rainbownapkin/canopy
1
0
Fork 0
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity Actions

Added rankfighting to ban.

Browse source
This commit is contained in:
rainbow napkin 2024-12-02 19:50:26 -05:00
parent b138b26f27
commit ef4894e409
6 changed files with 41 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/controllers/api/admin/banController.js
View file

@ -19,6 +19,7 @@ const {validationResult, matchedData} = require('express-validator');
//local imports
const banModel = require('../../../schemas/userBanSchema');
const permissionModel = require('../../../schemas/permissionSchema');
const {userModel} = require('../../../schemas/userSchema');
const {exceptionHandler} = require('../../../utils/loggerUtils');
@ -43,8 +44,17 @@ module.exports.post = async function(req, res){
const userDB = await userModel.findOne({user});
if(userDB == null){
//If the user is null, scream and shout
res.status(400);
return res.send({errors:[{type: "Bad Query", msg: "User not found.", date: new Date()}]});
}else if(userDB.user == req.session.user.user){
//If some smart-ass is trying self-privelege escalation
res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "Keep it up, maybe I will ban you!", date: new Date()}]});
}else if(permissionModel.rankToNum(userDB.rank) >= permissionModel.rankToNum(req.session.user.rank)){
//If the user is below the original rank of the user they're setting, scream and shout
res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "You cannot ban peer/outranking users.", date: new Date()}]});
}
await banModel.banByUserDoc(userDB, permanent, expirationDays);

14
src/controllers/api/admin/changeRankController.js
View file

@ -32,13 +32,13 @@ module.exports.post = async function(req, res){
if(validResult.isEmpty()){
//get validated/sanatized data and use it to find our user from the Database.
const data = matchedData(req);
const user = await userModel.findOne({user: data.user});
const userDB = await userModel.findOne({user: data.user});
if(user == null){
if(userDB == null){
//If the user is null, scream and shout
res.status(400);
res.send({errors:[{type: "Bad Query", msg: "User not found.", date: new Date()}]});
}else if(user.user == req.session.user.user){
}else if(userDB.user == req.session.user.user){
//If some smart-ass is trying self-privelege escalation
res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "No, you can't change your own rank. Fuck off.", date: new Date()}]});
@ -46,17 +46,17 @@ module.exports.post = async function(req, res){
//If the user is below the new rank of the user they're setting, scream and shout
res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "New rank must be below that of the user changing it.", date: new Date()}]});
}else if(permissionModel.rankToNum(user.rank) >= permissionModel.rankToNum(req.session.user.rank)){
}else if(permissionModel.rankToNum(userDB.rank) >= permissionModel.rankToNum(req.session.user.rank)){
//If the user is below the original rank of the user they're setting, scream and shout
res.status(401);
return res.send({errors:[{type: "Unauthorized", msg: "You cannot promote/demote peer/outranking users.", date: new Date()}]});
}
user.rank = data.rank;
await user.save();
userDB.rank = data.rank;
await userDB.save();
res.status(200);
return res.send({user: user.user, id: user.id, rank: user.rank});
return res.send({user: userDB.user, id: userDB.id, rank: userDB.rank});
}else{
res.status(400);
res.send({errors: validResult.array()})