Skip to content

Commit

Permalink
Merge pull request from GHSA-9q7f-pv47-cxp9
Browse files Browse the repository at this point in the history
  • Loading branch information
MaddyUnderStars authored Feb 2, 2023
1 parent a03f7c8 commit 51239d6
Showing 1 changed file with 13 additions and 1 deletion.
14 changes: 13 additions & 1 deletion src/api/routes/guilds/#guild_id/members/#member_id/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,15 @@ router.patch(
where: { guild_id: guild_id, name: "@everyone", position: 0 },
});

if ("nick" in body) {
permission.hasThrow("MANAGE_NICKNAMES");
}

if (("bio" in body || "avatar" in body) && member_id != "@me") {
const rights = await getRights(req.user_id);
rights.hasThrow("MANAGE_USERS");
}

if (body.avatar)
body.avatar = await handleFile(
`/guilds/${guild_id}/users/${member_id}/avatars`,
Expand All @@ -71,6 +80,8 @@ router.patch(

member.assign(body);

// must do this after the assign because the body roles array
// is string[] not Role[]
if ("roles" in body) {
permission.hasThrow("MANAGE_ROLES");

Expand All @@ -79,7 +90,8 @@ router.patch(

if (body.roles.indexOf(everyone.id) === -1)
body.roles.push(everyone.id);
member.roles = body.roles.map((x) => Role.create({ id: x })); // foreign key constraint will fail if role doesn't exist
// foreign key constraint will fail if role doesn't exist
member.roles = body.roles.map((x) => Role.create({ id: x }));
}

await member.save();
Expand Down

0 comments on commit 51239d6

Please sign in to comment.