From b879b6a0c2b35cb76cf4d559c00a3f456cb74c53 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Wed, 12 Oct 2022 10:02:45 -0400
Subject: [PATCH] fix: use admin:groups priv for groups (#10960)

---
 src/api/groups.js       |  6 +++---
 src/socket.io/groups.js | 22 ++++++++++++----------
 2 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/src/api/groups.js b/src/api/groups.js
index 36f11471d2..9e6aa30d0b 100644
--- a/src/api/groups.js
+++ b/src/api/groups.js
@@ -215,14 +215,14 @@ async function isOwner(caller, groupName) {
 	if (typeof groupName !== 'string') {
 		throw new Error('[[error:invalid-group-name]]');
 	}
-	const [isAdmin, isGlobalModerator, isOwner, group] = await Promise.all([
-		user.isAdministrator(caller.uid),
+	const [hasAdminPrivilege, isGlobalModerator, isOwner, group] = await Promise.all([
+		privileges.admin.can('admin:groups', caller.uid),
 		user.isGlobalModerator(caller.uid),
 		groups.ownership.isOwner(caller.uid, groupName),
 		groups.getGroupData(groupName),
 	]);
 
-	const check = isOwner || isAdmin || (isGlobalModerator && !group.system);
+	const check = isOwner || hasAdminPrivilege || (isGlobalModerator && !group.system);
 	if (!check) {
 		throw new Error('[[error:no-privileges]]');
 	}
diff --git a/src/socket.io/groups.js b/src/socket.io/groups.js
index 7e7c93d859..3b6f30a38d 100644
--- a/src/socket.io/groups.js
+++ b/src/socket.io/groups.js
@@ -42,13 +42,15 @@ async function isOwner(socket, data) {
 		throw new Error('[[error:invalid-group-name]]');
 	}
 	const results = await utils.promiseParallel({
-		isAdmin: await user.isAdministrator(socket.uid),
-		isGlobalModerator: await user.isGlobalModerator(socket.uid),
-		isOwner: await groups.ownership.isOwner(socket.uid, data.groupName),
-		group: await groups.getGroupData(data.groupName),
+		hasAdminPrivilege: privileges.admin.can('admin:groups', socket.uid),
+		isGlobalModerator: user.isGlobalModerator(socket.uid),
+		isOwner: groups.ownership.isOwner(socket.uid, data.groupName),
+		group: groups.getGroupData(data.groupName),
 	});
 
-	const isOwner = results.isOwner || results.isAdmin || (results.isGlobalModerator && !results.group.system);
+	const isOwner = results.isOwner ||
+		results.hasAdminPrivilege ||
+		(results.isGlobalModerator && !results.group.system);
 	if (!isOwner) {
 		throw new Error('[[error:no-privileges]]');
 	}
@@ -220,15 +222,15 @@ SocketGroups.loadMoreMembers = async (socket, data) => {
 };
 
 async function canSearchMembers(uid, groupName) {
-	const [isHidden, isMember, isAdmin, isGlobalMod, viewGroups] = await Promise.all([
+	const [isHidden, isMember, hasAdminPrivilege, isGlobalMod, viewGroups] = await Promise.all([
 		groups.isHidden(groupName),
 		groups.isMember(uid, groupName),
-		user.isAdministrator(uid),
+		privileges.admin.can('admin:groups', uid),
 		user.isGlobalModerator(uid),
 		privileges.global.can('view:groups', uid),
 	]);
 
-	if (!viewGroups || (isHidden && !isMember && !isAdmin && !isGlobalMod)) {
+	if (!viewGroups || (isHidden && !isMember && !hasAdminPrivilege && !isGlobalMod)) {
 		throw new Error('[[error:no-privileges]]');
 	}
 }
@@ -268,11 +270,11 @@ async function canModifyGroup(uid, groupName) {
 	const results = await utils.promiseParallel({
 		isOwner: groups.ownership.isOwner(uid, groupName),
 		system: groups.getGroupField(groupName, 'system'),
-		isAdmin: user.isAdministrator(uid),
+		hasAdminPrivilege: privileges.admin.can('admin:groups', uid),
 		isGlobalMod: user.isGlobalModerator(uid),
 	});
 
-	if (!(results.isOwner || results.isAdmin || (results.isGlobalMod && !results.system))) {
+	if (!(results.isOwner || results.hasAdminPrivilege || (results.isGlobalMod && !results.system))) {
 		throw new Error('[[error:no-privileges]]');
 	}
 }