Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: cant join system groups

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2020-10-13 22:08:09 -04:00
parent a411df1321
commit 59bbede8c7
4 changed files with 40 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/controllers/write/groups.js
View File

@@ -70,7 +70,7 @@ Groups.join = async (req, res) => {
if (!res.locals.privileges.isAdmin) { if (!res.locals.privileges.isAdmin) {
// Admin and privilege groups unjoinable client-side // Admin and privilege groups unjoinable client-side
if (group.name === 'administrators' || groups.isPrivilegeGroup(group.name)) { if (groups.systemGroups.includes(group.name) || groups.isPrivilegeGroup(group.name)) {
throw new Error('[[error:not-allowed]]'); throw new Error('[[error:not-allowed]]');
} }

6
src/groups/index.js
View File

@@ -38,9 +38,9 @@ Groups.getEphemeralGroup = function (groupName) {
name: groupName, name: groupName,
slug: slugify(groupName), slug: slugify(groupName),
description: '', description: '',
deleted: '0', deleted: 0,
hidden: '0', hidden: 0,
system: '1', system: 1,
}; };
}; };

2
src/socket.io/groups.js
View File

@@ -30,7 +30,7 @@ SocketGroups.join = async (socket, data) => {
throw new Error('[[error:invalid-group-name]]'); throw new Error('[[error:invalid-group-name]]');
} }
if (data.groupName === 'administrators' || groups.isPrivilegeGroup(data.groupName)) { if (groups.systemGroups.includes(data.groupName) || groups.isPrivilegeGroup(data.groupName)) {
throw new Error('[[error:not-allowed]]'); throw new Error('[[error:not-allowed]]');
} }

37
test/groups.js
View File

@@ -48,6 +48,16 @@ describe('Groups', function () {
disableLeave: 1, disableLeave: 1,
}); });
}, },
async () => {
await Groups.create({
name: 'Global Moderators',
userTitle: 'Global Moderator',
description: 'Forum wide moderators',
hidden: 0,
private: 1,
disableJoinRequests: 1,
});
},
function (next) { function (next) {
// Create a new user // Create a new user
User.create({ User.create({
@@ -72,8 +82,8 @@ describe('Groups', function () {
}, },
], function (err, results) { ], function (err, results) {
assert.ifError(err); assert.ifError(err);
testUid = results[4]; testUid = results[5];
adminUid = results[5]; adminUid = results[6];
Groups.join('administrators', adminUid, done); Groups.join('administrators', adminUid, done);
}); });
}); });
@@ -699,6 +709,29 @@ describe('Groups', function () {
}); });
}); });
}); });
it('should fail to add user to system group', async function () {
const uid = await User.create({ username: 'eviluser' });
const oldValue = meta.config.allowPrivateGroups;
meta.config.allowPrivateGroups = 0;
async function test(groupName) {
let err;
try {
await socketGroups.join({ uid: uid }, { groupName: groupName });
const isMember = await Groups.isMember(uid, groupName);
assert.strictEqual(isMember, false);
} catch (_err) {
err = _err;
}
assert.strictEqual(err.message, '[[error:not-allowed]]');
}
const groups = ['Global Moderators', 'verified-users', 'unverified-users'];
for (const g of groups) {
// eslint-disable-next-line no-await-in-loop
await test(g);
}
meta.config.allowPrivateGroups = oldValue;
});
}); });
describe('.leave()', function () { describe('.leave()', function () {