Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-29 01:56:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: restrict getUsersInRoom to members

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2020-01-22 11:46:26 -05:00
parent 236a173009
commit 1f13ab8a19
2 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/socket.io/modules.js
View File

@@ -113,11 +113,14 @@ SocketModules.chats.getUsersInRoom = async function (socket, data) {
if (!data || !data.roomId) {
throw new Error('[[error:invalid-data]]');
}
const [userData, isOwner] = await Promise.all([
Messaging.getUsersInRoom(data.roomId, 0, -1),
const [isUserInRoom, isOwner, userData] = await Promise.all([
Messaging.isUserInRoom(socket.uid, data.roomId),
Messaging.isRoomOwner(socket.uid, data.roomId),
Messaging.getUsersInRoom(data.roomId, 0, -1),
]);
if (!isUserInRoom) {
throw new Error('[[error:no-privileges]]');
}
userData.forEach((user) => {
user.canKick = (parseInt(user.uid, 10) !== parseInt(socket.uid, 10)) && isOwner;
});