From 91327438709df84545b1cf0b930855737f85652c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <baris@nodebb.org>
Date: Wed, 2 May 2018 12:43:07 -0400
Subject: [PATCH] #6481

---
 src/groups/update.js    |  8 ++++++--
 src/socket.io/groups.js |  1 +
 test/groups.js          | 20 ++++++++++++++++++++
 3 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/src/groups/update.js b/src/groups/update.js
index e2fc4772e4..b9319736ca 100644
--- a/src/groups/update.js
+++ b/src/groups/update.js
@@ -168,7 +168,7 @@ module.exports = function (Groups) {
 			function (next) {
 				async.parallel({
 					group: function (next) {
-						db.getObject('group:' + currentName, next);
+						Groups.getGroupData(currentName, next);
 					},
 					exists: function (next) {
 						Groups.existsBySlug(newSlug, next);
@@ -180,7 +180,11 @@ module.exports = function (Groups) {
 					return next(new Error('[[error:group-already-exists]]'));
 				}
 
-				if (parseInt(results.group.system, 10) === 1) {
+				if (!results.group) {
+					return next(new Error('[[error:no-group]]'));
+				}
+
+				if (results.group.system) {
 					return next(new Error('[[error:not-allowed-to-rename-system-group]]'));
 				}
 
diff --git a/src/socket.io/groups.js b/src/socket.io/groups.js
index 8a446f563c..e98b8451c6 100644
--- a/src/socket.io/groups.js
+++ b/src/socket.io/groups.js
@@ -238,6 +238,7 @@ SocketGroups.create = function (socket, data, callback) {
 SocketGroups.delete = isOwner(function (socket, data, callback) {
 	if (data.groupName === 'administrators' ||
 		data.groupName === 'registered-users' ||
+		data.groupName === 'guests' ||
 		data.groupName === 'Global Moderators') {
 		return callback(new Error('[[error:not-allowed]]'));
 	}
diff --git a/test/groups.js b/test/groups.js
index 928dc72b3c..5c54359203 100644
--- a/test/groups.js
+++ b/test/groups.js
@@ -942,6 +942,19 @@ describe('Groups', function () {
 			});
 		});
 
+		it('should fail to rename guests group', function (done) {
+			var data = {
+				groupName: 'guests',
+				values: {
+					name: 'guests2',
+				},
+			};
+			socketGroups.update({ uid: adminUid }, data, function (err) {
+				assert.equal(err.message, '[[error:no-group]]');
+				done();
+			});
+		});
+
 		it('should delete group', function (done) {
 			socketGroups.delete({ uid: adminUid }, { groupName: 'renamedupdategroup' }, function (err) {
 				assert.ifError(err);
@@ -974,6 +987,13 @@ describe('Groups', function () {
 			});
 		});
 
+		it('should fail to delete group if name is special', function (done) {
+			socketGroups.delete({ uid: adminUid }, { groupName: 'guests' }, function (err) {
+				assert.equal(err.message, '[[error:not-allowed]]');
+				done();
+			});
+		});
+
 		it('should fail to load more groups with invalid data', function (done) {
 			socketGroups.loadMore({ uid: adminUid }, {}, function (err) {
 				assert.equal(err.message, '[[error:invalid-data]]');