Fix default rights sucking, fix patch /guilds/:id/members/:id not checking perm for nick

2022-09-24 23:53:30 +10:00 · 2022-09-24 23:53:30 +10:00 · d113f447fd
commit d113f447fd
parent ea09ba535e
3 changed files with 45 additions and 33 deletions
--- a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
+++ b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
@ -35,7 +35,10 @@ router.patch("/", route({ body: "MemberChangeSchema" }), async (req: Request, re
 		member.roles = body.roles.map((x) => new Role({ id: x })); // foreign key constraint will fail if role doesn't exist
 	}
-	if (body.nick) member.nick = body.nick;
+	if (body.nick) {
 		permission.hasThrow(req.user_id == member.user.id ? "CHANGE_NICKNAME" : "MANAGE_NICKNAMES");
 		member.nick = body.nick;
 	}
 	await member.save();
--- a/bundle/scripts/rights.js
+++ b/bundle/scripts/rights.js
@ -0,0 +1,40 @@
 const path = require("path");
 const fs = require("fs");
 const { env } = require("process");
 const { execSync } = require("child_process");
 const { argv, stdout, exit } = require("process");
 const { execIn, getLines, parts } = require("../../util");
 let lines = fs.readFileSync(path.join(__dirname, "..", "src", "util", "util", "Rights.ts")).toString();
 let lines2 = lines.split("\n");
 let lines3 = lines2.filter((y) => y.includes(": BitFlag("));
 let lines4 = lines3.map((x) => x.split("//")[0].trim());
 function BitFlag(int) {
 	return 1n << BigInt(int);
 }
 let rights = [];
 let maxRights = 0n;
 lines4.forEach((x) => {
 	maxRights += eval(`rights.${x.replace(":", " = ").replace(",", ";")}`);
 });
 //max rights...
 console.log(`Maximum rights: ${maxRights}`);
 //discord rights...
 discordRights = maxRights;
 discordRights -= rights.SEND_BACKDATED_EVENTS;
 discordRights -= rights.MANAGE_GUILD_DIRECTORY;
 discordRights -= rights.CREDITABLE;
 discordRights -= rights.BYPASS_RATE_LIMITS;
 discordRights -= rights.ADD_MEMBERS;
 discordRights -= rights.MANAGE_USERS;
 discordRights -= rights.MANAGE_TICKETS;
 discordRights -= rights.MANAGE_ROUTING;
 discordRights -= rights.MANAGE_RATE_LIMITS;
 discordRights -= rights.MANAGE_MESSAGES;
 discordRights -= rights.MANAGE_GUILDS;
 discordRights -= rights.MANAGE_APPLICATIONS;
 discordRights -= rights.OPERATOR;
 console.log(`Discord-like rights: ${discordRights}`);
--- a/util/src/entities/Config.ts
+++ b/util/src/entities/Config.ts
@ -319,38 +319,7 @@ export const DefaultConfigOptions: ConfigValue = {
 			secret: null,
 		},
 		ipdataApiKey: "eca677b284b3bac29eb72f5e496aa9047f26543605efe99ff2ce35c9",
-		defaultRights: (
+		defaultRights: "30644591655936",	// See util/scripts/rights.js
 			Rights.FLAGS.MANAGE_GUILDS +
 			Rights.FLAGS.MANAGE_MESSAGES +
 			Rights.FLAGS.MANAGE_TICKETS +
 			Rights.FLAGS.MANAGE_USERS +
 			Rights.FLAGS.CREATE_CHANNELS +
 			Rights.FLAGS.CREATE_DMS +
 			Rights.FLAGS.CREATE_DM_GROUPS +
 			Rights.FLAGS.CREATE_GUILDS +
 			Rights.FLAGS.CREATE_INVITES +
 			Rights.FLAGS.CREATE_ROLES +
 			Rights.FLAGS.CREATE_TEMPLATES +
 			Rights.FLAGS.CREATE_WEBHOOKS +
 			Rights.FLAGS.JOIN_GUILDS +
 			Rights.FLAGS.PIN_MESSAGES +
 			Rights.FLAGS.SELF_ADD_REACTIONS +
 			Rights.FLAGS.SELF_DELETE_MESSAGES +
 			Rights.FLAGS.SELF_EDIT_MESSAGES +
 			Rights.FLAGS.SELF_EDIT_NAME +
 			Rights.FLAGS.SEND_MESSAGES +
 			Rights.FLAGS.USE_ACTIVITIES +
 			Rights.FLAGS.USE_VIDEO +
 			Rights.FLAGS.USE_VOICE +
 			Rights.FLAGS.INVITE_USERS +
 			Rights.FLAGS.SELF_DELETE_DISABLE +
 			Rights.FLAGS.DEBTABLE +
 			Rights.FLAGS.KICK_BAN_MEMBERS +
 			Rights.FLAGS.SELF_LEAVE_GROUPS +
 			Rights.FLAGS.SELF_ADD_DISCOVERABLE +
 			Rights.FLAGS.USE_ACHIEVEMENTS +
 			Rights.FLAGS.USE_MASS_INVITES
 		).toString()
 	},
 	login: {
 		requireCaptcha: false,