hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
isekai-main
v1.18.x
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4ee0f1459d'
${ noResults }
nodebb/src/api/groups.js

227 lines
6.1 KiB
JavaScript
Raw Normal View History Unescape Escape

refactor: use single function for api code
4 years ago
'use strict';
refactor: move groups.leave, fix some tests
4 years ago
const validator = require('validator');
refactor: use single function for api code
4 years ago
const privileges = require('../privileges');
const events = require('../events');
const groups = require('../groups');
feat: move groups.join to api
4 years ago
const user = require('../user');
const meta = require('../meta');
refactor: move groups.leave, fix some tests
4 years ago
const notifications = require('../notifications');
const slugify = require('../slugify');
refactor: use single function for api code
4 years ago
const groupsAPI = module.exports;
groupsAPI.create = async function (caller, data) {
if (!caller.uid) {
throw new Error('[[error:no-privileges]]');
} else if (typeof data.name !== 'string' || groups.isPrivilegeGroup(data.name)) {
throw new Error('[[error:invalid-group-name]]');
}
const canCreate = await privileges.global.can('group:create', caller.uid);
if (!canCreate) {
throw new Error('[[error:no-privileges]]');
}
data.ownerUid = caller.uid;
data.system = false;
const groupData = await groups.create(data);
logGroupEvent(caller, 'group-create', {
groupName: data.name,
});
return groupData;
};
refactor(api): deprecated groups update socket in favour of API lib
4 years ago
groupsAPI.update = async function (caller, data) {
const groupName = await groups.getGroupNameByGroupSlug(data.slug);
await isOwner(caller, groupName);
delete data.slug;
await groups.update(groupName, data);
return await groups.getGroupData(data.name || groupName);
};
feat: refactor groups.delete
4 years ago
groupsAPI.delete = async function (caller, data) {
const groupName = await groups.getGroupNameByGroupSlug(data.slug);
await isOwner(caller, groupName);
if (
groups.systemGroups.includes(groupName) ||
groups.ephemeralGroups.includes(groupName)
) {
throw new Error('[[error:not-allowed]]');
}
await groups.destroy(groupName);
logGroupEvent(caller, 'group-delete', {
groupName: groupName,
});
};
feat: move groups.join to api
4 years ago
groupsAPI.join = async function (caller, data) {
if (caller.uid <= 0 || !data.uid) {
throw new Error('[[error:invalid-uid]]');
}
const groupName = await groups.getGroupNameByGroupSlug(data.slug);
if (!groupName) {
throw new Error('[[error:no-group]]');
}
fix: allow admins adding users to global moderators add new test
4 years ago
const isCallerAdmin = await user.isAdministrator(caller.uid);
if (!isCallerAdmin && (
groups.systemGroups.includes(groupName) ||
groups.isPrivilegeGroup(groupName)
)) {
feat: move groups.join to api
4 years ago
throw new Error('[[error:not-allowed]]');
}
fix: allow admins adding users to global moderators add new test
4 years ago
const [groupData, isCallerOwner, userExists] = await Promise.all([
feat: move groups.join to api
4 years ago
groups.getGroupData(groupName),
groups.ownership.isOwner(caller.uid, groupName),
user.exists(data.uid),
]);
if (!userExists) {
throw new Error('[[error:invalid-uid]]');
}
fix: allow admins adding users to global moderators add new test
4 years ago
const isSelf = parseInt(caller.uid, 10) === parseInt(data.uid, 10);
feat: move groups.join to api
4 years ago
if (!meta.config.allowPrivateGroups && isSelf) {
// all groups are public!
await groups.join(groupName, data.uid);
logGroupEvent(caller, 'group-join', {
groupName: groupName,
targetUid: data.uid,
});
return;
}
fix: allow admins adding users to global moderators add new test
4 years ago
if (isSelf && groupData.private && groupData.disableJoinRequests) {
feat: move groups.join to api
4 years ago
throw new Error('[[error:group-join-disabled]]');
}
if ((!groupData.private && isSelf) || isCallerAdmin || isCallerOwner) {
await groups.join(groupName, data.uid);
logGroupEvent(caller, 'group-join', {
groupName: groupName,
targetUid: data.uid,
});
} else if (isSelf) {
await groups.requestMembership(groupName, caller.uid);
logGroupEvent(caller, 'group-request-membership', {
groupName: groupName,
targetUid: data.uid,
});
}
};
refactor: use single function for api code
4 years ago
refactor: move groups.leave, fix some tests
4 years ago
groupsAPI.leave = async function (caller, data) {
if (caller.uid <= 0) {
throw new Error('[[error:invalid-uid]]');
}
const isSelf = parseInt(caller.uid, 10) === parseInt(data.uid, 10);
const groupName = await groups.getGroupNameByGroupSlug(data.slug);
if (!groupName) {
throw new Error('[[error:no-group]]');
}
if (typeof groupName !== 'string') {
throw new Error('[[error:invalid-group-name]]');
}
if (groupName === 'administrators' && isSelf) {
throw new Error('[[error:cant-remove-self-as-admin]]');
}
const [groupData, isCallerAdmin, isCallerOwner, userExists, isMember] = await Promise.all([
groups.getGroupData(groupName),
user.isAdministrator(caller.uid),
groups.ownership.isOwner(caller.uid, groupName),
user.exists(data.uid),
groups.isMember(data.uid, groupName),
]);
if (!userExists) {
throw new Error('[[error:invalid-uid]]');
}
if (!isMember) {
return;
}
if (groupData.disableLeave && isSelf) {
throw new Error('[[error:group-leave-disabled]]');
}
refactor: use single function for api code
4 years ago
refactor: move groups.leave, fix some tests
4 years ago
if (isSelf || isCallerAdmin || isCallerOwner) {
await groups.leave(groupName, data.uid);
} else {
throw new Error('[[error:no-privileges]]');
}
const username = await user.getUserField(data.uid, 'username');
const notification = await notifications.create({
type: 'group-leave',
bodyShort: '[[groups:membership.leave.notification_title, ' + username + ', ' + groupName + ']]',
nid: 'group:' + validator.escape(groupName) + ':uid:' + data.uid + ':group-leave',
path: '/groups/' + slugify(groupName),
fix: notification on group.leave incorrectly showing "Guest has left X group"
4 years ago
from: data.uid,
refactor: move groups.leave, fix some tests
4 years ago
});
const uids = await groups.getOwners(groupName);
await notifications.push(notification, uids);
logGroupEvent(caller, 'group-leave', {
groupName: groupName,
targetUid: data.uid,
});
};
feat: refactor groups.delete
4 years ago
feat(api): group ownership API route, switch client-side to use API route
4 years ago
groupsAPI.grant = async (caller, data) => {
const groupName = await groups.getGroupNameByGroupSlug(data.slug);
await isOwner(caller, groupName);
await groups.ownership.grant(data.uid, groupName);
logGroupEvent(caller, 'group-owner-grant', {
groupName: groupName,
targetUid: data.uid,
});
};
groupsAPI.rescind = async (caller, data) => {
const groupName = await groups.getGroupNameByGroupSlug(data.slug);
await isOwner(caller, groupName);
await groups.ownership.rescind(data.uid, groupName);
logGroupEvent(caller, 'group-owner-rescind', {
groupName: groupName,
targetUid: data.uid,
});
};
feat: refactor groups.delete
4 years ago
async function isOwner(caller, groupName) {
if (typeof groupName !== 'string') {
throw new Error('[[error:invalid-group-name]]');
}
const [isAdmin, isGlobalModerator, isOwner, group] = await Promise.all([
user.isAdministrator(caller.uid),
user.isGlobalModerator(caller.uid),
groups.ownership.isOwner(caller.uid, groupName),
groups.getGroupData(groupName),
]);
const check = isOwner || isAdmin || (isGlobalModerator && !group.system);
if (!check) {
throw new Error('[[error:no-privileges]]');
}
}
refactor: use single function for api code
4 years ago
function logGroupEvent(caller, event, additional) {
events.log({
type: event,
uid: caller.uid,
ip: caller.ip,
...additional,
});
}