63 lines
2.9 KiB
JavaScript
63 lines
2.9 KiB
JavaScript
/*Canopy - The next generation of stoner streaming software
|
|
Copyright (C) 2024 Rainbownapkin and the TTN Community
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU Affero General Public License as
|
|
published by the Free Software Foundation, either version 3 of the
|
|
License, or (at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU Affero General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Affero General Public License
|
|
along with this program. If not, see <https://www.gnu.org/licenses/>.*/
|
|
|
|
//npm imports
|
|
const {validationResult, matchedData} = require('express-validator');
|
|
|
|
//local imports
|
|
const {exceptionHandler, errorHandler} = require('../../../utils/loggerUtils');
|
|
const permissionModel = require('../../../schemas/permissionSchema');
|
|
const {userModel} = require('../../../schemas/userSchema');
|
|
|
|
//api change rank functions
|
|
module.exports.post = async function(req, res){
|
|
try{
|
|
//Get validation results
|
|
const validResult = validationResult(req);
|
|
|
|
//If we don't have any validation errors
|
|
if(validResult.isEmpty()){
|
|
//get validated/sanatized data and use it to find our user from the Database.
|
|
const data = matchedData(req);
|
|
const userDB = await userModel.findOne({user: data.user});
|
|
|
|
if(userDB == null){
|
|
//If the user is null, scream and shout
|
|
return errorHandler(res, 'User not found.', 'Bad Query');
|
|
}else if(userDB.user == req.session.user.user){
|
|
//If some smart-ass is trying self-privelege escalation
|
|
return errorHandler(res, "No, you can't change your own rank, fuck off.", 'Unauthorized', 401);
|
|
}else if(permissionModel.rankToNum(data.rank) >= permissionModel.rankToNum(req.session.user.rank)){
|
|
//If the user is below the new rank of the user they're setting, scream and shout
|
|
return errorHandler(res, "New rank must be below that of the user changing it.", 'Unauthorized', 401);
|
|
}else if(permissionModel.rankToNum(userDB.rank) >= permissionModel.rankToNum(req.session.user.rank)){
|
|
//If the user is below the original rank of the user they're setting, scream and shout
|
|
return errorHandler(res, "You cannot promote/demote peer/outranking users.", 'Unauthorized', 401);
|
|
}
|
|
|
|
userDB.rank = data.rank;
|
|
await userDB.save();
|
|
|
|
res.status(200);
|
|
return res.send({user: userDB.user, id: userDB.id, rank: userDB.rank});
|
|
}else{
|
|
res.status(400);
|
|
res.send({errors: validResult.array()})
|
|
}
|
|
}catch(err){
|
|
return exceptionHandler(res, err);
|
|
}
|
|
} |