Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #8933

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2020-11-23 17:01:36 -05:00
parent 6e5ec3f895
commit 2b73a14e42
1 changed files with 21 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
src/socket.io/groups.js
View File

@@ -4,6 +4,7 @@ const groups = require('../groups');
const user = require('../user');
const utils = require('../utils');
const events = require('../events');
const privileges = require('../privileges');
const api = require('../api');
const sockets = require('.');
@@ -241,12 +242,11 @@ SocketGroups.loadMore = async (socket, data) => {
};
SocketGroups.searchMembers = async (socket, data) => {
const [isOwner, isMember, isAdmin] = await Promise.all([
groups.ownership.isOwner(socket.uid, data.groupName),
groups.isMember(socket.uid, data.groupName),
user.isAdministrator(socket.uid),
]);
if (!isOwner && !isMember && !isAdmin) {
if (!data.groupName) {
throw new Error('[[error:invalid-data]]');
}
await canSearchMembers(socket.uid, data.groupName);
if (!await privileges.global.can('search:users', socket.uid)) {
throw new Error('[[error:no-privileges]]');
}
return await groups.searchMembers({
@@ -260,18 +260,7 @@ SocketGroups.loadMoreMembers = async (socket, data) => {
if (!data.groupName || !utils.isNumber(data.after) || parseInt(data.after, 10) < 0) {
throw new Error('[[error:invalid-data]]');
}
const [isHidden, isAdmin, isGlobalMod] = await Promise.all([
groups.isHidden(data.groupName),
user.isAdministrator(socket.uid),
user.isGlobalModerator(socket.uid),
]);
if (isHidden && !isAdmin && !isGlobalMod) {
const isMember = await groups.isMember(socket.uid, data.groupName);
if (!isMember) {
throw new Error('[[error:no-privileges]]');
}
}
await canSearchMembers(socket.uid, data.groupName);
data.after = parseInt(data.after, 10);
const users = await groups.getOwnersAndMembers(data.groupName, socket.uid, data.after, data.after + 9);
return {
@@ -280,6 +269,20 @@ SocketGroups.loadMoreMembers = async (socket, data) => {
};
};
async function canSearchMembers(uid, groupName) {
const [isHidden, isMember, isAdmin, isGlobalMod, viewGroups] = await Promise.all([
groups.isHidden(groupName),
groups.isMember(uid, groupName),
user.isAdministrator(uid),
user.isGlobalModerator(uid),
privileges.global.can('view:groups', uid),
]);
if (!viewGroups || (isHidden && !isMember && !isAdmin && !isGlobalMod)) {
throw new Error('[[error:no-privileges]]');
}
}
SocketGroups.cover = {};
SocketGroups.cover.update = async (socket, data) => {