Added !kick command. Updated perm check logic on chan ban to match.

2024-12-29 03:45:06 -05:00 · 2024-12-29 03:45:06 -05:00 · 2ea3c72a61
commit 2ea3c72a61
parent ac8d789edb
4 changed files with 157 additions and 7 deletions
--- a/src/controllers/api/channel/banController.js
+++ b/src/controllers/api/channel/banController.js
@ -60,18 +60,47 @@ module.exports.post = async function(req, res){
            const targetDB = await userModel.findOne({user});
            const chanDB = await channelModel.findOne({name: chanName});

-            const initiatorRank = await chanDB.getChannelRankByUserDoc(initiatorDB);
-            const targetRank = await chanDB.getChannelRankByUserDoc(targetDB);
+            //get initiator and target override abilities
+            const override = await permissionModel.overrideCheckByUserDoc(initiatorDB, 'banUser');
+            const targetOverride = await permissionModel.overrideCheckByUserDoc(targetDB, 'banUser');

+            //Get channel ranks
+            const initiatorChanRank = await chanDB.getChannelRankByUserDoc(initiatorDB);
+            const targetChanRank = await chanDB.getChannelRankByUserDoc(targetDB);
+
+            //If we're targeting a null user
            if(targetDB == null){
                //If the user is null, scream and shout
                return errorHandler(res, `User not found.`, 'Bad Query', 400);
+            //if self ban
            }else if(targetDB.user == req.session.user.user){
                //If some smart-ass is trying to self-ban
                return errorHandler(res, `Keep it up, maybe I will ban you!`, 'Unauthorized', 401);
-            }else if(permissionModel.rankToNum(targetRank) >= permissionModel.rankToNum(initiatorRank)){
-                //If the user is trying to ban a peer/outranking user
-                return errorHandler(res, 'You cannot ban peer/outranking users', 'Unauthorized', 401);
+            //otherwise
+            }else{
+                //If someone involved has the ability to override
+                if(override || targetOverride){
+                    //If the site rank is equal
+                    if(permissionModel.rankToNum(initiatorDB.rank) == permissionModel.rankToNum(targetDB.rank)){
+                        //compare chan rank
+                        if(permissionModel.rankToNum(initiatorChanRank) <= permissionModel.rankToNum(targetChanRank)){
+                            //error out over bad chan rank
+                            return errorHandler(res, 'You cannot ban peer/outranking users', 'Unauthorized', 401);
+                        }
+                    //otherwise
+                    }else{
+                        //compare site rank
+                        if(permissionModel.rankToNum(initiatorDB.rank) <= permissionModel.rankToNum(targetDB.rank)){
+                            //shame the person running it
+                            return errorHandler(res, 'You cannot ban this user due to site-wide permissions override policies.', 'Unauthorized', 401);
+                        }
+                    }
+                }else{
+                    if(permissionModel.rankToNum(targetChanRank) >= permissionModel.rankToNum(initiatorChanRank)){
+                        //If the user is trying to ban a peer/outranking user
+                        return errorHandler(res, 'You cannot ban peer/outranking users', 'Unauthorized', 401);
+                    }
+                }
            }

            await chanDB.banByUserDoc(targetDB, expirationDays, banAlts);