From 6d67b3f767280ae357a3ac4bb8b456d879e49f3e Mon Sep 17 00:00:00 2001
From: Paul <paulmakles@gmail.com>
Date: Wed, 16 Jun 2021 15:46:54 +0100
Subject: [PATCH] Fix: Prevent users banning themselves.

---
 src/routes/servers/ban_create.rs | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/routes/servers/ban_create.rs b/src/routes/servers/ban_create.rs
index b54d68c..aec2f53 100644
--- a/src/routes/servers/ban_create.rs
+++ b/src/routes/servers/ban_create.rs
@@ -30,6 +30,14 @@ pub async fn req(user: User, server: Ref, target: Ref, data: Json<Data>) -> Resu
     }
 
     let target = target.fetch_user().await?;
+    if target.id == user.id {
+        return Err(Error::InvalidOperation)
+    }
+
+    if target.id == server.owner {
+        return Err(Error::MissingPermission)
+    }
+
     let mut document = doc! {
         "_id": {
             "server": &server.id,
-- 
GitLab