Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

refactor: user deletion to use api lib

Browse Source
This commit is contained in:
Julian Lam
2020-10-15 16:49:06 -04:00
parent 77481947f0
commit 430e7f5834
3 changed files with 54 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
src/api/users.js
View File

@@ -1,7 +1,9 @@
'use strict'; 'use strict';
const user = require('../user'); const user = require('../user');
const groups = require('../groups');
const meta = require('../meta'); const meta = require('../meta');
const flags = require('../flags');
const privileges = require('../privileges'); const privileges = require('../privileges');
const events = require('../events'); const events = require('../events');
@@ -60,3 +62,50 @@ usersAPI.update = async function (caller, data) {
await log('username-change', { oldUsername: oldUserData.username, newUsername: userData.username }); await log('username-change', { oldUsername: oldUserData.username, newUsername: userData.username });
} }
}; };
usersAPI.delete = async function (caller, data) {
processDeletion(data.uid, caller);
};
usersAPI.deleteMany = async function (caller, data) {
console.log(data.uids);
if (await canDeleteUids(data.uids)) {
await Promise.all(data.uids.map(uid => processDeletion(uid, caller)));
}
};
async function processDeletion(uid, caller) {
const isTargetAdmin = await user.isAdministrator(uid);
const isSelf = parseInt(uid, 10) === caller.uid;
const isAdmin = await user.isAdministrator(caller.uid);
if (!isSelf && !isAdmin) {
throw new Error('[[error:no-privileges]]');
} else if (!isSelf && isTargetAdmin) {
throw new Error('[[error:cant-delete-other-admins]]');
}
// TODO: clear user tokens for this uid
await flags.resolveFlag('user', uid, caller.uid);
const userData = await user.delete(caller.uid, uid);
await events.log({
type: 'user-delete',
uid: caller.uid,
targetUid: uid,
ip: caller.ip,
username: userData.username,
email: userData.email,
});
}
async function canDeleteUids(uids) {
if (!Array.isArray(uids)) {
throw new Error('[[error:invalid-data]]');
}
const isMembers = await groups.isMembers(uids, 'administrators');
if (isMembers.includes(true)) {
throw new Error('[[error:cant-delete-other-admins]]');
}
return true;
}

44
src/controllers/write/users.js
View File

@@ -2,7 +2,6 @@
const api = require('../../api'); const api = require('../../api');
const user = require('../../user'); const user = require('../../user');
const groups = require('../../groups');
const plugins = require('../../plugins'); const plugins = require('../../plugins');
const privileges = require('../../privileges'); const privileges = require('../../privileges');
const notifications = require('../../notifications'); const notifications = require('../../notifications');
@@ -24,57 +23,20 @@ Users.create = async (req, res) => {
}; };
Users.update = async (req, res) => { Users.update = async (req, res) => {
const userObj = await api.users.update(req, { ...req.body, ...req.params }); const userObj = await api.users.update(req, { ...req.body, uid: req.params.uid });
helpers.formatApiResponse(200, res, userObj); helpers.formatApiResponse(200, res, userObj);
}; };
Users.delete = async (req, res) => { Users.delete = async (req, res) => {
processDeletion(req.params.uid, req, res); await api.users.delete(req, req.params);
helpers.formatApiResponse(200, res); helpers.formatApiResponse(200, res);
}; };
Users.deleteMany = async (req, res) => { Users.deleteMany = async (req, res) => {
if (await canDeleteUids(req.body.uids, res)) { await api.users.deleteMany(req, req.body);
await Promise.all(req.body.uids.map(uid => processDeletion(uid, req, res)));
helpers.formatApiResponse(200, res); helpers.formatApiResponse(200, res);
}
}; };
async function canDeleteUids(uids, res) {
if (!Array.isArray(uids)) {
helpers.formatApiResponse(400, res, new Error('[[error:invalid-data]]'));
return false;
}
const isMembers = await groups.isMembers(uids, 'administrators');
if (isMembers.includes(true)) {
helpers.formatApiResponse(403, res, new Error('[[error:cant-delete-other-admins]]'));
return false;
}
return true;
}
async function processDeletion(uid, req, res) {
const isTargetAdmin = await user.isAdministrator(uid);
if (!res.locals.privileges.isSelf && !res.locals.privileges.isAdmin) {
return helpers.formatApiResponse(403, res);
} else if (!res.locals.privileges.isSelf && isTargetAdmin) {
return helpers.formatApiResponse(403, res, new Error('[[error:cant-delete-other-admins]]'));
}
// TODO: clear user tokens for this uid
await flags.resolveFlag('user', uid, req.user.uid);
const userData = await user.delete(req.user.uid, uid);
await events.log({
type: 'user-delete',
uid: req.user.uid,
targetUid: uid,
ip: req.ip,
username: userData.username,
email: userData.email,
});
}
Users.changePassword = async (req, res) => { Users.changePassword = async (req, res) => {
req.body.uid = req.params.uid; req.body.uid = req.params.uid;
await user.changePassword(req.user.uid, Object.assign(req.body, { ip: req.ip })); await user.changePassword(req.user.uid, Object.assign(req.body, { ip: req.ip }));

6
src/socket.io/admin/user.js
View File

@@ -140,11 +140,7 @@ User.deleteUsersContent = async function (socket, uids) {
User.deleteUsersAndContent = async function (socket, uids) { User.deleteUsersAndContent = async function (socket, uids) {
sockets.warnDeprecated(socket, 'DELETE /api/v3/users or DELETE /api/v3/users/:uid'); sockets.warnDeprecated(socket, 'DELETE /api/v3/users or DELETE /api/v3/users/:uid');
await api.users.deleteMany(socket, { uids });
await canDeleteUids(uids);
deleteUsers(socket, uids, async function (uid) {
return await user.delete(socket.uid, uid);
});
}; };
async function canDeleteUids(uids) { async function canDeleteUids(uids) {