jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

groups: only the local groups of a user can be set

Browse Source
This commit is contained in:
Girish Ramakrishnan
2024-02-28 15:55:54 +01:00
parent e26f71b603
commit 18a680a85b
4 changed files with 34 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/users.js
+3 -3
View File
@@ -12,7 +12,7 @@ exports = module.exports = {
setPassword,
verifyPassword,
setGroups,
setLocalGroups,
setGhost,
getPasswordResetLink,
@@ -190,14 +190,14 @@ async function disableTwoFactorAuthentication(req, res, next) {
next(new HttpSuccess(200, {}));
}
async function setGroups(req, res, next) {
async function setLocalGroups(req, res, next) {
assert.strictEqual(typeof req.body, 'object');
assert.strictEqual(typeof req.resource, 'object');
if (!Array.isArray(req.body.groupIds)) return next(new HttpError(400, 'API call requires a groups array.'));
if (users.compareRoles(req.user.role, req.resource.role) < 0) return next(new HttpError(403, `role '${req.resource.role}' is required but user has only '${req.user.role}'`));
const [error] = await safe(groups.setMembership(req.resource, req.body.groupIds));
const [error] = await safe(groups.setLocalMembership(req.resource, req.body.groupIds));
if (error) return next(BoxError.toHttpError(error));
next(new HttpSuccess(204));