refactor(socket.io): deprecate socketGroups.searchMembers in favour of api.groups.listMembers

public/openapi/write.yaml

@@ -96,6 +96,8 @@ paths:
     $ref: 'write/groups.yaml'
   /groups/{slug}:
     $ref: 'write/groups/slug.yaml'
+  /groups/{slug}/members:
+    $ref: 'write/groups/slug/members.yaml'
   /groups/{slug}/membership/{uid}:
     $ref: 'write/groups/slug/membership/uid.yaml'
   /groups/{slug}/ownership/{uid}:

public/openapi/write/groups/slug/members.yaml

@@ -0,0 +1,46 @@
+get:
+  tags:
+    - groups
+  summary: list group members
+  description: This operation returns a list of members in a user groups. Group owners (if any) are floated to the top of the returned users.
+  parameters:
+    - in: path
+      name: slug
+      schema:
+        type: string
+      required: true
+      description: group slug (that also acts as its identifier) to check
+      example: administrators
+    - in: query
+      name: 'query'
+      schema:
+        type: string
+      required: false
+      description: A keyword search query
+      example: 'a'
+  responses:
+    '200':
+      description: matching user group members successfully listed
+      content:
+        application/json:
+          schema:
+            type: object
+            properties:
+              status:
+                $ref: ../../../components/schemas/Status.yaml#/Status
+              response:
+                type: object
+                properties:
+                  users:
+                    type: array
+                    items:
+                      allOf:
+                        - $ref: ../../../components/schemas/UserObject.yaml#/UserObjectSlim
+                        - type: object
+                          properties:
+                            isOwner:
+                              type: boolean
+                  matchCount:
+                    type: number
+                  timing:
+                    type: string

src/api/groups.js

@@ -73,6 +73,35 @@ groupsAPI.delete = async function (caller, data) {
 	});
 };
 
+groupsAPI.listMembers = async (caller, data) => {
+	const groupName = await groups.getGroupNameByGroupSlug(data.slug);
+
+	await canSearchMembers(caller.uid, groupName);
+	if (!await privileges.global.can('search:users', caller.uid)) {
+		throw new Error('[[error:no-privileges]]');
+	}
+
+	return await groups.searchMembers({
+		uid: caller.uid,
+		query: data.query,
+		groupName,
+	});
+};
+
+async function canSearchMembers(uid, groupName) {
+	const [isHidden, isMember, hasAdminPrivilege, isGlobalMod, viewGroups] = await Promise.all([
+		groups.isHidden(groupName),
+		groups.isMember(uid, groupName),
+		privileges.admin.can('admin:groups', uid),
+		user.isGlobalModerator(uid),
+		privileges.global.can('view:groups', uid),
+	]);
+
+	if (!viewGroups || (isHidden && !isMember && !hasAdminPrivilege && !isGlobalMod)) {
+		throw new Error('[[error:no-privileges]]');
+	}
+}
+
 groupsAPI.join = async function (caller, data) {
 	if (!data) {
 		throw new Error('[[error:invalid-data]]');

src/controllers/write/groups.js

@@ -32,6 +32,11 @@ Groups.delete = async (req, res) => {
 	helpers.formatApiResponse(200, res);
 };
 
+Groups.listMembers = async (req, res) => {
+	const { slug } = req.params;
+	helpers.formatApiResponse(200, res, await api.groups.listMembers(req, { ...req.query, slug }));
+};
+
 Groups.join = async (req, res) => {
 	await api.groups.join(req, req.params);
 	helpers.formatApiResponse(200, res);

src/groups/search.js

@@ -53,7 +53,9 @@ module.exports = function (Groups) {
 	Groups.searchMembers = async function (data) {
 		if (!data.query) {
 			const users = await Groups.getOwnersAndMembers(data.groupName, data.uid, 0, 19);
-			return { users: users };
+			const matchCount = users.length;
+			const timing = '0.00';
+			return { users, matchCount, timing };
 		}
 
 		const results = await user.search({

src/routes/write/groups.js

@@ -16,6 +16,8 @@ module.exports = function () {
 	setupApiRoute(router, 'put', '/:slug', [...middlewares, middleware.assert.group], controllers.write.groups.update);
 	setupApiRoute(router, 'delete', '/:slug', [...middlewares, middleware.assert.group], controllers.write.groups.delete);
 
+	setupApiRoute(router, 'get', '/:slug/members', [...middlewares, middleware.assert.group], controllers.write.groups.listMembers);
+
 	setupApiRoute(router, 'put', '/:slug/membership/:uid', [...middlewares, middleware.assert.group], controllers.write.groups.join);
 	setupApiRoute(router, 'delete', '/:slug/membership/:uid', [...middlewares, middleware.assert.group], controllers.write.groups.leave);
 

src/socket.io/groups.js

@@ -5,6 +5,7 @@ const user = require('../user');
 const utils = require('../utils');
 const privileges = require('../privileges');
 const api = require('../api');
+const slugify = require('../slugify');
 
 const sockets = require('.');
 
@@ -40,18 +41,15 @@ SocketGroups.loadMore = async (socket, data) => {
 };
 
 SocketGroups.searchMembers = async (socket, data) => {
+	sockets.warnDeprecated(socket, 'GET /api/v3/groups/:groupName/members');
+
 	if (!data.groupName) {
 		throw new Error('[[error:invalid-data]]');
 	}
-	await canSearchMembers(socket.uid, data.groupName);
-	if (!await privileges.global.can('search:users', socket.uid)) {
-		throw new Error('[[error:no-privileges]]');
-	}
-	return await groups.searchMembers({
-		uid: socket.uid,
-		query: data.query,
-		groupName: data.groupName,
-	});
+	data.slug = slugify(data.groupName);
+	delete data.groupName;
+
+	return api.groups.listMembers(socket, data);
 };
 
 SocketGroups.loadMoreMembers = async (socket, data) => {