fix: admins are not allowed to kick or ban other admins

This commit is contained in:
Pascal Precht 2023-06-23 09:02:12 +02:00 committed by r4bbit
parent da2f155f2d
commit a8678575a7
4 changed files with 36 additions and 8 deletions

View File

@ -795,8 +795,8 @@ func (o *Community) RemoveUserFromOrg(pk *ecdsa.PublicKey) (*protobuf.CommunityD
return nil, ErrNotAdmin return nil, ErrNotAdmin
} }
if o.IsMemberOwner(pk) { if o.IsAdmin() && o.IsMemberOwnerOrAdmin(pk) {
return nil, ErrNotOwner return nil, ErrCannotRemoveOwnerOrAdmin
} }
o.removeMemberFromOrg(pk) o.removeMemberFromOrg(pk)
@ -839,8 +839,8 @@ func (o *Community) BanUserFromCommunity(pk *ecdsa.PublicKey) (*protobuf.Communi
return nil, ErrNotAdmin return nil, ErrNotAdmin
} }
if o.IsMemberOwner(pk) { if o.IsAdmin() && o.IsMemberOwnerOrAdmin(pk) {
return nil, ErrNotOwner return nil, ErrCannotBanOwnerOrAdmin
} }
o.banUserFromCommunity(pk) o.banUserFromCommunity(pk)

View File

@ -314,8 +314,8 @@ func (o *Community) PatchCommunityDescriptionByAdminEvent(adminEvent *protobuf.C
return nil, err return nil, err
} }
if copy.IsMemberOwner(pk) { if copy.IsMemberOwnerOrAdmin(pk) {
return nil, errors.New("attempt to kick an owner of the community from the admin side") return nil, errors.New("attempt to kick an owner or admin of the community from the admin side")
} }
copy.removeMemberFromOrg(pk) copy.removeMemberFromOrg(pk)
@ -326,8 +326,8 @@ func (o *Community) PatchCommunityDescriptionByAdminEvent(adminEvent *protobuf.C
return nil, err return nil, err
} }
if copy.IsMemberOwner(pk) { if copy.IsMemberOwnerOrAdmin(pk) {
return nil, errors.New("attempt to ban an owner of the community from the admin side") return nil, errors.New("attempt to ban an owner or admin of the community from the admin side")
} }
copy.banUserFromCommunity(pk) copy.banUserFromCommunity(pk)

View File

@ -37,3 +37,5 @@ var ErrNoPermissionToJoin = errors.New("member has no permission to join")
var ErrMemberWalletAlreadyExists = errors.New("member wallet already exists") var ErrMemberWalletAlreadyExists = errors.New("member wallet already exists")
var ErrMemberWalletNotFound = errors.New("member wallet not found") var ErrMemberWalletNotFound = errors.New("member wallet not found")
var ErrNotEnoughPermissions = errors.New("not enough permissions for this community") var ErrNotEnoughPermissions = errors.New("not enough permissions for this community")
var ErrCannotRemoveOwnerOrAdmin = errors.New("not allowed to remove admin or owner")
var ErrCannotBanOwnerOrAdmin = errors.New("not allowed to ban admin or owner")

View File

@ -625,6 +625,18 @@ func (s *AdminMessengerCommunitiesSuite) TestAdminReorderChannelsAndCategories()
s.adminReorderChannel(&reorderChatRequest) s.adminReorderChannel(&reorderChatRequest)
} }
func (s *AdminMessengerCommunitiesSuite) TestAdminKickAdmin() {
community := s.setUpCommunityAndRoles()
// admin tries to kick the owner
_, err := s.admin.RemoveUserFromCommunity(
community.ID(),
common.PubkeyToHex(&s.admin.identity.PublicKey),
)
s.Require().Error(err)
s.Require().EqualError(err, "not allowed to remove admin or owner")
}
func (s *AdminMessengerCommunitiesSuite) TestAdminKickMember() { func (s *AdminMessengerCommunitiesSuite) TestAdminKickMember() {
community := s.setUpCommunityAndRoles() community := s.setUpCommunityAndRoles()
@ -638,6 +650,20 @@ func (s *AdminMessengerCommunitiesSuite) TestAdminKickMember() {
s.adminKickAlice(community.ID(), common.PubkeyToHex(&s.alice.identity.PublicKey)) s.adminKickAlice(community.ID(), common.PubkeyToHex(&s.alice.identity.PublicKey))
} }
func (s *AdminMessengerCommunitiesSuite) TestAdminBanAdmin() {
community := s.setUpCommunityAndRoles()
// verify that admin can't ban an admin
_, err := s.admin.BanUserFromCommunity(
&requests.BanUserFromCommunity{
CommunityID: community.ID(),
User: common.PubkeyToHexBytes(&s.admin.identity.PublicKey),
},
)
s.Require().Error(err)
s.Require().EqualError(err, "not allowed to ban admin or owner")
}
func (s *AdminMessengerCommunitiesSuite) TestAdminBanUnbanMember() { func (s *AdminMessengerCommunitiesSuite) TestAdminBanUnbanMember() {
community := s.setUpCommunityAndRoles() community := s.setUpCommunityAndRoles()