Skip to content

Commit

Permalink
guild api perm fixes (wip)
Browse files Browse the repository at this point in the history
  • Loading branch information
@Dragon1320
Dragon1320 committed Oct 11, 2018
1 parent 32da173 commit dd92631
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 5 deletions.
10 changes: 5 additions & 5 deletions src/web/routes/api/guilds.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -256,7 +256,7 @@ router.route("/:discord_id").get(authUser, (req, res) => {
return e.id === req.params.discord_id;
});

if (current_guild === undefined || (current_guild.owner === false && ((current_guild.permissions & 0b1000) !== 0b1000) && current_guild.member_perms.includes("patch_guild") === false)) {
if (current_guild === undefined || (current_guild.owner === false && ((current_guild.permissions & 0b1000) !== 0b1000) && doc.member_perms.includes("patch_guild") === false)) {

return res.json({ status: 403 });
}
Expand Down Expand Up @@ -305,7 +305,7 @@ router.route("/:discord_id").get(authUser, (req, res) => {
return e.id === req.params.discord_id;
});

if (current_guild === undefined || (current_guild.owner === false && ((current_guild.permissions & 0b1000) !== 0b1000) && current_guild.member_perms.includes("delete_guild") === false)) {
if (current_guild === undefined || (current_guild.owner === false && ((current_guild.permissions & 0b1000) !== 0b1000) && doc.member_perms.includes("delete_guild") === false)) {

return res.json({ status: 403 });
}
Expand Down Expand Up @@ -508,7 +508,7 @@ router.route("/:discord_id/scripts").get(authUser, (req, res) => {
return e.id === req.params.discord_id;
});

if (current_guild === undefined || (current_guild.owner === false && ((current_guild.permissions & 0b1000) !== 0b1000) && current_guild.member_perms.includes("post_script") === false)) {
if (current_guild === undefined || (current_guild.owner === false && ((current_guild.permissions & 0b1000) !== 0b1000) && doc.member_perms.includes("post_script") === false)) {

return res.json({ status: 403 });
}
Expand Down Expand Up @@ -632,7 +632,7 @@ router.route("/:discord_id/scripts/:object_id").get(authUser, (req, res) => {
return e.id === req.params.discord_id;
});

if (current_guild === undefined || (current_guild.owner === false && ((current_guild.permissions & 0b1000) !== 0b1000) && current_guild.member_perms.includes("patch_script") === false)) {
if (current_guild === undefined || (current_guild.owner === false && ((current_guild.permissions & 0b1000) !== 0b1000) && doc.member_perms.includes("patch_script") === false)) {

return res.json({ status: 403 });
}
Expand Down Expand Up @@ -724,7 +724,7 @@ router.route("/:discord_id/scripts/:object_id").get(authUser, (req, res) => {
return e.id === req.params.discord_id;
});

if (current_guild === undefined || (current_guild.owner === false && ((current_guild.permissions & 0b1000) !== 0b1000) && current_guild.member_perms.includes("delete_script") === false)) {
if (current_guild === undefined || (current_guild.owner === false && ((current_guild.permissions & 0b1000) !== 0b1000) && doc.member_perms.includes("delete_script") === false)) {

return res.json({ status: 403 });
}
Expand Down
34 changes: 34 additions & 0 deletions src/web/routes/index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,40 @@ router.get("/dashboard/profiles/:discord_id", authUser, async (req, res) => {
}
});

router.get("/logout", async (req, res) => {

let session_doc;

// if the cookie exists, attempt to fetch the users session
if (req.cookies !== undefined && req.cookies.session !== undefined) {

try {

session_doc = await fetchSession(req.cookies.session);
} catch(error) {

// fail silently
apiLogger.error(error);
}
}

// the user was logged in
if (session_doc !== undefined && session_doc.complete === true) {

// log the user out
try {

await session_doc.remove();
} catch(error) {

return res.json({ message: "error loggin out", error });
}
}

// redirect to home page to show successful log out
return res.redirect("/");
});

router.get("/auth/discord", async (req, res) => {

let session_doc;
Expand Down

0 comments on commit dd92631

Please sign in to comment.