From 9d1fcf4e3650e7a236206f45b4b4c4770b66f88a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Mon, 4 Feb 2019 14:16:47 -0500
Subject: [PATCH] fix: closes #7217

---
 .../language/en-GB/admin/manage/privileges.json |  1 +
 public/language/en-GB/admin/settings/group.json |  2 --
 public/src/modules/helpers.js                   |  2 +-
 src/controllers/groups.js                       | 12 ++++++++----
 src/privileges/global.js                        |  2 ++
 src/socket.io/groups.js                         | 17 +++++++++++++----
 src/upgrades/1.12.0/group_create_privilege.js   | 16 ++++++++++++++++
 src/views/admin/settings/group.tpl              | 11 -----------
 test/categories.js                              |  2 ++
 test/groups.js                                  | 17 ++---------------
 10 files changed, 45 insertions(+), 37 deletions(-)
 create mode 100644 src/upgrades/1.12.0/group_create_privilege.js

diff --git a/public/language/en-GB/admin/manage/privileges.json b/public/language/en-GB/admin/manage/privileges.json
index 07d0a4de50..6cadf3798c 100644
--- a/public/language/en-GB/admin/manage/privileges.json
+++ b/public/language/en-GB/admin/manage/privileges.json
@@ -11,6 +11,7 @@
 	"search-users": "Search Users",
 	"search-tags": "Search Tags",
 	"allow-local-login": "Local Login",
+	"allow-group-creation": "Group Create",
 
 	"find-category": "Find Category",
 	"access-category": "Access Category",
diff --git a/public/language/en-GB/admin/settings/group.json b/public/language/en-GB/admin/settings/group.json
index fe3e39915b..8275cbd367 100644
--- a/public/language/en-GB/admin/settings/group.json
+++ b/public/language/en-GB/admin/settings/group.json
@@ -3,8 +3,6 @@
 	"private-groups": "Private Groups",
 	"private-groups.help": "If enabled, joining of groups requires the approval of the group owner <em>(Default: enabled)</em>",
 	"private-groups.warning": "<strong>Beware!</strong> If this option is disabled and you have private groups, they automatically become public.",
-	"allow-creation": "Allow Group Creation",
-	"allow-creation-help": "If enabled, users can create groups <em>(Default: disabled)</em>",
 	"allow-multiple-badges-help": "This flag can be used to allow users to select multiple group badges, requires theme support.",
 	"max-name-length": "Maximum Group Name Length",
 	"cover-image": "Group Cover Image",
diff --git a/public/src/modules/helpers.js b/public/src/modules/helpers.js
index de5998469b..d649518949 100644
--- a/public/src/modules/helpers.js
+++ b/public/src/modules/helpers.js
@@ -178,7 +178,7 @@
 			}
 		}
 		return states.map(function (priv) {
-			var guestDisabled = ['groups:moderate', 'groups:posts:upvote', 'groups:posts:downvote', 'groups:local:login'];
+			var guestDisabled = ['groups:moderate', 'groups:posts:upvote', 'groups:posts:downvote', 'groups:local:login', 'groups:group:create'];
 			var spidersEnabled = ['groups:find', 'groups:read', 'groups:topics:read'];
 			var disabled =
 				(member === 'guests' && guestDisabled.includes(priv.name)) ||
diff --git a/src/controllers/groups.js b/src/controllers/groups.js
index 96e6c0bbbb..041ba878df 100644
--- a/src/controllers/groups.js
+++ b/src/controllers/groups.js
@@ -8,6 +8,7 @@ var groups = require('../groups');
 var user = require('../user');
 var helpers = require('./helpers');
 var pagination = require('../pagination');
+var privileges = require('../privileges');
 
 var groupsController = module.exports;
 
@@ -34,12 +35,15 @@ groupsController.getGroupsFromSet = function (uid, sort, start, stop, callback)
 
 	async.waterfall([
 		function (next) {
-			groups.getGroupsFromSet(set, uid, start, stop, next);
+			async.parallel({
+				groupsData: async.apply(groups.getGroupsFromSet, set, uid, start, stop),
+				allowGroupCreation: async.apply(privileges.global.can, 'group:create', uid),
+			}, next);
 		},
-		function (groupsData, next) {
+		function (results, next) {
 			next(null, {
-				groups: groupsData,
-				allowGroupCreation: meta.config.allowGroupCreation,
+				groups: results.groupsData,
+				allowGroupCreation: results.allowGroupCreation,
 				nextStart: stop + 1,
 			});
 		},
diff --git a/src/privileges/global.js b/src/privileges/global.js
index 5d0cb88213..aee98a836d 100644
--- a/src/privileges/global.js
+++ b/src/privileges/global.js
@@ -22,6 +22,7 @@ module.exports = function (privileges) {
 		{ name: '[[admin/manage/privileges:search-users]]' },
 		{ name: '[[admin/manage/privileges:search-tags]]' },
 		{ name: '[[admin/manage/privileges:allow-local-login]]' },
+		{ name: '[[admin/manage/privileges:allow-group-creation]]' },
 	];
 
 	privileges.global.userPrivilegeList = [
@@ -34,6 +35,7 @@ module.exports = function (privileges) {
 		'search:users',
 		'search:tags',
 		'local:login',
+		'group:create',
 	];
 
 	privileges.global.groupPrivilegeList = privileges.global.userPrivilegeList.map(function (privilege) {
diff --git a/src/socket.io/groups.js b/src/socket.io/groups.js
index e4f7a0a985..8301974a7d 100644
--- a/src/socket.io/groups.js
+++ b/src/socket.io/groups.js
@@ -8,6 +8,7 @@ var user = require('../user');
 var utils = require('../utils');
 var groupsController = require('../controllers/groups');
 var events = require('../events');
+var privileges = require('../privileges');
 
 var SocketGroups = module.exports;
 
@@ -238,14 +239,22 @@ SocketGroups.kick = isOwner(function (socket, data, callback) {
 SocketGroups.create = function (socket, data, callback) {
 	if (!socket.uid) {
 		return callback(new Error('[[error:no-privileges]]'));
-	} else if (!meta.config.allowGroupCreation) {
-		return callback(new Error('[[error:group-creation-disabled]]'));
 	} else if (groups.isPrivilegeGroup(data.name)) {
 		return callback(new Error('[[error:invalid-group-name]]'));
 	}
 
-	data.ownerUid = socket.uid;
-	groups.create(data, callback);
+	async.waterfall([
+		function (next) {
+			privileges.global.can('group:create', socket.uid, next);
+		},
+		function (canCreate, next) {
+			if (!canCreate) {
+				return next(new Error('[[error:no-privileges]]'));
+			}
+			data.ownerUid = socket.uid;
+			groups.create(data, next);
+		},
+	], callback);
 };
 
 SocketGroups.delete = isOwner(function (socket, data, callback) {
diff --git a/src/upgrades/1.12.0/group_create_privilege.js b/src/upgrades/1.12.0/group_create_privilege.js
new file mode 100644
index 0000000000..59f45ced84
--- /dev/null
+++ b/src/upgrades/1.12.0/group_create_privilege.js
@@ -0,0 +1,16 @@
+'use strict';
+
+var privileges = require('../../privileges');
+
+module.exports = {
+	name: 'Update category watch data',
+	timestamp: Date.UTC(2019, 0, 4),
+	method: function (callback) {
+		var meta = require('../../meta');
+		if (parseInt(meta.config.allowGroupCreation, 10) === 1) {
+			privileges.global.give(['groups:create'], 'registered-users', callback);
+		} else {
+			setImmediate(callback);
+		}
+	},
+};
diff --git a/src/views/admin/settings/group.tpl b/src/views/admin/settings/group.tpl
index 5319ef5309..d46b664116 100644
--- a/src/views/admin/settings/group.tpl
+++ b/src/views/admin/settings/group.tpl
@@ -18,17 +18,6 @@
 				[[admin/settings/group:private-groups.warning]]
 			</p>
 
-			<div class="checkbox">
-				<label class="mdl-switch mdl-js-switch mdl-js-ripple-effect">
-					<input class="mdl-switch__input" type="checkbox" data-field="allowGroupCreation">
-					<span class="mdl-switch__label"><strong>[[admin/settings/group:allow-creation]]</strong></span>
-				</label>
-			</div>
-
-			<p class="help-block">
-				[[admin/settings/group:allow-creation-help]]
-			</p>
-
 			<div class="checkbox">
 				<label class="mdl-switch mdl-js-switch mdl-js-ripple-effect">
 					<input class="mdl-switch__input" type="checkbox" data-field="allowMultipleBadges">
diff --git a/test/categories.js b/test/categories.js
index 5eae36d1f9..0d904ac853 100644
--- a/test/categories.js
+++ b/test/categories.js
@@ -743,6 +743,7 @@ describe('Categories', function () {
 					'upload:post:file': false,
 					signature: false,
 					'local:login': false,
+					'group:create': false,
 				});
 
 				done();
@@ -787,6 +788,7 @@ describe('Categories', function () {
 					'groups:upload:post:file': false,
 					'groups:signature': true,
 					'groups:local:login': true,
+					'groups:group:create': false,
 				});
 
 				done();
diff --git a/test/groups.js b/test/groups.js
index c247652650..e8c4e3f4a9 100644
--- a/test/groups.js
+++ b/test/groups.js
@@ -985,31 +985,21 @@ describe('Groups', function () {
 		});
 
 		it('should fail to create group if group creation is disabled', function (done) {
-			var oldValue = meta.config.allowGroupCreation;
-			meta.config.allowGroupCreation = 0;
-			socketGroups.create({ uid: 1 }, {}, function (err) {
-				assert.equal(err.message, '[[error:group-creation-disabled]]');
-				meta.config.allowGroupCreation = oldValue;
+			socketGroups.create({ uid: testUid }, {}, function (err) {
+				assert.equal(err.message, '[[error:no-privileges]]');
 				done();
 			});
 		});
 
 		it('should fail to create group if name is privilege group', function (done) {
-			var oldValue = meta.config.allowGroupCreation;
-			meta.config.allowGroupCreation = 1;
 			socketGroups.create({ uid: 1 }, { name: 'cid:1:privileges:groups:find' }, function (err) {
 				assert.equal(err.message, '[[error:invalid-group-name]]');
-				meta.config.allowGroupCreation = oldValue;
 				done();
 			});
 		});
 
-
 		it('should create/update group', function (done) {
-			var oldValue = meta.config.allowGroupCreation;
-			meta.config.allowGroupCreation = 1;
 			socketGroups.create({ uid: adminUid }, { name: 'createupdategroup' }, function (err, groupData) {
-				meta.config.allowGroupCreation = oldValue;
 				assert.ifError(err);
 				assert(groupData);
 				var data = {
@@ -1041,10 +1031,7 @@ describe('Groups', function () {
 		});
 
 		it('should fail to create a group with name guests', function (done) {
-			var oldValue = meta.config.allowGroupCreation;
-			meta.config.allowGroupCreation = 1;
 			socketGroups.create({ uid: adminUid }, { name: 'guests' }, function (err) {
-				meta.config.allowGroupCreation = oldValue;
 				assert.equal(err.message, '[[error:invalid-group-name]]');
 				done();
 			});