feat: use permission system

src/api/v1/guilds/uuid/channels.rs

@@ -1,9 +1,5 @@
 use crate::{
-    Data,
-    api::v1::auth::check_access_token,
-    error::Error,
-    objects::{Channel, Member},
-    utils::{get_auth_header, global_checks, order_by_is_above},
+    api::v1::auth::check_access_token, error::Error, objects::{Channel, Member, Permissions}, utils::{get_auth_header, global_checks, order_by_is_above}, Data
 };
 use ::uuid::Uuid;
 use actix_web::{HttpRequest, HttpResponse, get, post, web};
@@ -74,9 +70,9 @@ pub async fn create(
 
     global_checks(&data, uuid).await?;
 
-    Member::check_membership(&mut conn, uuid, guild_uuid).await?;
+    let member = Member::check_membership(&mut conn, uuid, guild_uuid).await?;
 
-    // FIXME: Logic to check permissions, should probably be done in utils.rs
+    member.check_permission(&data, Permissions::CreateChannel).await?;
 
     let channel = Channel::new(
         data.clone(),

src/api/v1/guilds/uuid/icon.rs

@@ -5,11 +5,7 @@ use futures_util::StreamExt as _;
 use uuid::Uuid;
 
 use crate::{
-    Data,
-    api::v1::auth::check_access_token,
-    error::Error,
-    objects::{Guild, Member},
-    utils::{get_auth_header, global_checks},
+    api::v1::auth::check_access_token, error::Error, objects::{Guild, Member, Permissions}, utils::{get_auth_header, global_checks}, Data
 };
 
 /// `PUT /api/v1/guilds/{uuid}/icon` Icon upload
@@ -36,7 +32,9 @@ pub async fn upload(
 
     global_checks(&data, uuid).await?;
 
-    Member::check_membership(&mut conn, uuid, guild_uuid).await?;
+    let member = Member::check_membership(&mut conn, uuid, guild_uuid).await?;
+
+    member.check_permission(&data, Permissions::ManageServer).await?;
 
     let mut guild = Guild::fetch_one(&mut conn, guild_uuid).await?;
 

src/api/v1/guilds/uuid/invites/mod.rs

@@ -3,11 +3,7 @@ use serde::Deserialize;
 use uuid::Uuid;
 
 use crate::{
-    Data,
-    api::v1::auth::check_access_token,
-    error::Error,
-    objects::{Guild, Member},
-    utils::{get_auth_header, global_checks},
+    api::v1::auth::check_access_token, error::Error, objects::{Guild, Member, Permissions}, utils::{get_auth_header, global_checks}, Data
 };
 
 #[derive(Deserialize)]
@@ -61,7 +57,9 @@ pub async fn create(
 
     global_checks(&data, uuid).await?;
 
-    Member::check_membership(&mut conn, uuid, guild_uuid).await?;
+    let member = Member::check_membership(&mut conn, uuid, guild_uuid).await?;
+
+    member.check_permission(&data, Permissions::CreateInvite).await?;
 
     let guild = Guild::fetch_one(&mut conn, guild_uuid).await?;
 

src/api/v1/guilds/uuid/roles/mod.rs

@@ -3,11 +3,7 @@ use actix_web::{HttpRequest, HttpResponse, get, post, web};
 use serde::Deserialize;
 
 use crate::{
-    Data,
-    api::v1::auth::check_access_token,
-    error::Error,
-    objects::{Member, Role},
-    utils::{get_auth_header, global_checks, order_by_is_above},
+    api::v1::auth::check_access_token, error::Error, objects::{Member, Permissions, Role}, utils::{get_auth_header, global_checks, order_by_is_above}, Data
 };
 
 pub mod uuid;
@@ -70,9 +66,9 @@ pub async fn create(
 
     global_checks(&data, uuid).await?;
 
-    Member::check_membership(&mut conn, uuid, guild_uuid).await?;
+    let member = Member::check_membership(&mut conn, uuid, guild_uuid).await?;
 
-    // FIXME: Logic to check permissions, should probably be done in utils.rs
+    member.check_permission(&data, Permissions::CreateRole).await?;
 
     let role = Role::new(&mut conn, guild_uuid, role_info.name.clone()).await?;