From 503cacb1e007eba546678c9ad5ca6c5936f005d2 Mon Sep 17 00:00:00 2001
From: Flam3rboy <34555296+Flam3rboy@users.noreply.github.com>
Date: Sun, 15 Aug 2021 14:41:50 +0200
Subject: :bug: prevent @everyone role deletion

---
 api/src/routes/guilds/#guild_id/roles.ts | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

(limited to 'api/src')

diff --git a/api/src/routes/guilds/#guild_id/roles.ts b/api/src/routes/guilds/#guild_id/roles.ts
index a4bc44e0..36370bb4 100644
--- a/api/src/routes/guilds/#guild_id/roles.ts
+++ b/api/src/routes/guilds/#guild_id/roles.ts
@@ -67,15 +67,12 @@ router.post("/", check(RoleModifySchema), async (req: Request, res: Response) =>
 router.delete("/:role_id", async (req: Request, res: Response) => {
 	const guild_id = req.params.guild_id;
 	const { role_id } = req.params;
+	if (role_id === guild_id) throw new HTTPError("You can't delete the @everyone role");
 
-	const guild = await GuildModel.findOne({ id: guild_id }, { id: true }).exec();
-	const user = await UserModel.findOne({ id: req.user_id }).exec();
-
-	const perms = await getPermission(req.user_id, guild_id);
-
-	if (!perms.has("MANAGE_ROLES")) throw new HTTPError("You missing the MANAGE_ROLES permission", 401);
+	const permissions = await getPermission(req.user_id, guild_id);
+	permissions.hasThrow("MANAGE_ROLES");
 
-	await RoleModel.findOneAndDelete({
+	await RoleModel.deleteOne({
 		id: role_id,
 		guild_id: guild_id
 	}).exec();
-- 
cgit 1.5.1