Skip to content

Commit

Permalink
refactor: user deletion to use api lib
Browse files Browse the repository at this point in the history
  • Loading branch information
julianlam committed Oct 15, 2020
1 parent 7748194 commit 430e7f5
Show file tree
Hide file tree
Showing 3 changed files with 54 additions and 47 deletions.
49 changes: 49 additions & 0 deletions src/api/users.js
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
'use strict';

const user = require('../user');
const groups = require('../groups');
const meta = require('../meta');
const flags = require('../flags');
const privileges = require('../privileges');
const events = require('../events');

Expand Down Expand Up @@ -60,3 +62,50 @@ usersAPI.update = async function (caller, data) {
await log('username-change', { oldUsername: oldUserData.username, newUsername: userData.username });
}
};

usersAPI.delete = async function (caller, data) {
processDeletion(data.uid, caller);
};

usersAPI.deleteMany = async function (caller, data) {
console.log(data.uids);
if (await canDeleteUids(data.uids)) {
await Promise.all(data.uids.map(uid => processDeletion(uid, caller)));
}
};

async function processDeletion(uid, caller) {
const isTargetAdmin = await user.isAdministrator(uid);
const isSelf = parseInt(uid, 10) === caller.uid;
const isAdmin = await user.isAdministrator(caller.uid);

if (!isSelf && !isAdmin) {
throw new Error('[[error:no-privileges]]');
} else if (!isSelf && isTargetAdmin) {
throw new Error('[[error:cant-delete-other-admins]]');
}

// TODO: clear user tokens for this uid
await flags.resolveFlag('user', uid, caller.uid);
const userData = await user.delete(caller.uid, uid);
await events.log({
type: 'user-delete',
uid: caller.uid,
targetUid: uid,
ip: caller.ip,
username: userData.username,
email: userData.email,
});
}

async function canDeleteUids(uids) {
if (!Array.isArray(uids)) {
throw new Error('[[error:invalid-data]]');
}
const isMembers = await groups.isMembers(uids, 'administrators');
if (isMembers.includes(true)) {
throw new Error('[[error:cant-delete-other-admins]]');
}

return true;
}
46 changes: 4 additions & 42 deletions src/controllers/write/users.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

const api = require('../../api');
const user = require('../../user');
const groups = require('../../groups');
const plugins = require('../../plugins');
const privileges = require('../../privileges');
const notifications = require('../../notifications');
Expand All @@ -24,57 +23,20 @@ Users.create = async (req, res) => {
};

Users.update = async (req, res) => {
const userObj = await api.users.update(req, { ...req.body, ...req.params });
const userObj = await api.users.update(req, { ...req.body, uid: req.params.uid });
helpers.formatApiResponse(200, res, userObj);
};

Users.delete = async (req, res) => {
processDeletion(req.params.uid, req, res);
await api.users.delete(req, req.params);
helpers.formatApiResponse(200, res);
};

Users.deleteMany = async (req, res) => {
if (await canDeleteUids(req.body.uids, res)) {
await Promise.all(req.body.uids.map(uid => processDeletion(uid, req, res)));
helpers.formatApiResponse(200, res);
}
await api.users.deleteMany(req, req.body);
helpers.formatApiResponse(200, res);
};

async function canDeleteUids(uids, res) {
if (!Array.isArray(uids)) {
helpers.formatApiResponse(400, res, new Error('[[error:invalid-data]]'));
return false;
}
const isMembers = await groups.isMembers(uids, 'administrators');
if (isMembers.includes(true)) {
helpers.formatApiResponse(403, res, new Error('[[error:cant-delete-other-admins]]'));
return false;
}

return true;
}

async function processDeletion(uid, req, res) {
const isTargetAdmin = await user.isAdministrator(uid);
if (!res.locals.privileges.isSelf && !res.locals.privileges.isAdmin) {
return helpers.formatApiResponse(403, res);
} else if (!res.locals.privileges.isSelf && isTargetAdmin) {
return helpers.formatApiResponse(403, res, new Error('[[error:cant-delete-other-admins]]'));
}

// TODO: clear user tokens for this uid
await flags.resolveFlag('user', uid, req.user.uid);
const userData = await user.delete(req.user.uid, uid);
await events.log({
type: 'user-delete',
uid: req.user.uid,
targetUid: uid,
ip: req.ip,
username: userData.username,
email: userData.email,
});
}

Users.changePassword = async (req, res) => {
req.body.uid = req.params.uid;
await user.changePassword(req.user.uid, Object.assign(req.body, { ip: req.ip }));
Expand Down
6 changes: 1 addition & 5 deletions src/socket.io/admin/user.js
Original file line number Diff line number Diff line change
Expand Up @@ -140,11 +140,7 @@ User.deleteUsersContent = async function (socket, uids) {

User.deleteUsersAndContent = async function (socket, uids) {
sockets.warnDeprecated(socket, 'DELETE /api/v3/users or DELETE /api/v3/users/:uid');

await canDeleteUids(uids);
deleteUsers(socket, uids, async function (uid) {
return await user.delete(socket.uid, uid);
});
await api.users.deleteMany(socket, { uids });
};

async function canDeleteUids(uids) {
Expand Down

0 comments on commit 430e7f5

Please sign in to comment.