10282: Added code for blocking party and guild invitations from block… (#10454)

* 10282: Added code for blocking party and guild invitations from blocked players, added tests

* 10282: fixed test label

* Update POST-groups_invite.test.js

removed `it.only` which was used for testing

test/api/v3/integration/groups/POST-groups_invite.test.js

@@ -114,6 +114,19 @@ describe('Post /groups/:groupId/invite', () => {
         });
     });
 
+    it('returns error when recipient has blocked the senders', async () => {
+      const inviterNoBlocks = await inviter.update({'inbox.blocks': []});
+      let userWithBlockedInviter = await generateUser({'inbox.blocks': [inviter._id]});
+      await expect(inviterNoBlocks.post(`/groups/${group._id}/invite`, {
+        uuids: [userWithBlockedInviter._id],
+      }))
+        .to.eventually.be.rejected.and.eql({
+          code: 401,
+          error: 'NotAuthorized',
+          message: t('notAuthorizedToSendMessageToThisUser'),
+        });
+    });
+
     it('invites a user to a group by uuid', async () => {
       let userToInvite = await generateUser();
 

website/server/controllers/api-v3/groups.js

@@ -958,6 +958,11 @@ async function _inviteByUUID (uuid, group, inviter, req, res) {
     throw new BadRequest(res.t('cannotInviteSelfToGroup'));
   }
 
+  const objections = inviter.getObjectionsToInteraction('group-invitation', userToInvite);
+  if (objections.length > 0) {
+    throw new NotAuthorized(res.t(objections[0], { userId: uuid, username: userToInvite.profile.name}));
+  }
+
   if (group.type === 'guild') {
     if (_.includes(userToInvite.guilds, group._id)) {
       throw new NotAuthorized(res.t('userAlreadyInGroup', { userId: uuid, username: userToInvite.profile.name}));
@@ -1160,6 +1165,7 @@ async function _inviteByEmail (invite, group, inviter, req, res) {
  * @apiError (401) {NotAuthorized} UserAlreadyInvited The user has already been invited to the group.
  * @apiError (401) {NotAuthorized} UserAlreadyInGroup The user is already a member of the group.
  * @apiError (401) {NotAuthorized} CannotInviteWhenMuted You cannot invite anyone to a guild or party because your chat privileges have been revoked.
+ * @apiError (401) {NotAuthorized} NotAuthorizedToSendMessageToThisUser You can't send a message to this player because they have chosen to block messages.
  *
  * @apiUse GroupNotFound
  * @apiUse UserNotFound
@@ -1168,9 +1174,7 @@ async function _inviteByEmail (invite, group, inviter, req, res) {
 api.inviteToGroup = {
   method: 'POST',
   url: '/groups/:groupId/invite',
-  middlewares: [authWithHeaders({
+  middlewares: [authWithHeaders({})],
-    userFieldsToExclude: ['inbox'],
-  })],
   async handler (req, res) {
     let user = res.locals.user;
 

website/server/models/user/methods.js

@@ -59,6 +59,10 @@ const INTERACTION_CHECKS = Object.freeze({
     // Unlike private messages, gems can't be sent to oneself
     (sndr, rcvr) => rcvr._id === sndr._id && 'cannotSendGemsToYourself',
   ],
+
+  'group-invitation': [
+    // uses the checks that are in the 'always' array
+  ],
 });
 /* eslint-enable no-unused-vars */