Add new permission to ensure a user has the right to accept/refuse a … (#306)

Wardormeur · web-flow · commit 08bded26c169 · 2019-04-11T10:33:49.000+01:00
* Add new permission to ensure a user has the right to accept/refuse a membership request

* Add missing quote to the example command
diff --git a/lib/users/can-accept-join-request.js b/lib/users/can-accept-join-request.js
@@ -0,0 +1,35 @@
+'use strict';
+var _ = require('lodash');
+
+/**
+ * @param {Object} user
+ * @param {String} requestId
+ * @example curl http://localhost:10303/act -H "Content-type: application/json" --data-binary '{"role": "cd-users", "cmd":"can_accept_join_request", "params":{"requestId": "xxxx"}, "user": { "id": "xxxxx" }}'
+ */
+function canAcceptJoinRequest (args, cb) {
+  var seneca = this;
+  var plugin = args.role;
+  var userId = args.user.id;
+  var requestId = args.params.requestId; 
+  var membershipRequest = null;
+  if (_.isUndefined(requestId)) {
+    requestId = args.params.id;
+  }
+  // Could check upon profile, but seems like an overkill to me
+  seneca.act({ role: 'cd-users', domain: 'join_requests', cmd: 'search', query: { id: requestId } }, (err, res) => {
+    if (err) return cb(null, { allowed: false }); // Force the authorisation to return falsy
+    if (res.length === 1) {
+      membershipRequest = res[0];
+      seneca.act({ role: 'cd-dojos', cmd: 'have_permissions_on_dojo', params: { dojoId: membershipRequest.dojoId }, user: args.user, perm: 'dojo-admin' }, (err, res) => {
+        if (err) return cb(null, { allowed: false }); 
+        return cb(null, { allowed: res.allowed });
+      });
+    } else {
+      // More than one result for a single id
+      // That's not supposed to happen..
+      return cb(null, { allowed: false });
+    }
+  });
+}
+
+module.exports = canAcceptJoinRequest;
diff --git a/users.js b/users.js
@@ -38,6 +38,7 @@ module.exports = function (options) {
   seneca.add({role: plugin, cmd: 'kpi_number_of_youth_females_registered'}, cmd_kpi_number_of_youth_females_registered);
   seneca.add({role: plugin, cmd: 'is_self'}, require('./lib/users/is-self'));
   seneca.add({role: plugin, cmd: 'is_parent_of'}, require('./lib/users/is-parent-of'));
+  seneca.add({role: plugin, cmd: 'can_accept_join_request'}, require('./lib/users/can-accept-join-request'));
   seneca.add({role: plugin, ctrl: 'user', cmd: 'load'}, require('./lib/controllers/users/load'));
   //  LMS Integration
   seneca.add({role: plugin, cmd: 'get_lms_link'}, require('./lib/users/lms/get-lms-link'));
