mirror of
https://github.com/NodeBB/NodeBB.git
synced 2025-10-26 16:46:12 +01:00
refactor: user deletion to use api lib
This commit is contained in:
Julian Lam
@@ -1,7 +1,9 @@
|
||||
'use strict';
|
||||
|
||||
const user = require('../user');
|
||||
const groups = require('../groups');
|
||||
const meta = require('../meta');
|
||||
const flags = require('../flags');
|
||||
const privileges = require('../privileges');
|
||||
const events = require('../events');
|
||||
|
||||
@@ -60,3 +62,50 @@ usersAPI.update = async function (caller, data) {
|
||||
await log('username-change', { oldUsername: oldUserData.username, newUsername: userData.username });
|
||||
}
|
||||
};
|
||||
|
||||
usersAPI.delete = async function (caller, data) {
|
||||
processDeletion(data.uid, caller);
|
||||
};
|
||||
|
||||
usersAPI.deleteMany = async function (caller, data) {
|
||||
console.log(data.uids);
|
||||
if (await canDeleteUids(data.uids)) {
|
||||
await Promise.all(data.uids.map(uid => processDeletion(uid, caller)));
|
||||
}
|
||||
};
|
||||
|
||||
async function processDeletion(uid, caller) {
|
||||
const isTargetAdmin = await user.isAdministrator(uid);
|
||||
const isSelf = parseInt(uid, 10) === caller.uid;
|
||||
const isAdmin = await user.isAdministrator(caller.uid);
|
||||
|
||||
if (!isSelf && !isAdmin) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
} else if (!isSelf && isTargetAdmin) {
|
||||
throw new Error('[[error:cant-delete-other-admins]]');
|
||||
}
|
||||
|
||||
// TODO: clear user tokens for this uid
|
||||
await flags.resolveFlag('user', uid, caller.uid);
|
||||
const userData = await user.delete(caller.uid, uid);
|
||||
await events.log({
|
||||
type: 'user-delete',
|
||||
uid: caller.uid,
|
||||
targetUid: uid,
|
||||
ip: caller.ip,
|
||||
username: userData.username,
|
||||
email: userData.email,
|
||||
});
|
||||
}
|
||||
|
||||
async function canDeleteUids(uids) {
|
||||
if (!Array.isArray(uids)) {
|
||||
throw new Error('[[error:invalid-data]]');
|
||||
}
|
||||
const isMembers = await groups.isMembers(uids, 'administrators');
|
||||
if (isMembers.includes(true)) {
|
||||
throw new Error('[[error:cant-delete-other-admins]]');
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -2,7 +2,6 @@
|
||||
|
||||
const api = require('../../api');
|
||||
const user = require('../../user');
|
||||
const groups = require('../../groups');
|
||||
const plugins = require('../../plugins');
|
||||
const privileges = require('../../privileges');
|
||||
const notifications = require('../../notifications');
|
||||
@@ -24,57 +23,20 @@ Users.create = async (req, res) => {
|
||||
};
|
||||
|
||||
Users.update = async (req, res) => {
|
||||
const userObj = await api.users.update(req, { ...req.body, ...req.params });
|
||||
const userObj = await api.users.update(req, { ...req.body, uid: req.params.uid });
|
||||
helpers.formatApiResponse(200, res, userObj);
|
||||
};
|
||||
|
||||
Users.delete = async (req, res) => {
|
||||
processDeletion(req.params.uid, req, res);
|
||||
await api.users.delete(req, req.params);
|
||||
helpers.formatApiResponse(200, res);
|
||||
};
|
||||
|
||||
Users.deleteMany = async (req, res) => {
|
||||
if (await canDeleteUids(req.body.uids, res)) {
|
||||
await Promise.all(req.body.uids.map(uid => processDeletion(uid, req, res)));
|
||||
helpers.formatApiResponse(200, res);
|
||||
}
|
||||
await api.users.deleteMany(req, req.body);
|
||||
helpers.formatApiResponse(200, res);
|
||||
};
|
||||
|
||||
async function canDeleteUids(uids, res) {
|
||||
if (!Array.isArray(uids)) {
|
||||
helpers.formatApiResponse(400, res, new Error('[[error:invalid-data]]'));
|
||||
return false;
|
||||
}
|
||||
const isMembers = await groups.isMembers(uids, 'administrators');
|
||||
if (isMembers.includes(true)) {
|
||||
helpers.formatApiResponse(403, res, new Error('[[error:cant-delete-other-admins]]'));
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
async function processDeletion(uid, req, res) {
|
||||
const isTargetAdmin = await user.isAdministrator(uid);
|
||||
if (!res.locals.privileges.isSelf && !res.locals.privileges.isAdmin) {
|
||||
return helpers.formatApiResponse(403, res);
|
||||
} else if (!res.locals.privileges.isSelf && isTargetAdmin) {
|
||||
return helpers.formatApiResponse(403, res, new Error('[[error:cant-delete-other-admins]]'));
|
||||
}
|
||||
|
||||
// TODO: clear user tokens for this uid
|
||||
await flags.resolveFlag('user', uid, req.user.uid);
|
||||
const userData = await user.delete(req.user.uid, uid);
|
||||
await events.log({
|
||||
type: 'user-delete',
|
||||
uid: req.user.uid,
|
||||
targetUid: uid,
|
||||
ip: req.ip,
|
||||
username: userData.username,
|
||||
email: userData.email,
|
||||
});
|
||||
}
|
||||
|
||||
Users.changePassword = async (req, res) => {
|
||||
req.body.uid = req.params.uid;
|
||||
await user.changePassword(req.user.uid, Object.assign(req.body, { ip: req.ip }));
|
||||
|
||||
@@ -140,11 +140,7 @@ User.deleteUsersContent = async function (socket, uids) {
|
||||
|
||||
User.deleteUsersAndContent = async function (socket, uids) {
|
||||
sockets.warnDeprecated(socket, 'DELETE /api/v3/users or DELETE /api/v3/users/:uid');
|
||||
|
||||
await canDeleteUids(uids);
|
||||
deleteUsers(socket, uids, async function (uid) {
|
||||
return await user.delete(socket.uid, uid);
|
||||
});
|
||||
await api.users.deleteMany(socket, { uids });
|
||||
};
|
||||
|
||||
async function canDeleteUids(uids) {
|
||||
|
||||
Reference in New Issue
Block a user