From e67d75d593213194f94ae63a625fa8ed4ca172e6 Mon Sep 17 00:00:00 2001
From: Pierre HUBERT <pierre.git@communiquons.org>
Date: Fri, 27 Dec 2019 10:52:59 +0100
Subject: [PATCH] Can update the membership of the member of a group

---
 src/controllers/GroupsController.ts | 36 ++++++++++++++++++++++++++++-
 src/controllers/Routes.ts           |  2 ++
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/src/controllers/GroupsController.ts b/src/controllers/GroupsController.ts
index 2e11bb1..de7e273 100644
--- a/src/controllers/GroupsController.ts
+++ b/src/controllers/GroupsController.ts
@@ -411,7 +411,6 @@ export class GroupsController {
 			h.error(401, "You are the last administrator of this group!");
 		
 		
-		// TODO : validate this check
 		// Only administrator can delete members that are more than member (moderators & administrators)
 		if(membership.level < GroupMembershipLevels.MEMBER && currUserMembership.level != GroupMembershipLevels.ADMINISTRATOR)
 			h.error(401, "Only an administrator can delete this membership!");
@@ -424,6 +423,41 @@ export class GroupsController {
 		h.success("Membership of the user has been successfully deleted!");
 	}
 
+	/**
+	 * Update a user membership
+	 * 
+	 * @param h Request handler
+	 */
+	public static async UpdateMembership(h: RequestHandler) {
+		
+		// Get information about the target
+		const groupID = await h.postGroupIDWithAccess("groupID", GroupsAccessLevel.ADMIN_ACCESS);
+		const userID = await h.postUserId("userID");
+
+		if(userID == h.getUserId())
+			h.error(400, "You can not update your own membership!");
+		
+		// Get current user membership
+		const level = await GroupsHelper.GetMembershipLevel(groupID, userID);
+		
+		// Check if user is at least a member of the group
+		if(level > GroupMembershipLevels.MEMBER)
+			h.error(401, "This user is not a member of the group!");
+		
+		// Get the new membership of the user
+		const membershipKey = findKey(GROUPS_MEMBERSHIP_LEVELS, h.postString("level", 3));
+		if(membershipKey == null)
+			h.error(400, "New user membership level not recognized!");
+		const newLevel = <GroupMembershipLevels>Number(membershipKey);
+		
+		if(newLevel > GroupMembershipLevels.MEMBER)
+			h.error(401, "You can not assign this visibility level to a group member!");
+		
+		await GroupsHelper.UpdateMembershipLevel(groupID, userID, newLevel);
+
+		h.success("User membership has been successfully updated!");
+	}
+
 	/**
 	 * Turn a GroupInfo object into a valid API object
 	 * 
diff --git a/src/controllers/Routes.ts b/src/controllers/Routes.ts
index 16cca0f..1dbcfb7 100644
--- a/src/controllers/Routes.ts
+++ b/src/controllers/Routes.ts
@@ -116,4 +116,6 @@ export const Routes : Route[] = [
 	{path: "/groups/cancel_request", cb: (h) => GroupsController.CancelRequest(h)},
 
 	{path: "/groups/delete_member", cb: (h) => GroupsController.DeleteMember(h)},
+
+	{path: "/groups/update_membership_level", cb: (h) => GroupsController.UpdateMembership(h)},
 ]
\ No newline at end of file