From 8a5293e3f4f5fe6af781ba494004138b963b0ec6 Mon Sep 17 00:00:00 2001
From: wonderlandpark <wonderlandpark@outlook.kr>
Date: Mon, 17 May 2021 16:26:07 +0900
Subject: [PATCH] feat: added staff missing permission

---
 pages/api/v2/bots/[id]/owners.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pages/api/v2/bots/[id]/owners.ts b/pages/api/v2/bots/[id]/owners.ts
index 28f08bb..da4f340 100644
--- a/pages/api/v2/bots/[id]/owners.ts
+++ b/pages/api/v2/bots/[id]/owners.ts
@@ -4,6 +4,7 @@ import RequestHandler from '@utils/RequestHandler'
 import { CaptchaVerify, get, update } from '@utils/Query'
 import ResponseWrapper from '@utils/ResponseWrapper'
 import { checkToken } from '@utils/Csrf'
+import { checkUserFlag } from '@utils/Tools'
 import { EditBotOwner, EditBotOwnerSchema } from '@utils/Yup'
 import { User } from '@types'
 
@@ -11,9 +12,11 @@ const BotOwners = RequestHandler()
 	.patch(async (req: PostApiRequest, res) => {
 		const user = await get.Authorization(req.cookies.token)
 		if (!user) return ResponseWrapper(res, { code: 401 })
+		const userinfo = await get.user.load(user)
 		const bot = await get.bot.load(req.query.id)
 		if(!bot) return ResponseWrapper(res, { code: 404 })
-		if((bot.owners as User[])[0].id !== user) return ResponseWrapper(res, { code: 403 })
+		if((bot.owners as User[])[0].id !== user && !checkUserFlag(userinfo.flags, 'staff')) return ResponseWrapper(res, { code: 403 })
+		if(['reported', 'blocked', 'archived'].includes(bot.state) && !checkUserFlag(userinfo.flags, 'staff')) return ResponseWrapper(res, { code: 403, message: '해당 봇은 수정할 수 없습니다.', errors: ['오류라고 생각되면 문의해주세요.'] })
 		const validated = await EditBotOwnerSchema.validate(req.body, { abortEarly: false })
 			.then(el => el)
 			.catch(e => {