mirror of
				https://github.com/NodeBB/NodeBB.git
				synced 2025-10-26 08:36:12 +01:00 
			
		
		
		
	refactor: user deletion to use api lib
This commit is contained in:
		| @@ -1,7 +1,9 @@ | |||||||
| 'use strict'; | 'use strict'; | ||||||
|  |  | ||||||
| const user = require('../user'); | const user = require('../user'); | ||||||
|  | const groups = require('../groups'); | ||||||
| const meta = require('../meta'); | const meta = require('../meta'); | ||||||
|  | const flags = require('../flags'); | ||||||
| const privileges = require('../privileges'); | const privileges = require('../privileges'); | ||||||
| const events = require('../events'); | const events = require('../events'); | ||||||
|  |  | ||||||
| @@ -60,3 +62,50 @@ usersAPI.update = async function (caller, data) { | |||||||
| 		await log('username-change', { oldUsername: oldUserData.username, newUsername: userData.username }); | 		await log('username-change', { oldUsername: oldUserData.username, newUsername: userData.username }); | ||||||
| 	} | 	} | ||||||
| }; | }; | ||||||
|  |  | ||||||
|  | usersAPI.delete = async function (caller, data) { | ||||||
|  | 	processDeletion(data.uid, caller); | ||||||
|  | }; | ||||||
|  |  | ||||||
|  | usersAPI.deleteMany = async function (caller, data) { | ||||||
|  | 	console.log(data.uids); | ||||||
|  | 	if (await canDeleteUids(data.uids)) { | ||||||
|  | 		await Promise.all(data.uids.map(uid => processDeletion(uid, caller))); | ||||||
|  | 	} | ||||||
|  | }; | ||||||
|  |  | ||||||
|  | async function processDeletion(uid, caller) { | ||||||
|  | 	const isTargetAdmin = await user.isAdministrator(uid); | ||||||
|  | 	const isSelf = parseInt(uid, 10) === caller.uid; | ||||||
|  | 	const isAdmin = await user.isAdministrator(caller.uid); | ||||||
|  |  | ||||||
|  | 	if (!isSelf && !isAdmin) { | ||||||
|  | 		throw new Error('[[error:no-privileges]]'); | ||||||
|  | 	} else if (!isSelf && isTargetAdmin) { | ||||||
|  | 		throw new Error('[[error:cant-delete-other-admins]]'); | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	// TODO: clear user tokens for this uid | ||||||
|  | 	await flags.resolveFlag('user', uid, caller.uid); | ||||||
|  | 	const userData = await user.delete(caller.uid, uid); | ||||||
|  | 	await events.log({ | ||||||
|  | 		type: 'user-delete', | ||||||
|  | 		uid: caller.uid, | ||||||
|  | 		targetUid: uid, | ||||||
|  | 		ip: caller.ip, | ||||||
|  | 		username: userData.username, | ||||||
|  | 		email: userData.email, | ||||||
|  | 	}); | ||||||
|  | } | ||||||
|  |  | ||||||
|  | async function canDeleteUids(uids) { | ||||||
|  | 	if (!Array.isArray(uids)) { | ||||||
|  | 		throw new Error('[[error:invalid-data]]'); | ||||||
|  | 	} | ||||||
|  | 	const isMembers = await groups.isMembers(uids, 'administrators'); | ||||||
|  | 	if (isMembers.includes(true)) { | ||||||
|  | 		throw new Error('[[error:cant-delete-other-admins]]'); | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	return true; | ||||||
|  | } | ||||||
|   | |||||||
| @@ -2,7 +2,6 @@ | |||||||
|  |  | ||||||
| const api = require('../../api'); | const api = require('../../api'); | ||||||
| const user = require('../../user'); | const user = require('../../user'); | ||||||
| const groups = require('../../groups'); |  | ||||||
| const plugins = require('../../plugins'); | const plugins = require('../../plugins'); | ||||||
| const privileges = require('../../privileges'); | const privileges = require('../../privileges'); | ||||||
| const notifications = require('../../notifications'); | const notifications = require('../../notifications'); | ||||||
| @@ -24,57 +23,20 @@ Users.create = async (req, res) => { | |||||||
| }; | }; | ||||||
|  |  | ||||||
| Users.update = async (req, res) => { | Users.update = async (req, res) => { | ||||||
| 	const userObj = await api.users.update(req, { ...req.body, ...req.params }); | 	const userObj = await api.users.update(req, { ...req.body, uid: req.params.uid }); | ||||||
| 	helpers.formatApiResponse(200, res, userObj); | 	helpers.formatApiResponse(200, res, userObj); | ||||||
| }; | }; | ||||||
|  |  | ||||||
| Users.delete = async (req, res) => { | Users.delete = async (req, res) => { | ||||||
| 	processDeletion(req.params.uid, req, res); | 	await api.users.delete(req, req.params); | ||||||
| 	helpers.formatApiResponse(200, res); | 	helpers.formatApiResponse(200, res); | ||||||
| }; | }; | ||||||
|  |  | ||||||
| Users.deleteMany = async (req, res) => { | Users.deleteMany = async (req, res) => { | ||||||
| 	if (await canDeleteUids(req.body.uids, res)) { | 	await api.users.deleteMany(req, req.body); | ||||||
| 		await Promise.all(req.body.uids.map(uid => processDeletion(uid, req, res))); | 	helpers.formatApiResponse(200, res); | ||||||
| 		helpers.formatApiResponse(200, res); |  | ||||||
| 	} |  | ||||||
| }; | }; | ||||||
|  |  | ||||||
| async function canDeleteUids(uids, res) { |  | ||||||
| 	if (!Array.isArray(uids)) { |  | ||||||
| 		helpers.formatApiResponse(400, res, new Error('[[error:invalid-data]]')); |  | ||||||
| 		return false; |  | ||||||
| 	} |  | ||||||
| 	const isMembers = await groups.isMembers(uids, 'administrators'); |  | ||||||
| 	if (isMembers.includes(true)) { |  | ||||||
| 		helpers.formatApiResponse(403, res, new Error('[[error:cant-delete-other-admins]]')); |  | ||||||
| 		return false; |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	return true; |  | ||||||
| } |  | ||||||
|  |  | ||||||
| async function processDeletion(uid, req, res) { |  | ||||||
| 	const isTargetAdmin = await user.isAdministrator(uid); |  | ||||||
| 	if (!res.locals.privileges.isSelf && !res.locals.privileges.isAdmin) { |  | ||||||
| 		return helpers.formatApiResponse(403, res); |  | ||||||
| 	} else if (!res.locals.privileges.isSelf && isTargetAdmin) { |  | ||||||
| 		return helpers.formatApiResponse(403, res, new Error('[[error:cant-delete-other-admins]]')); |  | ||||||
| 	} |  | ||||||
|  |  | ||||||
| 	// TODO: clear user tokens for this uid |  | ||||||
| 	await flags.resolveFlag('user', uid, req.user.uid); |  | ||||||
| 	const userData = await user.delete(req.user.uid, uid); |  | ||||||
| 	await events.log({ |  | ||||||
| 		type: 'user-delete', |  | ||||||
| 		uid: req.user.uid, |  | ||||||
| 		targetUid: uid, |  | ||||||
| 		ip: req.ip, |  | ||||||
| 		username: userData.username, |  | ||||||
| 		email: userData.email, |  | ||||||
| 	}); |  | ||||||
| } |  | ||||||
|  |  | ||||||
| Users.changePassword = async (req, res) => { | Users.changePassword = async (req, res) => { | ||||||
| 	req.body.uid = req.params.uid; | 	req.body.uid = req.params.uid; | ||||||
| 	await user.changePassword(req.user.uid, Object.assign(req.body, { ip: req.ip })); | 	await user.changePassword(req.user.uid, Object.assign(req.body, { ip: req.ip })); | ||||||
|   | |||||||
| @@ -140,11 +140,7 @@ User.deleteUsersContent = async function (socket, uids) { | |||||||
|  |  | ||||||
| User.deleteUsersAndContent = async function (socket, uids) { | User.deleteUsersAndContent = async function (socket, uids) { | ||||||
| 	sockets.warnDeprecated(socket, 'DELETE /api/v3/users or DELETE /api/v3/users/:uid'); | 	sockets.warnDeprecated(socket, 'DELETE /api/v3/users or DELETE /api/v3/users/:uid'); | ||||||
|  | 	await api.users.deleteMany(socket, { uids }); | ||||||
| 	await canDeleteUids(uids); |  | ||||||
| 	deleteUsers(socket, uids, async function (uid) { |  | ||||||
| 		return await user.delete(socket.uid, uid); |  | ||||||
| 	}); |  | ||||||
| }; | }; | ||||||
|  |  | ||||||
| async function canDeleteUids(uids) { | async function canDeleteUids(uids) { | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user