From 7eaad1541b8bb24b942b91dfbc9b9978f7e464c8 Mon Sep 17 00:00:00 2001 From: Daniel Janeiro Date: Sat, 7 Oct 2017 22:35:54 +0100 Subject: [PATCH] Implement cannot ignore staff in users service `UsersService.ignoreUsers` now checks if any user provided is a staff member. In case it is it throws a ErrCannotIgnoreStaff error. --- services/users.js | 8 +++++++- test/server/services/users.js | 13 +++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/services/users.js b/services/users.js index 1dc9bceb6..4a2b6a0ee 100644 --- a/services/users.js +++ b/services/users.js @@ -2,6 +2,7 @@ const assert = require('assert'); const uuid = require('uuid'); const bcrypt = require('bcryptjs'); const errors = require('../errors'); +const some = require('lodash/some'); const { ROOT_URL @@ -879,13 +880,18 @@ module.exports = class UsersService { * @param {String} id the id of the user that is ignoring another users * @param {Array} usersToIgnore Array of user IDs to ignore */ - static ignoreUsers(id, usersToIgnore) { + static async ignoreUsers(id, usersToIgnore) { assert(Array.isArray(usersToIgnore), 'usersToIgnore is an array'); assert(usersToIgnore.every((u) => typeof u === 'string'), 'usersToIgnore is an array of string user IDs'); if (usersToIgnore.includes(id)) { throw new Error('Users cannot ignore themselves'); } + const users = await UsersService.findByIdArray(usersToIgnore); + if (some(users, (user) => user.isStaff())) { + throw errors.ErrCannotIgnoreStaff; + } + // TODO: For each usersToIgnore, make sure they exist? return UserModel.update({id}, { $addToSet: { diff --git a/test/server/services/users.js b/test/server/services/users.js index 57d0f3815..3efaf8f20 100644 --- a/test/server/services/users.js +++ b/test/server/services/users.js @@ -164,6 +164,19 @@ describe('services.UsersService', () => { const userAfterIgnoring2 = await UsersService.findById(user.id); expect(userAfterIgnoring2.ignoresUsers.length).to.equal(2); }); + + it('should not ignore a staff member', async () => { + const user = mockUsers[0]; + const usersToIgnore = [mockUsers[1]]; + await UsersService.addRoleToUser(usersToIgnore[0].id, 'STAFF'); + + try { + await UsersService.ignoreUsers(user.id, usersToIgnore.map((u) => u.id)); + } catch (err) { + expect(err.status).to.equal(400); + expect(err.translation_key).to.equal('CANNOT_IGNORE_STAFF'); + } + }); }); describe('#ban', () => {