fix: use admin:groups priv for groups (#10960)

2025-11-01 19:46:01 +01:00 · 2022-10-12 10:02:45 -04:00
parent e35b0a869f
commit b879b6a0c2
2 changed files with 15 additions and 13 deletions
--- a/src/api/groups.js
+++ b/src/api/groups.js
@@ -215,14 +215,14 @@ async function isOwner(caller, groupName) {
 	if (typeof groupName !== 'string') {
 		throw new Error('[[error:invalid-group-name]]');
 	}
-	const [isAdmin, isGlobalModerator, isOwner, group] = await Promise.all([
+	const [hasAdminPrivilege, isGlobalModerator, isOwner, group] = await Promise.all([
-		user.isAdministrator(caller.uid),
+		privileges.admin.can('admin:groups', caller.uid),
 		user.isGlobalModerator(caller.uid),
 		groups.ownership.isOwner(caller.uid, groupName),
 		groups.getGroupData(groupName),
 	]);
-	const check = isOwner || isAdmin || (isGlobalModerator && !group.system);
+	const check = isOwner || hasAdminPrivilege || (isGlobalModerator && !group.system);
 	if (!check) {
 		throw new Error('[[error:no-privileges]]');
 	}
--- a/src/socket.io/groups.js
+++ b/src/socket.io/groups.js
@@ -42,13 +42,15 @@ async function isOwner(socket, data) {
 		throw new Error('[[error:invalid-group-name]]');
 	}
 	const results = await utils.promiseParallel({
-		isAdmin: await user.isAdministrator(socket.uid),
+		hasAdminPrivilege: privileges.admin.can('admin:groups', socket.uid),
-		isGlobalModerator: await user.isGlobalModerator(socket.uid),
+		isGlobalModerator: user.isGlobalModerator(socket.uid),
-		isOwner: await groups.ownership.isOwner(socket.uid, data.groupName),
+		isOwner: groups.ownership.isOwner(socket.uid, data.groupName),
-		group: await groups.getGroupData(data.groupName),
+		group: groups.getGroupData(data.groupName),
 	});
-	const isOwner = results.isOwner || results.isAdmin || (results.isGlobalModerator && !results.group.system);
+	const isOwner = results.isOwner ||
 		results.hasAdminPrivilege ||
 		(results.isGlobalModerator && !results.group.system);
 	if (!isOwner) {
 		throw new Error('[[error:no-privileges]]');
 	}
@@ -220,15 +222,15 @@ SocketGroups.loadMoreMembers = async (socket, data) => {
 };
 async function canSearchMembers(uid, groupName) {
-	const [isHidden, isMember, isAdmin, isGlobalMod, viewGroups] = await Promise.all([
+	const [isHidden, isMember, hasAdminPrivilege, isGlobalMod, viewGroups] = await Promise.all([
 		groups.isHidden(groupName),
 		groups.isMember(uid, groupName),
-		user.isAdministrator(uid),
+		privileges.admin.can('admin:groups', uid),
 		user.isGlobalModerator(uid),
 		privileges.global.can('view:groups', uid),
 	]);
-	if (!viewGroups || (isHidden && !isMember && !isAdmin && !isGlobalMod)) {
+	if (!viewGroups || (isHidden && !isMember && !hasAdminPrivilege && !isGlobalMod)) {
 		throw new Error('[[error:no-privileges]]');
 	}
 }
@@ -268,11 +270,11 @@ async function canModifyGroup(uid, groupName) {
 	const results = await utils.promiseParallel({
 		isOwner: groups.ownership.isOwner(uid, groupName),
 		system: groups.getGroupField(groupName, 'system'),
-		isAdmin: user.isAdministrator(uid),
+		hasAdminPrivilege: privileges.admin.can('admin:groups', uid),
 		isGlobalMod: user.isGlobalModerator(uid),
 	});
-	if (!(results.isOwner || results.isAdmin || (results.isGlobalMod && !results.system))) {
+	if (!(results.isOwner || results.hasAdminPrivilege || (results.isGlobalMod && !results.system))) {
 		throw new Error('[[error:no-privileges]]');
 	}
 }