From eb0c05f01fe8e27a4f81e80136ee06295f481835 Mon Sep 17 00:00:00 2001
From: Madeline <46743919+MaddyUnderStars@users.noreply.github.com>
Date: Sat, 24 Sep 2022 23:53:30 +1000
Subject: Fix default rights sucking, fix patch /guilds/:id/members/:id not
 checking perm for nick

---
 api/src/routes/guilds/#guild_id/members/#member_id/index.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'api/src')

diff --git a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
index 2ff89eae..b6314ec0 100644
--- a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
+++ b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
@@ -35,7 +35,10 @@ router.patch("/", route({ body: "MemberChangeSchema" }), async (req: Request, re
 		member.roles = body.roles.map((x) => new Role({ id: x })); // foreign key constraint will fail if role doesn't exist
 	}
 
-	if (body.nick) member.nick = body.nick;
+	if (body.nick) {
+		permission.hasThrow(req.user_id == member.user.id ? "CHANGE_NICKNAME" : "MANAGE_NICKNAMES");
+		member.nick = body.nick;
+	}
 
 	await member.save();
 
-- 
cgit 1.5.1