added features and fixes
This commit is contained in:
@@ -80,7 +80,7 @@ type setMemberRolesRequest struct {
|
||||
// Helpers
|
||||
// ---------------------------------------------------------------------------
|
||||
|
||||
// requireManageServer checks that the caller has MANAGE_SERVER permission.
|
||||
// requireManageServer checks that the caller has MANAGE_SERVER or MANAGE_ROLES permission.
|
||||
// Returns false (and writes the error response) if denied.
|
||||
func (h *RoleHandler) requireManageServer(w http.ResponseWriter, r *http.Request, serverID string) bool {
|
||||
userID, ok := middleware.UserIDFromContext(r.Context())
|
||||
@@ -89,11 +89,18 @@ func (h *RoleHandler) requireManageServer(w http.ResponseWriter, r *http.Request
|
||||
return false
|
||||
}
|
||||
|
||||
allowed, err := h.checker.CheckPermission(r.Context(), serverID, userID, permissions.MANAGE_SERVER)
|
||||
allowed, err := h.checker.CheckPermission(r.Context(), serverID, userID, permissions.MANAGE_ROLES)
|
||||
if err != nil {
|
||||
http.Error(w, `{"error":"server error"}`, http.StatusInternalServerError)
|
||||
return false
|
||||
}
|
||||
if !allowed {
|
||||
allowed, err = h.checker.CheckPermission(r.Context(), serverID, userID, permissions.MANAGE_SERVER)
|
||||
if err != nil {
|
||||
http.Error(w, `{"error":"server error"}`, http.StatusInternalServerError)
|
||||
return false
|
||||
}
|
||||
}
|
||||
if !allowed {
|
||||
http.Error(w, `{"error":"forbidden"}`, http.StatusForbidden)
|
||||
return false
|
||||
|
||||
Reference in New Issue
Block a user