Ensured admin can always PM user (#9653)

* Ensured admin can always PM user * Fixed lint issues * Updated admin check and removed async * Removed console log
2025-12-17 14:47:53 +01:00 · 2017-12-11 11:48:17 -06:00
parent 2dfcda068b
commit 2570c59130
3 changed files with 58 additions and 1 deletions
--- a/test/api/v3/integration/members/POST-send_private_message.test.js
+++ b/test/api/v3/integration/members/POST-send_private_message.test.js
@@ -118,4 +118,56 @@ describe('POST /members/send-private-message', () => {
    expect(sendersMessageInReceiversInbox).to.exist;
    expect(sendersMessageInSendersInbox).to.exist;
  });
+
+  it('allows admin to send when sender has blocked the admin', async () => {
+    userToSendMessage = await generateUser({
+      'contributor.admin': 1,
+    });
+    const receiver = await generateUser({'inbox.blocks': [userToSendMessage._id]});
+
+    await userToSendMessage.post('/members/send-private-message', {
+      message: messageToSend,
+      toUserId: receiver._id,
+    });
+
+    const updatedReceiver = await receiver.get('/user');
+    const updatedSender = await userToSendMessage.get('/user');
+
+    const sendersMessageInReceiversInbox = _.find(updatedReceiver.inbox.messages, (message) => {
+      return message.uuid === userToSendMessage._id && message.text === messageToSend;
+    });
+
+    const sendersMessageInSendersInbox = _.find(updatedSender.inbox.messages, (message) => {
+      return message.uuid === receiver._id && message.text === messageToSend;
+    });
+
+    expect(sendersMessageInReceiversInbox).to.exist;
+    expect(sendersMessageInSendersInbox).to.exist;
+  });
+
+  it('allows admin to send when to user has opted out of messaging', async () => {
+    userToSendMessage = await generateUser({
+      'contributor.admin': 1,
+    });
+    const receiver = await generateUser({'inbox.optOut': true});
+
+    await userToSendMessage.post('/members/send-private-message', {
+      message: messageToSend,
+      toUserId: receiver._id,
+    });
+
+    const updatedReceiver = await receiver.get('/user');
+    const updatedSender = await userToSendMessage.get('/user');
+
+    const sendersMessageInReceiversInbox = _.find(updatedReceiver.inbox.messages, (message) => {
+      return message.uuid === userToSendMessage._id && message.text === messageToSend;
+    });
+
+    const sendersMessageInSendersInbox = _.find(updatedSender.inbox.messages, (message) => {
+      return message.uuid === receiver._id && message.text === messageToSend;
+    });
+
+    expect(sendersMessageInReceiversInbox).to.exist;
+    expect(sendersMessageInSendersInbox).to.exist;
+  });
 });
--- a/website/server/controllers/api-v3/members.js
+++ b/website/server/controllers/api-v3/members.js
@@ -476,7 +476,8 @@ api.sendPrivateMessage = {
    if (!receiver) throw new NotFound(res.t('userNotFound'));

    let objections = sender.getObjectionsToInteraction('send-private-message', receiver);
-    if (objections.length > 0) throw new NotAuthorized(res.t(objections[0]));
+
+    if (objections.length > 0 && !sender.isAdmin()) throw new NotAuthorized(res.t(objections[0]));

    await sender.sendMessage(receiver, { receiverMsg: message });

--- a/website/server/models/user/methods.js
+++ b/website/server/models/user/methods.js
@@ -313,3 +313,7 @@ schema.methods.isMemberOfGroupPlan = async function isMemberOfGroupPlan () {
    return g.isSubscribed();
  });
 };
+
+schema.methods.isAdmin = function isAdmin () {
+  return this.contributor && this.contributor.admin;
+};