From 0c14473a9588d2b93a7ff870684692974caa0103 Mon Sep 17 00:00:00 2001
From: Luna <git@l4.pm>
Date: Mon, 30 Aug 2021 23:18:28 -0300
Subject: [PATCH] checks: validate when target or user is an owner

---
 litecord/blueprints/checks.py | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/litecord/blueprints/checks.py b/litecord/blueprints/checks.py
index 3632e16..f6b43b2 100644
--- a/litecord/blueprints/checks.py
+++ b/litecord/blueprints/checks.py
@@ -127,10 +127,31 @@ async def _max_role_position(guild_id, member_id) -> Optional[int]:
     )
 
 
-async def _validate_target_member(guild_id: int, user_id: int, target_member_id: int):
+async def _validate_target_member(
+    guild_id: int, user_id: int, target_member_id: int
+) -> bool:
+    owner_id = await storage.db.fetchval(
+        """
+        SELECT owner_id
+        FROM guilds
+        WHERE id = $1
+        """,
+        guild_id,
+    )
+
+    # owners have all permissions
+    # if doing an action as an owner, it always works
+    # if doing an action TO an owner, it always fails
+    if user_id == owner_id:
+        return True
+
+    if target_member_id == owner_id:
+        return False
+
     # there is no internal function to fetch full role objects
     # (likely because it would be too expensive to do it here),
     # so instead do a raw sql query.
+
     target_max_position = await _max_role_position(guild_id, target_member_id)
     user_max_position = await _max_role_position(guild_id, user_id)