Skip to content

Commit

Permalink
fix: allow admins adding users to global moderators
Browse files Browse the repository at this point in the history
add new test
  • Loading branch information
barisusakli committed Oct 20, 2020
1 parent bbafa1b commit 1f43e98
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 6 deletions.
13 changes: 8 additions & 5 deletions src/api/groups.js
Original file line number Diff line number Diff line change
Expand Up @@ -54,19 +54,21 @@ groupsAPI.join = async function (caller, data) {
throw new Error('[[error:invalid-uid]]');
}

const isSelf = parseInt(caller.uid, 10) === parseInt(data.uid, 10);
const groupName = await groups.getGroupNameByGroupSlug(data.slug);
if (!groupName) {
throw new Error('[[error:no-group]]');
}

if (groups.systemGroups.includes(groupName) || groups.isPrivilegeGroup(groupName)) {
const isCallerAdmin = await user.isAdministrator(caller.uid);
if (!isCallerAdmin && (
groups.systemGroups.includes(groupName) ||
groups.isPrivilegeGroup(groupName)
)) {
throw new Error('[[error:not-allowed]]');
}

const [groupData, isCallerAdmin, isCallerOwner, userExists] = await Promise.all([
const [groupData, isCallerOwner, userExists] = await Promise.all([
groups.getGroupData(groupName),
user.isAdministrator(caller.uid),
groups.ownership.isOwner(caller.uid, groupName),
user.exists(data.uid),
]);
Expand All @@ -75,6 +77,7 @@ groupsAPI.join = async function (caller, data) {
throw new Error('[[error:invalid-uid]]');
}

const isSelf = parseInt(caller.uid, 10) === parseInt(data.uid, 10);
if (!meta.config.allowPrivateGroups && isSelf) {
// all groups are public!
await groups.join(groupName, data.uid);
Expand All @@ -85,7 +88,7 @@ groupsAPI.join = async function (caller, data) {
return;
}

if (groupData.private && groupData.disableJoinRequests) {
if (isSelf && groupData.private && groupData.disableJoinRequests) {
throw new Error('[[error:group-join-disabled]]');
}

Expand Down
9 changes: 8 additions & 1 deletion test/groups.js
Original file line number Diff line number Diff line change
Expand Up @@ -655,6 +655,13 @@ describe('Groups', function () {
});
});

it('should add user to Global Moderators group', async function () {
const uid = await User.create({ username: 'glomod' });
await socketGroups.join({ uid: adminUid }, { groupName: 'Global Moderators', uid: uid });
const isGlobalMod = await User.isGlobalModerator(uid);
assert.strictEqual(isGlobalMod, true);
});

it('should add user to multiple groups', function (done) {
var groupNames = ['test-hidden1', 'Test', 'test-hidden2', 'empty group'];
Groups.create({ name: 'empty group' }, function (err) {
Expand Down Expand Up @@ -804,7 +811,7 @@ describe('Groups', function () {
});

it('should return error if group name is special', function (done) {
socketGroups.join({ uid: adminUid }, { groupName: 'administrators' }, function (err) {
socketGroups.join({ uid: testUid }, { groupName: 'administrators' }, function (err) {
assert.equal(err.message, '[[error:not-allowed]]');
done();
});
Expand Down

0 comments on commit 1f43e98

Please sign in to comment.