mirror of
				https://github.com/NodeBB/NodeBB.git
				synced 2025-10-26 16:46:12 +01:00 
			
		
		
		
	fix: allow admins adding users to global moderators
add new test
This commit is contained in:
		| @@ -54,19 +54,21 @@ groupsAPI.join = async function (caller, data) { | |||||||
| 		throw new Error('[[error:invalid-uid]]'); | 		throw new Error('[[error:invalid-uid]]'); | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	const isSelf = parseInt(caller.uid, 10) === parseInt(data.uid, 10); |  | ||||||
| 	const groupName = await groups.getGroupNameByGroupSlug(data.slug); | 	const groupName = await groups.getGroupNameByGroupSlug(data.slug); | ||||||
| 	if (!groupName) { | 	if (!groupName) { | ||||||
| 		throw new Error('[[error:no-group]]'); | 		throw new Error('[[error:no-group]]'); | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	if (groups.systemGroups.includes(groupName) || groups.isPrivilegeGroup(groupName)) { | 	const isCallerAdmin = await user.isAdministrator(caller.uid); | ||||||
|  | 	if (!isCallerAdmin && ( | ||||||
|  | 		groups.systemGroups.includes(groupName) || | ||||||
|  | 		groups.isPrivilegeGroup(groupName) | ||||||
|  | 	)) { | ||||||
| 		throw new Error('[[error:not-allowed]]'); | 		throw new Error('[[error:not-allowed]]'); | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	const [groupData, isCallerAdmin, isCallerOwner, userExists] = await Promise.all([ | 	const [groupData, isCallerOwner, userExists] = await Promise.all([ | ||||||
| 		groups.getGroupData(groupName), | 		groups.getGroupData(groupName), | ||||||
| 		user.isAdministrator(caller.uid), |  | ||||||
| 		groups.ownership.isOwner(caller.uid, groupName), | 		groups.ownership.isOwner(caller.uid, groupName), | ||||||
| 		user.exists(data.uid), | 		user.exists(data.uid), | ||||||
| 	]); | 	]); | ||||||
| @@ -75,6 +77,7 @@ groupsAPI.join = async function (caller, data) { | |||||||
| 		throw new Error('[[error:invalid-uid]]'); | 		throw new Error('[[error:invalid-uid]]'); | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
|  | 	const isSelf = parseInt(caller.uid, 10) === parseInt(data.uid, 10); | ||||||
| 	if (!meta.config.allowPrivateGroups && isSelf) { | 	if (!meta.config.allowPrivateGroups && isSelf) { | ||||||
| 		// all groups are public! | 		// all groups are public! | ||||||
| 		await groups.join(groupName, data.uid); | 		await groups.join(groupName, data.uid); | ||||||
| @@ -85,7 +88,7 @@ groupsAPI.join = async function (caller, data) { | |||||||
| 		return; | 		return; | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	if (groupData.private && groupData.disableJoinRequests) { | 	if (isSelf && groupData.private && groupData.disableJoinRequests) { | ||||||
| 		throw new Error('[[error:group-join-disabled]]'); | 		throw new Error('[[error:group-join-disabled]]'); | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
|   | |||||||
| @@ -655,6 +655,13 @@ describe('Groups', function () { | |||||||
| 			}); | 			}); | ||||||
| 		}); | 		}); | ||||||
|  |  | ||||||
|  | 		it('should add user to Global Moderators group', async function () { | ||||||
|  | 			const uid = await User.create({ username: 'glomod' }); | ||||||
|  | 			await socketGroups.join({ uid: adminUid }, { groupName: 'Global Moderators', uid: uid }); | ||||||
|  | 			const isGlobalMod = await User.isGlobalModerator(uid); | ||||||
|  | 			assert.strictEqual(isGlobalMod, true); | ||||||
|  | 		}); | ||||||
|  |  | ||||||
| 		it('should add user to multiple groups', function (done) { | 		it('should add user to multiple groups', function (done) { | ||||||
| 			var groupNames = ['test-hidden1', 'Test', 'test-hidden2', 'empty group']; | 			var groupNames = ['test-hidden1', 'Test', 'test-hidden2', 'empty group']; | ||||||
| 			Groups.create({ name: 'empty group' }, function (err) { | 			Groups.create({ name: 'empty group' }, function (err) { | ||||||
| @@ -804,7 +811,7 @@ describe('Groups', function () { | |||||||
| 		}); | 		}); | ||||||
|  |  | ||||||
| 		it('should return error if group name is special', function (done) { | 		it('should return error if group name is special', function (done) { | ||||||
| 			socketGroups.join({ uid: adminUid }, { groupName: 'administrators' }, function (err) { | 			socketGroups.join({ uid: testUid }, { groupName: 'administrators' }, function (err) { | ||||||
| 				assert.equal(err.message, '[[error:not-allowed]]'); | 				assert.equal(err.message, '[[error:not-allowed]]'); | ||||||
| 				done(); | 				done(); | ||||||
| 			}); | 			}); | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user