velvox
/
litecord
mirror of https://gitlab.com/litecord/litecord.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

guild.roles: add permission checks

This commit is contained in:
Luna Mendes 2018-11-21 20:47:03 -03:00
parent 24f71f3f58
commit b069295898
1 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
litecord/blueprints/guild/roles.py
View File

@ -6,7 +6,7 @@ from logging import Logger
from litecord.auth import token_check from litecord.auth import token_check
from litecord.blueprints.checks import ( from litecord.blueprints.checks import (
guild_check, guild_owner_check guild_check, guild_owner_check, guild_perm_check
) )
from litecord.schemas import ( from litecord.schemas import (
validate, ROLE_CREATE, ROLE_UPDATE, ROLE_UPDATE_POSITION validate, ROLE_CREATE, ROLE_UPDATE, ROLE_UPDATE_POSITION
@ -103,8 +103,7 @@ async def create_guild_role(guild_id: int):
"""Add a role to a guild""" """Add a role to a guild"""
user_id = await token_check() user_id = await token_check()
# TODO: use check_guild and MANAGE_ROLES permission await guild_perm_check(user_id, guild_id, 'manage_roles')
await guild_owner_check(user_id, guild_id)
# client can just send null # client can just send null
j = validate(await request.get_json() or {}, ROLE_CREATE) j = validate(await request.get_json() or {}, ROLE_CREATE)
@ -255,8 +254,7 @@ async def update_guild_role_positions(guild_id):
"""Update the positions for a bunch of roles.""" """Update the positions for a bunch of roles."""
user_id = await token_check() user_id = await token_check()
# TODO: check MANAGE_ROLES await guild_perm_check(user_id, guild_id, 'manage_roles')
await guild_owner_check(user_id, guild_id)
raw_j = await request.get_json() raw_j = await request.get_json()
@ -278,6 +276,8 @@ async def update_guild_role_positions(guild_id):
# TODO: check if the user can even change the roles in the first place, # TODO: check if the user can even change the roles in the first place,
# preferrably when we have a proper perms system. # preferrably when we have a proper perms system.
# NOTE: ^ this is related to the positioning of the roles.
pairs = gen_pairs( pairs = gen_pairs(
j, j,
roles_pos, roles_pos,
@ -298,8 +298,7 @@ async def update_guild_role(guild_id, role_id):
"""Update a single role's information.""" """Update a single role's information."""
user_id = await token_check() user_id = await token_check()
# TODO: check MANAGE_ROLES await guild_perm_check(user_id, guild_id, 'manage_roles')
await guild_owner_check(user_id, guild_id)
j = validate(await request.get_json(), ROLE_UPDATE) j = validate(await request.get_json(), ROLE_UPDATE)
@ -326,8 +325,7 @@ async def delete_guild_role(guild_id, role_id):
""" """
user_id = await token_check() user_id = await token_check()
# TODO: check MANAGE_ROLES await guild_perm_check(user_id, guild_id, 'manage_roles')
await guild_owner_check(user_id, guild_id)
res = await app.db.execute(""" res = await app.db.execute("""
DELETE FROM roles DELETE FROM roles