From d83c35b256755f31fb7f25f2cbeff5b7c72ee486 Mon Sep 17 00:00:00 2001
From: Hiroyuki <weeb_hiroyuki@outlook.com>
Date: Sat, 6 Feb 2021 00:14:27 -0400
Subject: [PATCH] Add in permission checking

---
 src/api/board.ins/routes/root.ts | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/api/board.ins/routes/root.ts b/src/api/board.ins/routes/root.ts
index 8fb4542..2c2dd21 100644
--- a/src/api/board.ins/routes/root.ts
+++ b/src/api/board.ins/routes/root.ts
@@ -20,8 +20,9 @@ export default class Root extends Route {
       }
 
       const director = await this.server.client.db.Score.findOne({ pin: req.body.pin });
+      const staffGuild = this.server.client.guilds.get('446067825673633794') || await this.server.client.getRESTGuild('446067825673633794');
 
-      if (!director) {
+      if (!director || !staffGuild.members.get(director.userID)?.roles?.includes('662163685439045632')) {
         return res.status(401).json({
           code: this.constants.codes.UNAUTHORIZED,
           message: this.constants.messages.UNAUTHORIZED,
@@ -50,8 +51,8 @@ export default class Root extends Route {
         oID: genUUID(),
       });
 
-      const staffInformation = await this.server.client.db.Staff.findOne({ userID: director.userID });
       const staffDiscord = this.server.client.users.get(director.userID) || await this.server.client.getRESTUser(director.userID);
+      const staffInformation = await this.server.client.db.Staff.findOne({ userID: director.userID });
 
       const embed = new RichEmbed();
       embed.setTitle('Executive Order');