From 8ae1f81cf484a3a64e4f4294da0b75fc5190bba1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Thu, 15 Oct 2020 16:36:53 -0400 Subject: [PATCH] feat: refactor groups.delete --- src/api/groups.js | 36 ++++++++++++++++++++++++++++++--- src/controllers/write/groups.js | 17 +--------------- src/socket.io/groups.js | 15 +++----------- test/groups.js | 2 +- 4 files changed, 38 insertions(+), 32 deletions(-) diff --git a/src/api/groups.js b/src/api/groups.js index 41c8b089b9b4..718e9cd1cd36 100644 --- a/src/api/groups.js +++ b/src/api/groups.js @@ -29,6 +29,22 @@ groupsAPI.create = async function (caller, data) { return groupData; }; +groupsAPI.delete = async function (caller, data) { + const groupName = await groups.getGroupNameByGroupSlug(data.slug); + await isOwner(caller, groupName); + if ( + groups.systemGroups.includes(groupName) || + groups.ephemeralGroups.includes(groupName) + ) { + throw new Error('[[error:not-allowed]]'); + } + + await groups.destroy(groupName); + logGroupEvent(caller, 'group-delete', { + groupName: groupName, + }); +}; + groupsAPI.join = async function (caller, data) { if (caller.uid <= 0 || !data.uid) { throw new Error('[[error:invalid-uid]]'); @@ -88,9 +104,23 @@ groupsAPI.join = async function (caller, data) { // // TODO: // }; -// groupsAPI.delete = async function (caller, data) { -// // TODO: -// }; + +async function isOwner(caller, groupName) { + if (typeof groupName !== 'string') { + throw new Error('[[error:invalid-group-name]]'); + } + const [isAdmin, isGlobalModerator, isOwner, group] = await Promise.all([ + user.isAdministrator(caller.uid), + user.isGlobalModerator(caller.uid), + groups.ownership.isOwner(caller.uid, groupName), + groups.getGroupData(groupName), + ]); + + const check = isOwner || isAdmin || (isGlobalModerator && !group.system); + if (!check) { + throw new Error('[[error:no-privileges]]'); + } +} function logGroupEvent(caller, event, additional) { events.log({ diff --git a/src/controllers/write/groups.js b/src/controllers/write/groups.js index d6c8b041d4a0..d5d7dd1a38a3 100644 --- a/src/controllers/write/groups.js +++ b/src/controllers/write/groups.js @@ -19,23 +19,8 @@ Groups.create = async (req, res) => { }; Groups.delete = async (req, res) => { - const group = await groups.getByGroupslug(req.params.slug, { - uid: req.user.uid, - }); - - if (groups.ephemeralGroups.includes(group.slug)) { - throw new Error('[[error:not-allowed]]'); - } - - if (group.system || (!group.isOwner && !res.locals.privileges.isAdmin && !res.locals.privileges.isGmod)) { - throw new Error('[[error:no-privileges]]'); - } - - await groups.destroy(group.name); + await api.groups.delete(req, req.params); helpers.formatApiResponse(200, res); - logGroupEvent(req, 'group-delete', { - groupName: group.name, - }); }; Groups.join = async (req, res) => { diff --git a/src/socket.io/groups.js b/src/socket.io/groups.js index cacc69b83cf5..68493c76c816 100644 --- a/src/socket.io/groups.js +++ b/src/socket.io/groups.js @@ -244,18 +244,9 @@ SocketGroups.create = async (socket, data) => { }; SocketGroups.delete = async (socket, data) => { - await isOwner(socket, data); - if ( - data.groupName === 'administrators' || data.groupName === 'registered-users' || - data.groupName === 'guests' || data.groupName === 'Global Moderators' - ) { - throw new Error('[[error:not-allowed]]'); - } - - await groups.destroy(data.groupName); - logGroupEvent(socket, 'group-delete', { - groupName: data.groupName, - }); + sockets.warnDeprecated(socket, 'DEL /api/v3/groups'); + const slug = await groups.getGroupField(data.groupName, 'slug'); + await api.groups.delete(socket, { slug: slug }); }; SocketGroups.search = async (socket, data) => { diff --git a/test/groups.js b/test/groups.js index 1605c712e8bd..450deb12d8d9 100644 --- a/test/groups.js +++ b/test/groups.js @@ -1237,7 +1237,7 @@ describe('Groups', function () { it('should fail to delete group if name is special', function (done) { socketGroups.delete({ uid: adminUid }, { groupName: 'guests' }, function (err) { - assert.equal(err.message, '[[error:not-allowed]]'); + assert.equal(err.message, '[[error:invalid-group-name]]'); done(); }); });