Ban API compat & Bulk Ban endpoint (#1120)

Co-authored-by: Madeline <46743919+MaddyUnderStars@users.noreply.github.com>

src/api/util/handlers/route.ts

@@ -1,17 +1,17 @@
 /*
 	Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
 	Copyright (C) 2023 Spacebar and Spacebar Contributors
-	
+
 	This program is free software: you can redistribute it and/or modify
 	it under the terms of the GNU Affero General Public License as published
 	by the Free Software Foundation, either version 3 of the License, or
 	(at your option) any later version.
-	
+
 	This program is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 	GNU Affero General Public License for more details.
-	
+
 	You should have received a copy of the GNU Affero General Public License
 	along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
@@ -90,19 +90,23 @@ export function route(opts: RouteOptions) {
 
 	return async (req: Request, res: Response, next: NextFunction) => {
 		if (opts.permission) {
-			const required = new Permissions(opts.permission);
 			req.permission = await getPermission(
 				req.user_id,
 				req.params.guild_id,
 				req.params.channel_id,
 			);
 
-			// bitfield comparison: check if user lacks certain permission
-			if (!req.permission.has(required)) {
-				throw DiscordApiErrors.MISSING_PERMISSIONS.withParams(
-					opts.permission as string,
-				);
-			}
+			const requiredPerms = Array.isArray(opts.permission)
+				? opts.permission
+				: [opts.permission];
+			requiredPerms.forEach((perm) => {
+				// bitfield comparison: check if user lacks certain permission
+				if (!req.permission!.has(new Permissions(perm))) {
+					throw DiscordApiErrors.MISSING_PERMISSIONS.withParams(
+						perm as string,
+					);
+				}
+			});
 		}
 
 		if (opts.right) {