Add in permission checking

src/api/board.ins/routes/root.ts

@@ -20,8 +20,9 @@ export default class Root extends Route {
       }
 
       const director = await this.server.client.db.Score.findOne({ pin: req.body.pin });
+      const staffGuild = this.server.client.guilds.get('446067825673633794') || await this.server.client.getRESTGuild('446067825673633794');
 
-      if (!director) {
+      if (!director || !staffGuild.members.get(director.userID)?.roles?.includes('662163685439045632')) {
         return res.status(401).json({
           code: this.constants.codes.UNAUTHORIZED,
           message: this.constants.messages.UNAUTHORIZED,
@@ -50,8 +51,8 @@ export default class Root extends Route {
         oID: genUUID(),
       });
 
-      const staffInformation = await this.server.client.db.Staff.findOne({ userID: director.userID });
       const staffDiscord = this.server.client.users.get(director.userID) || await this.server.client.getRESTUser(director.userID);
+      const staffInformation = await this.server.client.db.Staff.findOne({ userID: director.userID });
 
       const embed = new RichEmbed();
       embed.setTitle('Executive Order');