mirror of
https://github.com/NodeBB/NodeBB.git
synced 2025-10-26 08:36:12 +01:00
fix: cant join system groups
This commit is contained in:
Barış Soner Uşaklı
@@ -70,7 +70,7 @@ Groups.join = async (req, res) => {
|
||||
|
||||
if (!res.locals.privileges.isAdmin) {
|
||||
// Admin and privilege groups unjoinable client-side
|
||||
if (group.name === 'administrators' || groups.isPrivilegeGroup(group.name)) {
|
||||
if (groups.systemGroups.includes(group.name) || groups.isPrivilegeGroup(group.name)) {
|
||||
throw new Error('[[error:not-allowed]]');
|
||||
}
|
||||
|
||||
|
||||
@@ -38,9 +38,9 @@ Groups.getEphemeralGroup = function (groupName) {
|
||||
name: groupName,
|
||||
slug: slugify(groupName),
|
||||
description: '',
|
||||
deleted: '0',
|
||||
hidden: '0',
|
||||
system: '1',
|
||||
deleted: 0,
|
||||
hidden: 0,
|
||||
system: 1,
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
@@ -30,7 +30,7 @@ SocketGroups.join = async (socket, data) => {
|
||||
throw new Error('[[error:invalid-group-name]]');
|
||||
}
|
||||
|
||||
if (data.groupName === 'administrators' || groups.isPrivilegeGroup(data.groupName)) {
|
||||
if (groups.systemGroups.includes(data.groupName) || groups.isPrivilegeGroup(data.groupName)) {
|
||||
throw new Error('[[error:not-allowed]]');
|
||||
}
|
||||
|
||||
|
||||
@@ -48,6 +48,16 @@ describe('Groups', function () {
|
||||
disableLeave: 1,
|
||||
});
|
||||
},
|
||||
async () => {
|
||||
await Groups.create({
|
||||
name: 'Global Moderators',
|
||||
userTitle: 'Global Moderator',
|
||||
description: 'Forum wide moderators',
|
||||
hidden: 0,
|
||||
private: 1,
|
||||
disableJoinRequests: 1,
|
||||
});
|
||||
},
|
||||
function (next) {
|
||||
// Create a new user
|
||||
User.create({
|
||||
@@ -72,8 +82,8 @@ describe('Groups', function () {
|
||||
},
|
||||
], function (err, results) {
|
||||
assert.ifError(err);
|
||||
testUid = results[4];
|
||||
adminUid = results[5];
|
||||
testUid = results[5];
|
||||
adminUid = results[6];
|
||||
Groups.join('administrators', adminUid, done);
|
||||
});
|
||||
});
|
||||
@@ -699,6 +709,29 @@ describe('Groups', function () {
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail to add user to system group', async function () {
|
||||
const uid = await User.create({ username: 'eviluser' });
|
||||
const oldValue = meta.config.allowPrivateGroups;
|
||||
meta.config.allowPrivateGroups = 0;
|
||||
async function test(groupName) {
|
||||
let err;
|
||||
try {
|
||||
await socketGroups.join({ uid: uid }, { groupName: groupName });
|
||||
const isMember = await Groups.isMember(uid, groupName);
|
||||
assert.strictEqual(isMember, false);
|
||||
} catch (_err) {
|
||||
err = _err;
|
||||
}
|
||||
assert.strictEqual(err.message, '[[error:not-allowed]]');
|
||||
}
|
||||
const groups = ['Global Moderators', 'verified-users', 'unverified-users'];
|
||||
for (const g of groups) {
|
||||
// eslint-disable-next-line no-await-in-loop
|
||||
await test(g);
|
||||
}
|
||||
meta.config.allowPrivateGroups = oldValue;
|
||||
});
|
||||
});
|
||||
|
||||
describe('.leave()', function () {
|
||||
|
||||
Reference in New Issue
Block a user