diff --git a/src/api/routes/guilds/#guild_id/members/#member_id/nick.ts b/src/api/routes/guilds/#guild_id/members/#member_id/nick.ts
index 7b8e44d3..decc7bba 100644
--- a/src/api/routes/guilds/#guild_id/members/#member_id/nick.ts
+++ b/src/api/routes/guilds/#guild_id/members/#member_id/nick.ts
@@ -17,7 +17,12 @@
*/
import { route } from "@spacebar/api";
-import { getPermission, Member, PermissionResolvable } from "@spacebar/util";
+import {
+ getPermission,
+ getRights,
+ Member,
+ PermissionResolvable,
+} from "@spacebar/util";
import { Request, Response, Router } from "express";
const router = Router();
@@ -38,14 +43,18 @@ router.patch(
}),
async (req: Request, res: Response) => {
const { guild_id } = req.params;
+ const rights = await getRights(req.user_id);
let permissionString: PermissionResolvable = "MANAGE_NICKNAMES";
const member_id =
req.params.member_id === "@me"
? ((permissionString = "CHANGE_NICKNAME"), req.user_id)
: req.params.member_id;
- const perms = await getPermission(req.user_id, guild_id);
- perms.hasThrow(permissionString);
+ // admins dont need to be in the guild
+ if (member_id !== "@me" && !rights.has("OPERATOR")) {
+ const perms = await getPermission(req.user_id, guild_id);
+ perms.hasThrow(permissionString);
+ }
await Member.changeNickname(member_id, guild_id, req.body.nick);
res.status(200).send();
diff --git a/src/api/routes/guilds/#guild_id/members/#member_id/roles/#role_id/index.ts b/src/api/routes/guilds/#guild_id/members/#member_id/roles/#role_id/index.ts
index 46dd70bb..f6da0ffb 100644
--- a/src/api/routes/guilds/#guild_id/members/#member_id/roles/#role_id/index.ts
+++ b/src/api/routes/guilds/#guild_id/members/#member_id/roles/#role_id/index.ts
@@ -26,6 +26,7 @@ router.delete(
"/",
route({
permission: "MANAGE_ROLES",
+ right: "OPERATOR",
responses: {
204: {},
403: {
@@ -45,6 +46,7 @@ router.put(
"/",
route({
permission: "MANAGE_ROLES",
+ right: "OPERATOR",
responses: {
204: {},
403: {},
diff --git a/src/api/routes/guilds/#guild_id/members/index.ts b/src/api/routes/guilds/#guild_id/members/index.ts
index 9260308d..07ed3acf 100644
--- a/src/api/routes/guilds/#guild_id/members/index.ts
+++ b/src/api/routes/guilds/#guild_id/members/index.ts
@@ -17,7 +17,7 @@
*/
import { route } from "@spacebar/api";
-import { Member, PublicMemberProjection } from "@spacebar/util";
+import { Member, PublicMemberProjection, getRights } from "@spacebar/util";
import { Request, Response, Router } from "express";
import { HTTPError } from "lambert-server";
import { MoreThan } from "typeorm";
@@ -51,13 +51,15 @@ router.get(
}),
async (req: Request, res: Response) => {
const { guild_id } = req.params;
+ const rights = await getRights(req.user_id);
const limit = Number(req.query.limit) || 1;
if (limit > 1000 || limit < 1)
throw new HTTPError("Limit must be between 1 and 1000");
const after = `${req.query.after}`;
const query = after ? { id: MoreThan(after) } : {};
- await Member.IsInGuildOrFail(req.user_id, guild_id);
+ if (!rights.has("OPERATOR"))
+ await Member.IsInGuildOrFail(req.user_id, guild_id);
const members = await Member.find({
where: { guild_id, ...query },
|
