misty.cafe/mistykey
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

pass access token through API to enforce rank

Browse source
This commit is contained in:
Hazelnoot 2025-06-21 12:40:37 -04:00
parent fae87e03c0
commit 186c615e3f
166 changed files with 473 additions and 380 deletions
Download patch file Download diff file Expand all files Collapse all files

4
packages/backend/src/server/api/endpoints/admin/roles/assign.ts
View file

@ -65,13 +65,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private roleService: RoleService,
) {
super(meta, paramDef, async (ps, me) => {
super(meta, paramDef, async (ps, me, token) => {
const role = await this.rolesRepository.findOneBy({ id: ps.roleId });
if (role == null) {
throw new ApiError(meta.errors.noSuchRole);
}
if (!role.canEditMembersByModerator && !(await this.roleService.isAdministrator(me))) {
if (!role.canEditMembersByModerator && !(await this.roleService.isAdministrator(me, token))) {
throw new ApiError(meta.errors.accessDenied);
}