Can update the membership of the member of a group

2025-10-30 17:14:43 +00:00 · 2019-12-27 10:52:59 +01:00
parent d44ad71510
commit e67d75d593
2 changed files with 37 additions and 1 deletions
--- a/src/controllers/GroupsController.ts
+++ b/src/controllers/GroupsController.ts
@@ -411,7 +411,6 @@ export class GroupsController {
 			h.error(401, "You are the last administrator of this group!");
 		
 		
-		// TODO : validate this check
 		// Only administrator can delete members that are more than member (moderators & administrators)
 		if(membership.level < GroupMembershipLevels.MEMBER && currUserMembership.level != GroupMembershipLevels.ADMINISTRATOR)
 			h.error(401, "Only an administrator can delete this membership!");
@@ -424,6 +423,41 @@ export class GroupsController {
 		h.success("Membership of the user has been successfully deleted!");
 	}

+	/**
+	 * Update a user membership
+	 * 
+	 * @param h Request handler
+	 */
+	public static async UpdateMembership(h: RequestHandler) {
+		
+		// Get information about the target
+		const groupID = await h.postGroupIDWithAccess("groupID", GroupsAccessLevel.ADMIN_ACCESS);
+		const userID = await h.postUserId("userID");
+
+		if(userID == h.getUserId())
+			h.error(400, "You can not update your own membership!");
+		
+		// Get current user membership
+		const level = await GroupsHelper.GetMembershipLevel(groupID, userID);
+		
+		// Check if user is at least a member of the group
+		if(level > GroupMembershipLevels.MEMBER)
+			h.error(401, "This user is not a member of the group!");
+		
+		// Get the new membership of the user
+		const membershipKey = findKey(GROUPS_MEMBERSHIP_LEVELS, h.postString("level", 3));
+		if(membershipKey == null)
+			h.error(400, "New user membership level not recognized!");
+		const newLevel = <GroupMembershipLevels>Number(membershipKey);
+		
+		if(newLevel > GroupMembershipLevels.MEMBER)
+			h.error(401, "You can not assign this visibility level to a group member!");
+		
+		await GroupsHelper.UpdateMembershipLevel(groupID, userID, newLevel);
+
+		h.success("User membership has been successfully updated!");
+	}
+
 	/**
 	 * Turn a GroupInfo object into a valid API object
 	 * 
--- a/src/controllers/Routes.ts
+++ b/src/controllers/Routes.ts
@@ -116,4 +116,6 @@ export const Routes : Route[] = [
 	{path: "/groups/cancel_request", cb: (h) => GroupsController.CancelRequest(h)},

 	{path: "/groups/delete_member", cb: (h) => GroupsController.DeleteMember(h)},
+
+	{path: "/groups/update_membership_level", cb: (h) => GroupsController.UpdateMembership(h)},
 ]