Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-29 18:16:17 +01:00
Code Issues Packages Projects Releases Wiki Activity

dont allow deletion of administrators and registered-users

Browse Source
This commit is contained in:
barisusakli
2015-07-08 12:01:06 -04:00
parent d00e08a8e6
commit b8028ccdbf
1 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/socket.io/groups.js
View File

@@ -139,8 +139,8 @@ SocketGroups.acceptInvite = function(socket, data, callback) {
}
groups.isInvited(socket.uid, data.groupName, function(err, invited) {
if (!invited) {
return callback(new Error('[[error:no-privileges]]'));
if (err || !invited) {
return callback(err || new Error('[[error:no-privileges]]'));
}
groups.acceptMembership(data.groupName, socket.uid, callback);
@@ -153,8 +153,8 @@ SocketGroups.rejectInvite = function(socket, data, callback) {
}
groups.isInvited(socket.uid, data.groupName, function(err, invited) {
if (!invited) {
return callback(new Error('[[error:no-privileges]]'));
if (err || !invited) {
return callback(err || new Error('[[error:no-privileges]]'));
}
groups.rejectMembership(data.groupName, socket.uid, callback);
@@ -167,8 +167,8 @@ SocketGroups.update = function(socket, data, callback) {
}
groups.ownership.isOwner(socket.uid, data.groupName, function(err, isOwner) {
if (!isOwner) {
return callback(new Error('[[error:no-privileges]]'));
if (err || !isOwner) {
return callback(err || new Error('[[error:no-privileges]]'));
}
groups.update(data.groupName, data.values, callback);
@@ -194,12 +194,19 @@ SocketGroups.delete = function(socket, data, callback) {
return callback(new Error('[[error:invalid-data]]'));
}
if (data.groupName === 'administrators' || data.groupName === 'registered-users') {
return callback(new Error('[[error:not-allowed]]'));
}
var tasks = {
isOwner: async.apply(groups.ownership.isOwner, socket.uid, data.groupName),
isAdmin: async.apply(user.isAdministrator, socket.uid)
};
isOwner: async.apply(groups.ownership.isOwner, socket.uid, data.groupName),
isAdmin: async.apply(user.isAdministrator, socket.uid)
};
async.parallel(tasks, function(err, checks) {
if (err) {
return callback(err);
}
if (!checks.isOwner && !checks.isAdmin) {
return callback(new Error('[[error:no-privileges]]'));
}