Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 08:36:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #8933

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2020-11-23 17:01:36 -05:00
parent 6e5ec3f895
commit 2b73a14e42
1 changed files with 21 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/socket.io/groups.js
View File

@@ -4,6 +4,7 @@ const groups = require('../groups');
const user = require('../user'); const user = require('../user');
const utils = require('../utils'); const utils = require('../utils');
const events = require('../events'); const events = require('../events');
const privileges = require('../privileges');
const api = require('../api'); const api = require('../api');
const sockets = require('.'); const sockets = require('.');
@@ -241,12 +242,11 @@ SocketGroups.loadMore = async (socket, data) => {
}; };
SocketGroups.searchMembers = async (socket, data) => { SocketGroups.searchMembers = async (socket, data) => {
const [isOwner, isMember, isAdmin] = await Promise.all([ if (!data.groupName) {
groups.ownership.isOwner(socket.uid, data.groupName), throw new Error('[[error:invalid-data]]');
groups.isMember(socket.uid, data.groupName), }
user.isAdministrator(socket.uid), await canSearchMembers(socket.uid, data.groupName);
]); if (!await privileges.global.can('search:users', socket.uid)) {
if (!isOwner && !isMember && !isAdmin) {
throw new Error('[[error:no-privileges]]'); throw new Error('[[error:no-privileges]]');
} }
return await groups.searchMembers({ return await groups.searchMembers({
@@ -260,18 +260,7 @@ SocketGroups.loadMoreMembers = async (socket, data) => {
if (!data.groupName || !utils.isNumber(data.after) || parseInt(data.after, 10) < 0) { if (!data.groupName || !utils.isNumber(data.after) || parseInt(data.after, 10) < 0) {
throw new Error('[[error:invalid-data]]'); throw new Error('[[error:invalid-data]]');
} }
const [isHidden, isAdmin, isGlobalMod] = await Promise.all([ await canSearchMembers(socket.uid, data.groupName);
groups.isHidden(data.groupName),
user.isAdministrator(socket.uid),
user.isGlobalModerator(socket.uid),
]);
if (isHidden && !isAdmin && !isGlobalMod) {
const isMember = await groups.isMember(socket.uid, data.groupName);
if (!isMember) {
throw new Error('[[error:no-privileges]]');
}
}
data.after = parseInt(data.after, 10); data.after = parseInt(data.after, 10);
const users = await groups.getOwnersAndMembers(data.groupName, socket.uid, data.after, data.after + 9); const users = await groups.getOwnersAndMembers(data.groupName, socket.uid, data.after, data.after + 9);
return { return {
@@ -280,6 +269,20 @@ SocketGroups.loadMoreMembers = async (socket, data) => {
}; };
}; };
async function canSearchMembers(uid, groupName) {
const [isHidden, isMember, isAdmin, isGlobalMod, viewGroups] = await Promise.all([
groups.isHidden(groupName),
groups.isMember(uid, groupName),
user.isAdministrator(uid),
user.isGlobalModerator(uid),
privileges.global.can('view:groups', uid),
]);
if (!viewGroups || (isHidden && !isMember && !isAdmin && !isGlobalMod)) {
throw new Error('[[error:no-privileges]]');
}
}
SocketGroups.cover = {}; SocketGroups.cover = {};
SocketGroups.cover.update = async (socket, data) => { SocketGroups.cover.update = async (socket, data) => {