From af059b6fc6f5b31b747652220c2221605d2ea726 Mon Sep 17 00:00:00 2001 From: Adolfo Reyna Date: Tue, 7 Feb 2023 13:40:18 -0500 Subject: [PATCH] restric newsOnly groups from posting --- dbTools/profile.js | 6 ++++++ routes/post.js | 9 ++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/dbTools/profile.js b/dbTools/profile.js index f4f3240..106862c 100644 --- a/dbTools/profile.js +++ b/dbTools/profile.js @@ -352,6 +352,12 @@ userDB = (DB) => { return g ? g.isPrivate : false; } + DB.isGroupNewsOnly = async (groupid) => { + if(userProfileCache[groupid]) return userProfileCache[groupid].newsOnly; + let g = await DB.getGroup(groupid); + return g ? g.newsOnly : false; + } + DB.isOwnerOfGroup = async (profileid, groupid) => { let profile = await DB.getProfileCache(profileid); let group = userProfileCache[groupid] ? userProfileCache[groupid] : await DB.getGroup(groupid); diff --git a/routes/post.js b/routes/post.js index 262fbda..6ee4e83 100644 --- a/routes/post.js +++ b/routes/post.js @@ -141,7 +141,9 @@ DB.getDB.then((DB) => { profileid: getProfileId(req), ...req.body } - if (post.toProfile && await DB.isGroupPrivate(post.toProfile)) { + const isGroupPrivate = await DB.isGroupPrivate(post.toProfile); + const isGroupNewsOnly = await DB.isGroupNewsOnly(post.toProfile); + if (post.toProfile && isGroupPrivate) { let requestProfile = getProfileId(req) + ""; let group = await DB.getProfileCache(post.toProfile); if (!group.subscribed[requestProfile] && group._id != requestProfile) { @@ -150,6 +152,11 @@ DB.getDB.then((DB) => { }); } } + if (post.toProfile && isGroupNewsOnly) { + return res.json({ + status: "This is a news only group, only the admin can post", + }); + } post.toProfile = post.toProfile ? DB.ObjectID(post.toProfile) : undefined; let postObj = new Post(post); let dbr = await DB.newPost(postObj);