clans: disallow lower roles from removing higher role members

2026-01-13 05:31:51 -08:00 · 2025-12-30 14:22:22 +01:00 · 2025-12-30 14:22:22 +01:00 · 9f923e69d8
commit 9f923e69d8
parent 20308d55e6
1 changed files with 4 additions and 1 deletions
--- a/src/Controllers/Common/GroupController.cs
+++ b/src/Controllers/Common/GroupController.cs
@ -371,6 +371,9 @@ public class GroupController : Controller {
        if (targetRole == null)
            return Ok(new RemoveMemberResult { Success = false, Status = RemoveMemberStatus.UserNotAMemberOfTheGroup });

+        if (targetRole.UserRole >= vikingRole.UserRole)
+            return Ok(new RemoveMemberResult { Success = false, Status = RemoveMemberStatus.InvalidParameters });
+
        vikingRole.Group.Vikings.Remove(targetRole);
        if (!vikingRole.Group.Vikings.Any())
            ctx.Groups.Remove(vikingRole.Group);