From bfaf648ec3a7def09a99f65be9b44173a728f33c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Thu, 13 Aug 2020 14:56:58 -0400
Subject: [PATCH] fix: #8556, catch errors from admin check

---
 src/socket.io/admin/user.js | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/src/socket.io/admin/user.js b/src/socket.io/admin/user.js
index d728475414..29d33d1007 100644
--- a/src/socket.io/admin/user.js
+++ b/src/socket.io/admin/user.js
@@ -122,32 +122,27 @@ User.forcePasswordReset = async function (socket, uids) {
 };
 
 User.deleteUsers = async function (socket, uids) {
+	await canDeleteUids(uids);
 	deleteUsers(socket, uids, async function (uid) {
 		return await user.deleteAccount(uid);
 	});
 };
 
 User.deleteUsersContent = async function (socket, uids) {
-	if (!Array.isArray(uids)) {
-		throw new Error('[[error:invalid-data]]');
-	}
-	const isMembers = await groups.isMembers(uids, 'administrators');
-	if (isMembers.includes(true)) {
-		throw new Error('[[error:cant-delete-other-admins]]');
-	}
-
+	await canDeleteUids(uids);
 	await Promise.all(uids.map(async (uid) => {
 		await user.deleteContent(socket.uid, uid);
 	}));
 };
 
 User.deleteUsersAndContent = async function (socket, uids) {
+	await canDeleteUids(uids);
 	deleteUsers(socket, uids, async function (uid) {
 		return await user.delete(socket.uid, uid);
 	});
 };
 
-async function deleteUsers(socket, uids, method) {
+async function canDeleteUids(uids) {
 	if (!Array.isArray(uids)) {
 		throw new Error('[[error:invalid-data]]');
 	}
@@ -155,6 +150,9 @@ async function deleteUsers(socket, uids, method) {
 	if (isMembers.includes(true)) {
 		throw new Error('[[error:cant-delete-other-admins]]');
 	}
+}
+
+async function deleteUsers(socket, uids, method) {
 	async function doDelete(uid) {
 		await flags.resolveFlag('user', uid, socket.uid);
 		const userData = await method(uid);