feat(writeapi): added group joining and deletion

src/controllers/write/groups.js

@@ -1,7 +1,9 @@
 'use strict';
 
+const user = require('../../user');
 const groups = require('../../groups');
 const events = require('../../events');
+const meta = require('../../meta');
 
 const helpers = require('../helpers');
 
@@ -26,6 +28,66 @@ Groups.create = async (req, res) => {
 	});
 };
 
+Groups.delete = async (req, res) => {
+	const group = await groups.getByGroupslug(req.params.slug, {
+		uid: req.user.uid,
+	});
+
+	if (groups.ephemeralGroups.includes(group.slug)) {
+		throw new Error('[[error:not-allowed]]');
+	}
+
+	if (group.system || (!group.isOwner && !res.locals.privileges.isAdmin && !res.locals.privileges.isGmod)) {
+		throw new Error('[[error:no-privileges]]');
+	}
+
+	await groups.destroy(group.name);
+	helpers.formatApiResponse(200, res);
+	logGroupEvent(req, 'group-delete', {
+		groupName: group.name,
+	});
+};
+
+Groups.join = async (req, res) => {
+	const group = await groups.getByGroupslug(req.params.slug, {
+		uid: req.params.uid,
+	});
+	const [isCallerOwner, userExists] = await Promise.all([
+		groups.ownership.isOwner(req.user.uid, group.name),
+		user.exists(req.user.uid),
+	]);
+
+	if (group.isMember) {
+		// No change
+		return helpers.formatApiResponse(200, res);
+	} else if (!userExists) {
+		throw new Error('[[error:invalid-uid]]');
+	}
+
+	// console.log(res.locals.privileges);
+	// return res.sendStatus(200);
+
+	if (!res.locals.privileges.isAdmin) {
+		// Admin and privilege groups unjoinable client-side
+		if (group.name === 'administrators' || groups.isPrivilegeGroup(group.name)) {
+			throw new Error('[[error:not-allowed]]');
+		}
+
+		if (!isCallerOwner && parseInt(meta.config.allowPrivateGroups, 10) !== 0 && group.private) {
+			await groups.requestMembership(group.name, req.params.uid);
+		} else {
+			await groups.join(group.name, req.params.uid);
+		}
+	} else {
+		await groups.join(group.name, req.params.uid);
+	}
+
+	helpers.formatApiResponse(200, res);
+	logGroupEvent(req, 'group-join', {
+		groupName: group.name,
+	});
+};
+
 function logGroupEvent(req, event, additional) {
 	events.log({
 		type: event,

src/groups/index.js

@@ -190,6 +190,7 @@ Groups.getOwnersAndMembers = async function (groupName, uid, start, stop) {
 };
 
 Groups.getByGroupslug = async function (slug, options) {
+	options = options || {};
 	const groupName = await db.getObjectField('groupslug:groupname', slug);
 	if (!groupName) {
 		throw new Error('[[error:no-group]]');

src/middleware/assert.js

@@ -0,0 +1,20 @@
+'use strict';
+
+/**
+ * The middlewares here strictly act to "assert" validity of the incoming
+ * payload and throw an error otherwise.
+ */
+
+const groups = require('../groups');
+
+module.exports = function (middleware) {
+	middleware.assertGroup = async (req, res, next) => {
+		const name = await groups.getGroupNameByGroupSlug(req.params.slug);
+		const exists = await groups.exists(name);
+		if (!exists) {
+			throw new Error('[[error:no-group]]');
+		}
+
+		next();
+	};
+};

src/middleware/index.js

@@ -60,6 +60,7 @@ require('./maintenance')(middleware);
 require('./user')(middleware);
 require('./headers')(middleware);
 require('./expose')(middleware);
+require('./assert')(middleware);
 
 middleware.stripLeadingSlashes = function stripLeadingSlashes(req, res, next) {
 	var target = req.originalUrl.replace(nconf.get('relative_path'), '');

src/routes/write/groups.js

@@ -11,33 +11,8 @@ module.exports = function () {
 	const middlewares = [middleware.authenticate];
 
 	setupApiRoute(router, '/', middleware, [...middlewares, middleware.checkRequired.bind(null, ['name']), middleware.exposePrivilegeSet], 'post', controllers.write.groups.create);
-	// setupApiRoute(router, '/:slug', middleware, [...middlewares, middleware.exposePrivilegeSet], 'delete', controllers.write.groups.delete);
-
-	// app.delete('/:slug', apiMiddleware.requireUser, middleware.exposeGroupName, apiMiddleware.validateGroup, apiMiddleware.requireGroupOwner, function(req, res) {
-	// 	Groups.destroy(res.locals.groupName, function(err) {
-	// 		errorHandler.handle(err, res);
-	// 	});
-	// });
-
-	// app.put('/:slug/membership', apiMiddleware.requireUser, middleware.exposeGroupName, apiMiddleware.validateGroup, function(req, res) {
-	// 	if (Meta.config.allowPrivateGroups !== '0') {
-	// 		Groups.isPrivate(res.locals.groupName, function(err, isPrivate) {
-	// 			if (isPrivate) {
-	// 				Groups.requestMembership(res.locals.groupName, req.user.uid, function(err) {
-	// 					errorHandler.handle(err, res);
-	// 				});
-	// 			} else {
-	// 				Groups.join(res.locals.groupName, req.user.uid, function(err) {
-	// 					errorHandler.handle(err, res);
-	// 				});
-	// 			}
-	// 		});
-	// 	} else {
-	// 		Groups.join(res.locals.groupName, req.user.uid, function(err) {
-	// 			errorHandler.handle(err, res);
-	// 		});
-	// 	}
-	// });
+	setupApiRoute(router, '/:slug', middleware, [...middlewares, middleware.assertGroup, middleware.exposePrivileges], 'delete', controllers.write.groups.delete);
+	setupApiRoute(router, '/:slug/membership/:uid', middleware, [...middlewares, middleware.assertGroup, middleware.exposePrivileges], 'put', controllers.write.groups.join);
 
 	// app.put('/:slug/membership/:uid', middleware.exposeGroupName, apiMiddleware.validateGroup, apiMiddleware.requireUser, apiMiddleware.requireAdmin, function(req, res) {
 	// 	Groups.join(res.locals.groupName, req.params.uid, function(err) {

src/socket.io/admin/groups.js

@@ -24,6 +24,8 @@ Groups.create = async function (socket, data) {
 };
 
 Groups.join = async (socket, data) => {
+	sockets.warnDeprecated(socket, 'PUT /api/v1/groups/:slug/membership/:uid');
+
 	if (!data) {
 		throw new Error('[[error:invalid-data]]');
 	}

src/socket.io/groups.js

@@ -19,6 +19,8 @@ SocketGroups.before = async (socket, method, data) => {
 };
 
 SocketGroups.join = async (socket, data) => {
+	sockets.warnDeprecated(socket, 'PUT /api/v1/groups/:slug/membership/:uid');
+
 	if (socket.uid <= 0) {
 		throw new Error('[[error:invalid-uid]]');
 	}