feat: refactor groups.delete

NodeBB · Oct 15, 2020 · 8ae1f81 · 8ae1f81
1 parent d69e503
commit 8ae1f81
Show file tree

Hide file tree

Showing 4 changed files with 38 additions and 32 deletions.
diff --git a/src/api/groups.js b/src/api/groups.js
@@ -29,6 +29,22 @@ groupsAPI.create = async function (caller, data) {
 	return groupData;
 };
 
+groupsAPI.delete = async function (caller, data) {
+	const groupName = await groups.getGroupNameByGroupSlug(data.slug);
+	await isOwner(caller, groupName);
+	if (
+		groups.systemGroups.includes(groupName) ||
+		groups.ephemeralGroups.includes(groupName)
+	) {
+		throw new Error('[[error:not-allowed]]');
+	}
+
+	await groups.destroy(groupName);
+	logGroupEvent(caller, 'group-delete', {
+		groupName: groupName,
+	});
+};
+
 groupsAPI.join = async function (caller, data) {
 	if (caller.uid <= 0 || !data.uid) {
 		throw new Error('[[error:invalid-uid]]');
@@ -88,9 +104,23 @@ groupsAPI.join = async function (caller, data) {
 // 	// TODO:
 // };
 
-// groupsAPI.delete = async function (caller, data) {
-// 	// TODO:
-// };
+
+async function isOwner(caller, groupName) {
+	if (typeof groupName !== 'string') {
+		throw new Error('[[error:invalid-group-name]]');
+	}
+	const [isAdmin, isGlobalModerator, isOwner, group] = await Promise.all([
+		user.isAdministrator(caller.uid),
+		user.isGlobalModerator(caller.uid),
+		groups.ownership.isOwner(caller.uid, groupName),
+		groups.getGroupData(groupName),
+	]);
+
+	const check = isOwner || isAdmin || (isGlobalModerator && !group.system);
+	if (!check) {
+		throw new Error('[[error:no-privileges]]');
+	}
+}
 
 function logGroupEvent(caller, event, additional) {
 	events.log({

diff --git a/src/controllers/write/groups.js b/src/controllers/write/groups.js
@@ -19,23 +19,8 @@ Groups.create = async (req, res) => {
 };
 
 Groups.delete = async (req, res) => {
-	const group = await groups.getByGroupslug(req.params.slug, {
-		uid: req.user.uid,
-	});
-
-	if (groups.ephemeralGroups.includes(group.slug)) {
-		throw new Error('[[error:not-allowed]]');
-	}
-
-	if (group.system || (!group.isOwner && !res.locals.privileges.isAdmin && !res.locals.privileges.isGmod)) {
-		throw new Error('[[error:no-privileges]]');
-	}
-
-	await groups.destroy(group.name);
+	await api.groups.delete(req, req.params);
 	helpers.formatApiResponse(200, res);
-	logGroupEvent(req, 'group-delete', {
-		groupName: group.name,
-	});
 };
 
 Groups.join = async (req, res) => {

diff --git a/src/socket.io/groups.js b/src/socket.io/groups.js
@@ -244,18 +244,9 @@ SocketGroups.create = async (socket, data) => {
 };
 
 SocketGroups.delete = async (socket, data) => {
-	await isOwner(socket, data);
-	if (
-		data.groupName === 'administrators' || data.groupName === 'registered-users' ||
-		data.groupName === 'guests' || data.groupName === 'Global Moderators'
-	) {
-		throw new Error('[[error:not-allowed]]');
-	}
-
-	await groups.destroy(data.groupName);
-	logGroupEvent(socket, 'group-delete', {
-		groupName: data.groupName,
-	});
+	sockets.warnDeprecated(socket, 'DEL /api/v3/groups');
+	const slug = await groups.getGroupField(data.groupName, 'slug');
+	await api.groups.delete(socket, { slug: slug });
 };
 
 SocketGroups.search = async (socket, data) => {

diff --git a/test/groups.js b/test/groups.js
@@ -1237,7 +1237,7 @@ describe('Groups', function () {
 
 		it('should fail to delete group if name is special', function (done) {
 			socketGroups.delete({ uid: adminUid }, { groupName: 'guests' }, function (err) {
-				assert.equal(err.message, '[[error:not-allowed]]');
+				assert.equal(err.message, '[[error:invalid-group-name]]');
 				done();
 			});
 		});