Prevent user from blocking himself - fixes #9097 (#9194)

* Added check - user can't block himself

* removed exclusive test

test/common/ops/blockUser.test.js

@@ -25,6 +25,15 @@ describe('shared.ops.blockUser', () => {
     }
   });
 
+  it('validates user can\'t block himself', (done) => {
+    try {
+      blockUser(user, { params: { uuid: user._id } });
+    } catch (error) {
+      expect(error.message).to.eql(i18n.t('blockYourself'));
+      done();
+    }
+  });
+
   it('blocks user', () => {
     let [result] = blockUser(user, { params: { uuid: blockedUser._id } });
     expect(user.inbox.blocks).to.eql([blockedUser._id]);

website/common/locales/en_GB/contrib.json

@@ -52,6 +52,7 @@
     "pageMustBeNumber": "req.query.page must be a number",
     "userNotFound": "User not found.",
     "invalidUUID": "UUID must be valid",
+    "blockYourself": "You can't block yourself!",
     "title": "Title",
     "moreDetails": "More details (1-7)",
     "moreDetails2": "more details (8-9)",

website/common/script/ops/blockUser.js

@@ -6,6 +6,7 @@ import {
 
 module.exports = function blockUser (user, req = {}) {
   if (!validator.isUUID(req.params.uuid)) throw new BadRequest(i18n.t('invalidUUID', req.language));
+  if (req.params.uuid === user._id) throw new BadRequest(i18n.t('blockYourself', req.language));
 
   let i = user.inbox.blocks.indexOf(req.params.uuid);
   if (i === -1) {