fix: #8556, catch errors from admin check

NodeBB · Aug 13, 2020 · bfaf648 · bfaf648 · julianlam · Aug 13, 2020
1 parent 3268273
commit bfaf648
Showing 1 changed file with 7 additions and 9 deletions.
diff --git a/src/socket.io/admin/user.js b/src/socket.io/admin/user.js
@@ -122,39 +122,37 @@ User.forcePasswordReset = async function (socket, uids) {
 };
 
 User.deleteUsers = async function (socket, uids) {
+	await canDeleteUids(uids);
 	deleteUsers(socket, uids, async function (uid) {
 		return await user.deleteAccount(uid);
 	});
 };
 
 User.deleteUsersContent = async function (socket, uids) {
-	if (!Array.isArray(uids)) {
-		throw new Error('[[error:invalid-data]]');
-	}
-	const isMembers = await groups.isMembers(uids, 'administrators');
-	if (isMembers.includes(true)) {
-		throw new Error('[[error:cant-delete-other-admins]]');
-	}
-
+	await canDeleteUids(uids);
 	await Promise.all(uids.map(async (uid) => {
 		await user.deleteContent(socket.uid, uid);
 	}));
 };
 
 User.deleteUsersAndContent = async function (socket, uids) {
+	await canDeleteUids(uids);
 	deleteUsers(socket, uids, async function (uid) {
 		return await user.delete(socket.uid, uid);
 	});
 };
 
-async function deleteUsers(socket, uids, method) {
+async function canDeleteUids(uids) {
 	if (!Array.isArray(uids)) {
 		throw new Error('[[error:invalid-data]]');
 	}
 	const isMembers = await groups.isMembers(uids, 'administrators');
 	if (isMembers.includes(true)) {
 		throw new Error('[[error:cant-delete-other-admins]]');
 	}
+}
+
+async function deleteUsers(socket, uids, method) {
 	async function doDelete(uid) {
 		await flags.resolveFlag('user', uid, socket.uid);
 		const userData = await method(uid);