Dekescordes/spacebar
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

prevent put /guilds/id/members/id for others until we have oauth2 scopes impled

Browse Source
This commit is contained in:
Madeline 2023-08-27 16:54:54 +10:00
parent 8a7ee8c8a9
commit 3498ffdc01
No known key found for this signature in database
GPG Key ID: 1958E017C36F2E47
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/api/routes/guilds/#guild_id/members/#member_id/index.ts
View File

@ -18,6 +18,7 @@
import { route } from "@spacebar/api"; import { route } from "@spacebar/api";
import { import {
DiscordApiErrors,
emitEvent, emitEvent,
Emoji, Emoji,
getPermission, getPermission,
@ -198,7 +199,9 @@ router.put(
member_id = req.user_id; member_id = req.user_id;
rights.hasThrow("JOIN_GUILDS"); rights.hasThrow("JOIN_GUILDS");
} else { } else {
// TODO: join others by controller // TODO: check oauth2 scope
throw DiscordApiErrors.MISSING_REQUIRED_OAUTH2_SCOPE;
} }
const guild = await Guild.findOneOrFail({ const guild = await Guild.findOneOrFail({