fix(auth): Fix bug allowing any valid moderator to see all instances

Author: FoxxMD

src/Web/Server/routes/authenticated/user/status.ts

@@ -41,7 +41,10 @@ const status = () => {
         if(req.serverBot !== undefined) {
             bots = [req.serverBot];
         } else {
-            bots = (req.user as Express.User).isOperator ? req.botApp.bots : req.botApp.bots.filter(x => intersect(req.user?.subreddits as string[], x.subManagers.map(y => y.subreddit.display_name)));
+            bots = (req.user as Express.User).isOperator ? req.botApp.bots : req.botApp.bots.filter(x => {
+                const i = intersect(req.user?.subreddits as string[], x.subManagers.map(y => y.subreddit.display_name));
+                return i.length > 0;
+            });
         }
         const botResponses: BotStatusResponse[] = [];
         for(const b of bots) {
@@ -89,6 +92,9 @@ const status = () => {
             if(m === undefined) {
                 continue;
             }
+            if(!(req.user as Express.User).isOperator && !(req.user?.subreddits as string[]).includes(m.subreddit.display_name)) {
+                continue;
+            }
             const sd = {
                 name: s,
                 //linkName: s.replace(/\W/g, ''),