Merge branch 'master' of https://github.com/NodeBB/NodeBB

src/api/users.js

@@ -1,5 +1,6 @@
 'use strict';
 
+const db = require('../database');
 const user = require('../user');
 const groups = require('../groups');
 const meta = require('../meta');
@@ -8,6 +9,8 @@ const privileges = require('../privileges');
 const notifications = require('../notifications');
 const plugins = require('../plugins');
 const events = require('../events');
+const translator = require('../translator');
+const sockets = require('../socket.io');
 
 const usersAPI = module.exports;
 
@@ -20,25 +23,28 @@ usersAPI.create = async function (caller, data) {
 };
 
 usersAPI.update = async function (caller, data) {
-	if (!data || !data.uid) {
-		throw new Error('[[error:invalid-data]]');
-	}
 	if (!caller.uid) {
 		throw new Error('[[error:invalid-uid]]');
 	}
+
+	if (!data || !data.uid) {
+		throw new Error('[[error:invalid-data]]');
+	}
+
 	const oldUserData = await user.getUserFields(data.uid, ['email', 'username']);
 	if (!oldUserData || !oldUserData.username) {
 		throw new Error('[[error:invalid-data]]');
 	}
 
-	const [isAdminOrGlobalMod, canEdit, passwordMatch] = await Promise.all([
+	const [isAdminOrGlobalMod, canEdit, hasPassword, passwordMatch] = await Promise.all([
 		user.isAdminOrGlobalMod(caller.uid),
 		privileges.users.canEdit(caller.uid, data.uid),
+		user.hasPassword(data.uid),
 		data.password ? user.isPasswordCorrect(data.uid, data.password, caller.ip) : false,
 	]);
 
 	// Changing own email/username requires password confirmation
-	if (['email', 'username'].some(prop => Object.keys(data).includes(prop)) && !isAdminOrGlobalMod && caller.uid === data.uid && !passwordMatch) {
+	if (['email', 'username'].some(prop => Object.keys(data).includes(prop)) && !isAdminOrGlobalMod && caller.uid === data.uid && hasPassword && !passwordMatch) {
 		throw new Error('[[error:invalid-password]]');
 	}
 
@@ -80,7 +86,6 @@ usersAPI.delete = async function (caller, data) {
 };
 
 usersAPI.deleteMany = async function (caller, data) {
-	console.log(data.uids);
 	if (await canDeleteUids(data.uids)) {
 		await Promise.all(data.uids.map(uid => processDeletion(uid, caller)));
 	}
@@ -127,6 +132,63 @@ usersAPI.unfollow = async function (caller, data) {
 	});
 };
 
+usersAPI.ban = async function (caller, data) {
+	if (!await privileges.users.hasBanPrivilege(caller.uid)) {
+		throw new Error('[[error:no-privileges]]');
+	} else if (await user.isAdministrator(data.uid)) {
+		throw new Error('[[error:cant-ban-other-admins]]');
+	}
+
+	const banData = await user.bans.ban(data.uid, data.until, data.reason);
+	await db.setObjectField('uid:' + data.uid + ':ban:' + banData.timestamp, 'fromUid', caller.uid);
+
+	if (!data.reason) {
+		data.reason = await translator.translate('[[user:info.banned-no-reason]]');
+	}
+
+	sockets.in('uid_' + data.uid).emit('event:banned', {
+		until: data.until,
+		reason: data.reason,
+	});
+
+	await flags.resolveFlag('user', data.uid, caller.uid);
+	await flags.resolveUserPostFlags(data.uid, caller.uid);
+	await events.log({
+		type: 'user-ban',
+		uid: caller.uid,
+		targetUid: data.uid,
+		ip: caller.ip,
+		reason: data.reason || undefined,
+	});
+	plugins.fireHook('action:user.banned', {
+		callerUid: caller.uid,
+		ip: caller.ip,
+		uid: data.uid,
+		until: data.until > 0 ? data.until : undefined,
+		reason: data.reason || undefined,
+	});
+	await user.auth.revokeAllSessions(data.uid);
+};
+
+usersAPI.unban = async function (caller, data) {
+	if (!await privileges.users.hasBanPrivilege(caller.uid)) {
+		throw new Error('[[error:no-privileges]]');
+	}
+
+	await user.bans.unban(data.uid);
+	await events.log({
+		type: 'user-unban',
+		uid: caller.uid,
+		targetUid: data.uid,
+		ip: caller.ip,
+	});
+	plugins.fireHook('action:user.unbanned', {
+		callerUid: caller.uid,
+		ip: caller.ip,
+		uid: data.uid,
+	});
+};
+
 async function processDeletion(uid, caller) {
 	const isTargetAdmin = await user.isAdministrator(uid);
 	const isSelf = parseInt(uid, 10) === caller.uid;