fix: admins are not allowed to kick or ban other admins

2023-06-23 09:02:12 +02:00 · 2023-06-23 09:02:12 +02:00 · a8678575a7
parent da2f155f2d
commit a8678575a7
4 changed files with 36 additions and 8 deletions
--- a/protocol/communities/community.go
+++ b/protocol/communities/community.go
@ -795,8 +795,8 @@ func (o *Community) RemoveUserFromOrg(pk *ecdsa.PublicKey) (*protobuf.CommunityD
 		return nil, ErrNotAdmin
 	}

-	if o.IsMemberOwner(pk) {
-		return nil, ErrNotOwner
+	if o.IsAdmin() && o.IsMemberOwnerOrAdmin(pk) {
+		return nil, ErrCannotRemoveOwnerOrAdmin
 	}

 	o.removeMemberFromOrg(pk)
@ -839,8 +839,8 @@ func (o *Community) BanUserFromCommunity(pk *ecdsa.PublicKey) (*protobuf.Communi
 		return nil, ErrNotAdmin
 	}

-	if o.IsMemberOwner(pk) {
-		return nil, ErrNotOwner
+	if o.IsAdmin() && o.IsMemberOwnerOrAdmin(pk) {
+		return nil, ErrCannotBanOwnerOrAdmin
 	}

 	o.banUserFromCommunity(pk)
--- a/protocol/communities/community_admin_event.go
+++ b/protocol/communities/community_admin_event.go
@ -314,8 +314,8 @@ func (o *Community) PatchCommunityDescriptionByAdminEvent(adminEvent *protobuf.C
 			return nil, err
 		}

-		if copy.IsMemberOwner(pk) {
-			return nil, errors.New("attempt to kick an owner of the community from the admin side")
+		if copy.IsMemberOwnerOrAdmin(pk) {
+			return nil, errors.New("attempt to kick an owner or admin of the community from the admin side")
 		}

 		copy.removeMemberFromOrg(pk)
@ -326,8 +326,8 @@ func (o *Community) PatchCommunityDescriptionByAdminEvent(adminEvent *protobuf.C
 			return nil, err
 		}

-		if copy.IsMemberOwner(pk) {
-			return nil, errors.New("attempt to ban an owner of the community from the admin side")
+		if copy.IsMemberOwnerOrAdmin(pk) {
+			return nil, errors.New("attempt to ban an owner or admin of the community from the admin side")
 		}
 		copy.banUserFromCommunity(pk)

--- a/protocol/communities/errors.go
+++ b/protocol/communities/errors.go
@ -37,3 +37,5 @@ var ErrNoPermissionToJoin = errors.New("member has no permission to join")
 var ErrMemberWalletAlreadyExists = errors.New("member wallet already exists")
 var ErrMemberWalletNotFound = errors.New("member wallet not found")
 var ErrNotEnoughPermissions = errors.New("not enough permissions for this community")
+var ErrCannotRemoveOwnerOrAdmin = errors.New("not allowed to remove admin or owner")
+var ErrCannotBanOwnerOrAdmin = errors.New("not allowed to ban admin or owner")
--- a/protocol/communities_messenger_admin_test.go
+++ b/protocol/communities_messenger_admin_test.go
@ -625,6 +625,18 @@ func (s *AdminMessengerCommunitiesSuite) TestAdminReorderChannelsAndCategories()
 	s.adminReorderChannel(&reorderChatRequest)
 }

+func (s *AdminMessengerCommunitiesSuite) TestAdminKickAdmin() {
+	community := s.setUpCommunityAndRoles()
+
+	// admin tries to kick the owner
+	_, err := s.admin.RemoveUserFromCommunity(
+		community.ID(),
+		common.PubkeyToHex(&s.admin.identity.PublicKey),
+	)
+	s.Require().Error(err)
+	s.Require().EqualError(err, "not allowed to remove admin or owner")
+}
+
 func (s *AdminMessengerCommunitiesSuite) TestAdminKickMember() {
 	community := s.setUpCommunityAndRoles()

@ -638,6 +650,20 @@ func (s *AdminMessengerCommunitiesSuite) TestAdminKickMember() {
 	s.adminKickAlice(community.ID(), common.PubkeyToHex(&s.alice.identity.PublicKey))
 }

+func (s *AdminMessengerCommunitiesSuite) TestAdminBanAdmin() {
+	community := s.setUpCommunityAndRoles()
+
+	// verify that admin can't ban an admin
+	_, err := s.admin.BanUserFromCommunity(
+		&requests.BanUserFromCommunity{
+			CommunityID: community.ID(),
+			User:        common.PubkeyToHexBytes(&s.admin.identity.PublicKey),
+		},
+	)
+	s.Require().Error(err)
+	s.Require().EqualError(err, "not allowed to ban admin or owner")
+}
+
 func (s *AdminMessengerCommunitiesSuite) TestAdminBanUnbanMember() {
 	community := s.setUpCommunityAndRoles()