misty.cafe/mistykey
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

revert 44ff9f39: pass access token through API to enforce rank

Browse source
This commit is contained in:
Hazelnoot 2025-06-22 14:54:08 -04:00
parent d7a629e178
commit 7f547a8c10
166 changed files with 377 additions and 472 deletions
Download patch file Download diff file Expand all files Collapse all files

4
packages/backend/src/server/api/endpoints/admin/roles/assign.ts
View file

@ -65,13 +65,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private roleService: RoleService,
) {
super(meta, paramDef, async (ps, me, token) => {
super(meta, paramDef, async (ps, me) => {
const role = await this.rolesRepository.findOneBy({ id: ps.roleId });
if (role == null) {
throw new ApiError(meta.errors.noSuchRole);
}
if (!role.canEditMembersByModerator && !(await this.roleService.isAdministrator(me, token))) {
if (!role.canEditMembersByModerator && !(await this.roleService.isAdministrator(me))) {
throw new ApiError(meta.errors.accessDenied);
}