Don't allow message types to be edited

2023-02-03 14:39:42 +11:00 · 2023-02-03 14:39:42 +11:00 · 16a5cbac87
commit 16a5cbac87
parent 6e04c92f07
4 changed files with 25 additions and 6 deletions
--- a/assets/schemas.json
+++ b/assets/schemas.json
--- a/src/api/routes/channels/#channel_id/messages/#message_id/index.ts
+++ b/src/api/routes/channels/#channel_id/messages/#message_id/index.ts
@ -30,6 +30,7 @@ import {
 	Snowflake,
 	uploadFile,
 	MessageCreateSchema,
+	MessageEditSchema,
 } from "@fosscord/util";
 import { Router, Response, Request } from "express";
 import multer from "multer";
@ -52,13 +53,13 @@ const messageUpload = multer({
 router.patch(
 	"/",
 	route({
-		body: "MessageCreateSchema",
+		body: "MessageEditSchema",
 		permission: "SEND_MESSAGES",
 		right: "SEND_MESSAGES",
 	}),
 	async (req: Request, res: Response) => {
 		const { message_id, channel_id } = req.params;
-		let body = req.body as MessageCreateSchema;
+		let body = req.body as MessageEditSchema;

 		const message = await Message.findOneOrFail({
 			where: { id: message_id, channel_id },
@ -81,10 +82,6 @@ router.patch(
 			}
 		} else rights.hasThrow("SELF_EDIT_MESSAGES");

-		// The permision should obviously not allow editing the message type
-		// But for people with the right, does this make sense?
-		if (body.type) rights.hasThrow("MANAGE_MESSAGES");
-
 		const new_message = await handleMessage({
 			...message,
 			// TODO: should message_reference be overridable?
--- a/src/util/schemas/MessageEditSchema.ts
+++ b/src/util/schemas/MessageEditSchema.ts
@ -0,0 +1,21 @@
+/*
+	Fosscord: A FOSS re-implementation and extension of the Discord.com backend.
+	Copyright (C) 2023 Fosscord and Fosscord Contributors
+	
+	This program is free software: you can redistribute it and/or modify
+	it under the terms of the GNU Affero General Public License as published
+	by the Free Software Foundation, either version 3 of the License, or
+	(at your option) any later version.
+	
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU Affero General Public License for more details.
+	
+	You should have received a copy of the GNU Affero General Public License
+	along with this program.  If not, see <https://www.gnu.org/licenses/>.
+*/
+
+import { MessageCreateSchema } from "./MessageCreateSchema";
+
+export type MessageEditSchema = Omit<MessageCreateSchema, "type">;
--- a/src/util/schemas/index.ts
+++ b/src/util/schemas/index.ts
@ -87,3 +87,4 @@ export * from "./AckBulkSchema";
 export * from "./WebAuthnSchema";
 export * from "./WebhookCreateSchema";
 export * from "./WidgetModifySchema";
+export * from "./MessageEditSchema";