fix: restrict getUsersInRoom to members

This commit is contained in:
Barış Soner Uşaklı
2020-01-22 11:46:26 -05:00
parent 236a173009
commit 1f13ab8a19
2 changed files with 19 additions and 3 deletions

View File

@@ -113,11 +113,14 @@ SocketModules.chats.getUsersInRoom = async function (socket, data) {
if (!data || !data.roomId) {
throw new Error('[[error:invalid-data]]');
}
const [userData, isOwner] = await Promise.all([
Messaging.getUsersInRoom(data.roomId, 0, -1),
const [isUserInRoom, isOwner, userData] = await Promise.all([
Messaging.isUserInRoom(socket.uid, data.roomId),
Messaging.isRoomOwner(socket.uid, data.roomId),
Messaging.getUsersInRoom(data.roomId, 0, -1),
]);
if (!isUserInRoom) {
throw new Error('[[error:no-privileges]]');
}
userData.forEach((user) => {
user.canKick = (parseInt(user.uid, 10) !== parseInt(socket.uid, 10)) && isOwner;
});

View File

@@ -150,6 +150,19 @@ describe('Messaging Library', function () {
});
});
it('should get users in room', async function () {
const data = await socketModules.chats.getUsersInRoom({ uid: fooUid }, { roomId: roomId });
assert(Array.isArray(data) && data.length === 3);
});
it('should throw error if user is not in room', async function () {
try {
const data = await socketModules.chats.getUsersInRoom({ uid: 123123123 }, { roomId: roomId });
} catch (err) {
assert.equal(err.message, '[[error:no-privileges]]');
}
});
it('should fail to add users to room if max is reached', function (done) {
meta.config.maximumUsersInChatRoom = 2;
socketModules.chats.addUserToRoom({ uid: fooUid }, { roomId: roomId, username: 'test' }, function (err) {