3
0
Fork 0
mirror of https://github.com/ZeppelinBot/Zeppelin.git synced 2025-07-06 18:47:20 +00:00

dont allow self targeting for set-perms

Signed-off-by: GitHub <noreply@github.com>
This commit is contained in:
Tiago R 2023-11-26 12:55:06 +00:00 committed by GitHub
parent b47db15ad2
commit 99cb2e01d3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -126,7 +126,7 @@ export function initGuildsAPI(app: express.Express) {
if (type !== ApiPermissionTypes.User) {
return clientError(res, "Invalid type");
}
if (!isSnowflake(targetId)) {
if (!isSnowflake(targetId) || targetId === req.user!.userId) {
return clientError(res, "Invalid targetId");
}
const validPermissions = new Set(Object.values(ApiPermissions));