From e73c6e40ebda7d2b69c6de15b1d99b715ac69aac Mon Sep 17 00:00:00 2001
From: Sainan <sainan@calamity.inc>
Date: Fri, 14 Mar 2025 15:26:01 +0100
Subject: [PATCH] check permission for pausing & unpausing research

---
 src/controllers/api/guildTechController.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/controllers/api/guildTechController.ts b/src/controllers/api/guildTechController.ts
index c6a142ee..3c1835a8 100644
--- a/src/controllers/api/guildTechController.ts
+++ b/src/controllers/api/guildTechController.ts
@@ -193,6 +193,10 @@ export const guildTechController: RequestHandler = async (req, res) => {
         // Not a mistake: This response uses `inventoryChanges` instead of `InventoryChanges`.
         res.json({ inventoryChanges: inventoryChanges });
     } else if (data.Action == "Pause") {
+        if (!hasAccessToDojo(inventory) || !(await hasGuildPermission(guild, accountId, GuildPermission.Tech))) {
+            res.status(400).send("-1").end();
+            return;
+        }
         const project = guild.TechProjects!.find(x => x.ItemType == data.RecipeType)!;
         project.State = -2;
         guild.ActiveDojoColorResearch = "";
@@ -200,6 +204,10 @@ export const guildTechController: RequestHandler = async (req, res) => {
         await removePigmentsFromGuildMembers(guild._id);
         res.end();
     } else if (data.Action == "Unpause") {
+        if (!hasAccessToDojo(inventory) || !(await hasGuildPermission(guild, accountId, GuildPermission.Tech))) {
+            res.status(400).send("-1").end();
+            return;
+        }
         const project = guild.TechProjects!.find(x => x.ItemType == data.RecipeType)!;
         project.State = 0;
         guild.ActiveDojoColorResearch = data.RecipeType;