDS");
+ } else {
+ // TODO: join others by controller
+ }
var guild = await Guild.findOneOrFail({
- where: { id: guild_id } });
+ where: { id: guild_id }
+ });
var emoji = await Emoji.find({
- where: { guild_id: guild_id } });
+ where: { guild_id: guild_id }
+ });
var roles = await Role.find({
- where: { guild_id: guild_id } });
+ where: { guild_id: guild_id }
+ });
var stickers = await Sticker.find({
- where: { guild_id: guild_id } });
-
+ where: { guild_id: guild_id }
+ });
+
await Member.addToGuild(member_id, guild_id);
- res.send({...guild, emojis: emoji, roles: roles, stickers: stickers});
+ res.send({ ...guild, emojis: emoji, roles: roles, stickers: stickers });
});
-router.delete("/", route({ permission: "KICK_MEMBERS" }), async (req: Request, res: Response) => {
+router.delete("/", route({}), async (req: Request, res: Response) => {
+ const permission = await getPermission(req.user_id);
+ const rights = await getRights(req.user_id);
const { guild_id, member_id } = req.params;
+ if (member_id !== "@me" || member_id === req.user_id) {
+ // TODO: unless force-joined
+ rights.hasThrow("SELF_LEAVE_GROUPS");
+ } else {
+ rights.hasThrow("KICK_BAN_MEMBERS");
+ permission.hasThrow("KICK_MEMBERS");
+ }
await Member.removeFromGuild(member_id, guild_id);
res.sendStatus(204);
diff --git a/api/src/routes/invites/index.ts b/api/src/routes/invites/index.ts
index 21da2d18..eeafb22a 100644
--- a/api/src/routes/invites/index.ts
+++ b/api/src/routes/invites/index.ts
@@ -13,7 +13,7 @@ router.get("/:code", route({}), async (req: Request, res: Response) => {
res.status(200).send(invite);
});
-router.post("/:code", route({right: "JOIN_GUILDS"}), async (req: Request, res: Response) => {
+router.post("/:code", route({right: "USE_MASS_INVITES"}), async (req: Request, res: Response) => {
const { code } = req.params;
const { guild_id } = await Invite.findOneOrFail({ code })
const { features } = await Guild.findOneOrFail({ id: guild_id});
|
