From e45a3cd680f4c0afec3fe6fe2240c2027d096d07 Mon Sep 17 00:00:00 2001 From: Rory& Date: Wed, 1 Jul 2026 18:35:25 +0200 Subject: [PATCH] Enforce that a given applications emoji set can only be modified by the application itself, or its owner --- assets/openapi.json | Bin 993353 -> 993483 bytes assets/schemas.json | Bin 445902 -> 446000 bytes .../applications/#application_id/emojis.ts | 11 ++++++++++- src/database/entities/Application.ts | 4 ++++ 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/assets/openapi.json b/assets/openapi.json index 8be85c7b1fad05b96c7c85869ddbb4d7258fdea3..2a928a2bc248b7bec592b98dd4bd5dc315b14db2 100644 GIT binary patch delta 102 zcmX?k!RGWun}!y~7N!>F7M2#)Eo_{E)Bj&*N}8Oo&v^R$HLNz1KU7L?pD4(-kRK$@ tIX%3aLu`7VARB+XgCZLcvjZ^)5OV@C7Z7s;F%J;)0x{oq2St8Pb^z3DA+!Jh delta 82 zcmX?o(dOg@n}!y~7N!>F7M2#)Eo_{ElN0tCPoKYr)n@XCO3Ce?1=$wzw{KBo17da{ b<^W<&Am##MZXo6XVqPHT+rCASUz{BPMB^TT diff --git a/assets/schemas.json b/assets/schemas.json index 3b82e3826e07a38ed063dff00c0612d2c98667a8..b72d9cc13044bfd0efe59ef6b25d992f88834e36 100644 GIT binary patch delta 68 zcmX>%TYAGB>4p}@7N!>F7M3lng(}k*7_+iXK7Y++dcYkf?P-oI*3)GTS^2g4p}@7N!>F7M3lng(}kn?l5Ujb7ZleUT?_Cw_RVA)q { const { emoji_id, application_id } = req.params as { [key: string]: string }; + const app = await Application.findOne({ where: { id: application_id } }); + if (req.user_id != app?.id && req.user_id != app?.owner_id) throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION; + await Emoji.delete({ id: emoji_id, application_id: application_id, diff --git a/src/database/entities/Application.ts b/src/database/entities/Application.ts index 1fcb9e078..dc2b61116 100644 --- a/src/database/entities/Application.ts +++ b/src/database/entities/Application.ts @@ -58,6 +58,10 @@ export class Application extends BaseClass { @ManyToOne(() => User, { onDelete: "CASCADE" }) owner: User; + @Column({ type: "int8" }) + @RelationId((application: Application) => application.owner) + owner_id: string; + // TODO: enum this? https://discord.com/developers/docs/resources/application#application-object-application-flags @Column() flags: number = 0;