diff --git a/client/coral-framework/hocs/withMutation.js b/client/coral-framework/hocs/withMutation.js index f16809322..cb6bc3789 100644 --- a/client/coral-framework/hocs/withMutation.js +++ b/client/coral-framework/hocs/withMutation.js @@ -108,7 +108,7 @@ export default (document, config = {}) => hoistStatics((WrappedComponent) => { res[key] = (prev, result) => { if (getResponseErrors(result.mutationResult)) { - // Do not run updates when we have mutation errors. + // Do not run updates when we have mutation errors. return prev; } return map[key](prev, result) || prev; @@ -116,6 +116,11 @@ export default (document, config = {}) => hoistStatics((WrappedComponent) => { } else { const existing = res[key]; res[key] = (prev, result) => { + if (getResponseErrors(result.mutationResult)) { + + // Do not run updates when we have mutation errors. + return prev; + } const next = existing(prev, result); return map[key](next, result) || next; }; diff --git a/errors.js b/errors.js index ab1667e07..dca3f0511 100644 --- a/errors.js +++ b/errors.js @@ -195,6 +195,12 @@ const ErrAssetURLAlreadyExists = new APIError('Asset URL already exists, cannot status: 409 }); +// ErrCannotIgnoreStaff is returned when a user tries to ignore a staff member. +const ErrCannotIgnoreStaff = new APIError('Cannot ignore staff members.', { + translation_key: 'CANNOT_IGNORE_STAFF', + status: 400 +}); + module.exports = { ExtendableError, APIError, @@ -221,5 +227,6 @@ module.exports = { ErrLoginAttemptMaximumExceeded, ErrEditWindowHasEnded, ErrCommentTooShort, - ErrAssetURLAlreadyExists + ErrAssetURLAlreadyExists, + ErrCannotIgnoreStaff }; diff --git a/locales/en.yml b/locales/en.yml index 454d4c2a2..17eed0ed5 100644 --- a/locales/en.yml +++ b/locales/en.yml @@ -206,6 +206,7 @@ en: NOT_FOUND: "Resource not found" ALREADY_EXISTS: "Resource already exists" INVALID_ASSET_URL: "Assert URL is invalid" + CANNOT_IGNORE_STAFF: "Cannot ignore Staff members." email: "Not a valid E-Mail" confirm_password: "Passwords don't match. Please check again" network_error: "Failed to connect to server. Check your internet connection and try again." diff --git a/services/users.js b/services/users.js index 78708b40a..7968f7e83 100644 --- a/services/users.js +++ b/services/users.js @@ -2,6 +2,7 @@ const assert = require('assert'); const uuid = require('uuid'); const bcrypt = require('bcryptjs'); const errors = require('../errors'); +const some = require('lodash/some'); const { ROOT_URL @@ -885,13 +886,18 @@ module.exports = class UsersService { * @param {String} id the id of the user that is ignoring another users * @param {Array} usersToIgnore Array of user IDs to ignore */ - static ignoreUsers(id, usersToIgnore) { + static async ignoreUsers(id, usersToIgnore) { assert(Array.isArray(usersToIgnore), 'usersToIgnore is an array'); assert(usersToIgnore.every((u) => typeof u === 'string'), 'usersToIgnore is an array of string user IDs'); if (usersToIgnore.includes(id)) { throw new Error('Users cannot ignore themselves'); } + const users = await UsersService.findByIdArray(usersToIgnore); + if (some(users, (user) => user.isStaff())) { + throw errors.ErrCannotIgnoreStaff; + } + // TODO: For each usersToIgnore, make sure they exist? return UserModel.update({id}, { $addToSet: { diff --git a/test/server/services/users.js b/test/server/services/users.js index 251618187..6ac56947a 100644 --- a/test/server/services/users.js +++ b/test/server/services/users.js @@ -164,6 +164,19 @@ describe('services.UsersService', () => { const userAfterIgnoring2 = await UsersService.findById(user.id); expect(userAfterIgnoring2.ignoresUsers.length).to.equal(2); }); + + it('should not ignore a staff member', async () => { + const user = mockUsers[0]; + const usersToIgnore = [mockUsers[1]]; + await UsersService.addRoleToUser(usersToIgnore[0].id, 'STAFF'); + + try { + await UsersService.ignoreUsers(user.id, usersToIgnore.map((u) => u.id)); + } catch (err) { + expect(err.status).to.equal(400); + expect(err.translation_key).to.equal('CANNOT_IGNORE_STAFF'); + } + }); }); describe('#ban', () => {