From 3ff466e3461035776cba4447bb71e3a1485dc508 Mon Sep 17 00:00:00 2001
From: MeowcaTheoRange <tabletmeowcat@gmail.com>
Date: Mon, 25 Sep 2023 13:37:39 -0500
Subject: [PATCH] Allow mods to delete messages

---
 src/pages/api/message/[clan]/index.ts | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/pages/api/message/[clan]/index.ts b/src/pages/api/message/[clan]/index.ts
index 158fa18..e7faa54 100644
--- a/src/pages/api/message/[clan]/index.ts
+++ b/src/pages/api/message/[clan]/index.ts
@@ -1,6 +1,10 @@
 import { getSingleClan } from "@/lib/trollcall/clan";
 import { deleteMessage } from "@/lib/trollcall/message";
-import { compareCredentials } from "@/lib/trollcall/perms";
+import {
+    compareCredentials,
+    compareLevels,
+    getLevel
+} from "@/lib/trollcall/perms";
 import { ObjectId } from "mongodb";
 import { NextApiRequest, NextApiResponse } from "next";
 
@@ -16,8 +20,18 @@ export default async function handler(
             name: cookies.TROLLCALL_NAME
         });
         if (checkClan == null) return res.status(404).end();
-        if (!(await compareCredentials(checkClan, cookies)))
-            return res.status(403).end();
+        if (!(await compareCredentials(checkClan, cookies))) {
+            const thisClan = await getSingleClan({
+                name: cookies.TROLLCALL_NAME
+            });
+            if (
+                thisClan == null ||
+                !(await compareCredentials(thisClan, cookies))
+            )
+                return res.status(403).end();
+            if (!compareLevels(getLevel(thisClan), "MODERATOR"))
+                return res.status(403).end();
+        }
         console.log(query.clan);
         const newMessage = await deleteMessage({
             _id: new ObjectId(query.clan)