hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

dont allow deletion of administrators and registered-users

Browse Source
v1.18.x
barisusakli 10 years ago
parent d00e08a8e6
commit b8028ccdbf
1 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File

19
src/socket.io/groups.js
Unescape Escape View File

@ -139,8 +139,8 @@ SocketGroups.acceptInvite = function(socket, data, callback) {
} }
groups.isInvited(socket.uid, data.groupName, function(err, invited) { groups.isInvited(socket.uid, data.groupName, function(err, invited) {
if (!invited) { if (err || !invited) {
return callback(new Error('[[error:no-privileges]]')); return callback(err || new Error('[[error:no-privileges]]'));
} }
groups.acceptMembership(data.groupName, socket.uid, callback); groups.acceptMembership(data.groupName, socket.uid, callback);
@ -153,8 +153,8 @@ SocketGroups.rejectInvite = function(socket, data, callback) {
} }
groups.isInvited(socket.uid, data.groupName, function(err, invited) { groups.isInvited(socket.uid, data.groupName, function(err, invited) {
if (!invited) { if (err || !invited) {
return callback(new Error('[[error:no-privileges]]')); return callback(err || new Error('[[error:no-privileges]]'));
} }
groups.rejectMembership(data.groupName, socket.uid, callback); groups.rejectMembership(data.groupName, socket.uid, callback);
@ -167,8 +167,8 @@ SocketGroups.update = function(socket, data, callback) {
} }
groups.ownership.isOwner(socket.uid, data.groupName, function(err, isOwner) { groups.ownership.isOwner(socket.uid, data.groupName, function(err, isOwner) {
if (!isOwner) { if (err || !isOwner) {
return callback(new Error('[[error:no-privileges]]')); return callback(err || new Error('[[error:no-privileges]]'));
} }
groups.update(data.groupName, data.values, callback); groups.update(data.groupName, data.values, callback);
@ -194,12 +194,19 @@ SocketGroups.delete = function(socket, data, callback) {
return callback(new Error('[[error:invalid-data]]')); return callback(new Error('[[error:invalid-data]]'));
} }
if (data.groupName === 'administrators' || data.groupName === 'registered-users') {
return callback(new Error('[[error:not-allowed]]'));
}
var tasks = { var tasks = {
isOwner: async.apply(groups.ownership.isOwner, socket.uid, data.groupName), isOwner: async.apply(groups.ownership.isOwner, socket.uid, data.groupName),
isAdmin: async.apply(user.isAdministrator, socket.uid) isAdmin: async.apply(user.isAdministrator, socket.uid)
}; };
async.parallel(tasks, function(err, checks) { async.parallel(tasks, function(err, checks) {
if (err) {
return callback(err);
}
if (!checks.isOwner && !checks.isAdmin) { if (!checks.isOwner && !checks.isAdmin) {
return callback(new Error('[[error:no-privileges]]')); return callback(new Error('[[error:no-privileges]]'));
} }

Write Preview
Loading…
Cancel
Save