jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

do not allow removing the admin group

Browse Source
This commit is contained in:
Johannes Zellner
2016-02-13 12:24:51 +01:00
parent 63cab7d751
commit 754e33af2a
3 changed files with 24 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/groups.js
+4 -1
View File
@@ -53,6 +53,7 @@ GroupError.ALREADY_EXISTS = 'Already Exists';
GroupError.NOT_FOUND = 'Not Found';
GroupError.BAD_NAME = 'Bad name';
GroupError.NOT_EMPTY = 'Not Empty';
GroupError.NOT_ALLOWED = 'Not Allowed';
function validateGroupname(name) {
assert.strictEqual(typeof name, 'string');
@@ -87,9 +88,11 @@ function remove(id, callback) {
assert.strictEqual(typeof id, 'string');
assert.strictEqual(typeof callback, 'function');
// never allow admin group to be deleted
if (id === exports.ADMIN_GROUP_ID) return callback(new GroupError(GroupError.NOT_ALLOWED));
groupdb.del(id, function (error) {
if (error && error.reason === DatabaseError.NOT_FOUND) return callback(new GroupError(GroupError.NOT_FOUND));
if (error && error.reason === DatabaseError.IN_USE) return callback(new GroupError(GroupError.NOT_EMPTY));
if (error) return callback(new GroupError(GroupError.INTERNAL_ERROR, error));
callback(null);
src/routes/groups.js
+1 -1
View File
@@ -59,7 +59,7 @@ function remove(req, res, next) {
groups.remove(req.params.groupId, function (error) {
if (error && error.reason === GroupError.NOT_FOUND) return next(new HttpError(404, 'Group not found'));
if (error && error.reason === GroupError.NOT_EMPTY) return next(new HttpError(409, 'Group not empty'));
if (error && error.reason === GroupError.NOT_ALLOWED) return next(new HttpError(409, 'Group deletion not allowed'));
if (error) return next(new HttpError(500, error));
next(new HttpSuccess(204));
src/test/groups-test.js
+19 -1
View File
@@ -58,7 +58,7 @@ describe('Groups', function () {
});
it('cannot create group - too big', function (done) {
groups.create(Array(256).join('a'), function (error) {
groups.create(new Array(256).join('a'), function (error) {
expect(error.reason).to.be(GroupError.BAD_NAME);
done();
});
@@ -275,3 +275,21 @@ describe('Set user groups', function () {
});
});
});
describe('Admin group', function () {
before(function (done) {
async.series([
setup,
userdb.add.bind(null, USER_0.id, USER_0)
], done);
});
after(cleanup);
it('cannot delete admin group ever', function (done) {
groups.remove(groups.ADMIN_GROUP_ID, function (error) {
expect(error.reason).to.equal(GroupError.NOT_ALLOWED);
done();
});
});
});