krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-18 07:07:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
c502b1997b06443a0741cf3e808decb566fb4b4a
habitica/website/client-old/js/controllers/groupsCtrl.js
Keith Holliday 1999e1098e Allow guilds edit (#8800) 
* test: test that admin users can update guilds

* test: test admin removeMember privileges

* fix: allow admins to edit guilds

* fix: add edit guild options for admins

* test: test that admin can't remove current leader

* Add error msg for removing current leader

* Taskwoods Quest Line (#8156)

* feat(content): Gold Quest 2016-10

* chore(news): Bailey

* chore(i18n): update locales

* chore(sprites): compile

* 3.49.0

* chore: update express

* Fix for the ReDOS vulnerability

habitica is currently affected by the high-severity [ReDOS vulnerability](https://snyk.io/vuln/npm:tough-cookie:20160722). 

Vulnerable module: `tough-cookie`
Introduced through: ` request`

This PR fixes the ReDOS vulnerability by upgrading ` request` to version 2.74.0

Check out the [Snyk test report](https://snyk.io/test/github/HabitRPG/habitica) to review other vulnerabilities that affect this repo. 

[Watch the repo](https://snyk.io/add) to 
* get alerts if newly disclosed vulnerabilities affect this repo in the future. 
* generate pull requests with the fixes you want, or let us do the work: when a newly disclosed vulnerability affects you, we'll submit a fix to you right away. 

Stay secure, 
The Snyk team

* Documentation - coupon

closes #8109

* fix(client): Allow member hp to be clickable

fixes #8016
closes #8155

* chore(npm): shrinkwrap

* test: test isAbleToEditGroup

* Add isAbleToEditGroup to groupsCtrl

* Remove unnecessary ternary

* Fix linting

* Move edit permission logic out to groupsCtrl

* fix: change ternary to boolean

* Fix linting

* Fixed merge issues
2017-06-08 13:45:24 -07:00

171 lines
5.6 KiB
JavaScript
Raw Blame History

"use strict";
habitrpg.controller("GroupsCtrl", ['$scope', '$rootScope', 'Shared', 'Groups', '$http', '$q', 'User', 'Members', '$state', 'Notification',
function($scope, $rootScope, Shared, Groups, $http, $q, User, Members, $state, Notification) {
$scope.PARTY_LIMIT_MEMBERS = Shared.constants.PARTY_LIMIT_MEMBERS;
$scope.inviteOrStartParty = Groups.inviteOrStartParty;
$scope.isMemberOfPendingQuest = function (userid, group) {
if (!group.quest || !group.quest.members) return false;
if (group.quest.active) return false; // quest is started, not pending
return userid in group.quest.members && group.quest.members[userid] != false;
};
$scope.isMemberOfRunningQuest = function (userid, group) {
if (!group.quest || !group.quest.members) return false;
if (!group.quest.active) return false; // quest is pending, not started
return group.quest.members[userid];
};
$scope.isMemberOfGroup = function (userid, group) {
// If the group is a guild, just check for an intersection with the
// current user's guilds, rather than checking the members of the group.
if(group.type === 'guild') {
return _.find(User.user.guilds, function(guildId) { return guildId === group._id });
}
// Similarly, if we're dealing with the user's current party, return true.
if(group.type === 'party') {
var currentParty = group;
if(currentParty._id && currentParty._id === group._id) return true;
}
if (!group.members) return false;
var memberIds = _.map(group.members, function(x){return x._id});
return ~(memberIds.indexOf(userid));
};
$scope.isAbleToEditGroup = function (group) {
if (group.leader._id === User.user._id) return true;
if (User.user.contributor.admin && group.type === "guild") return true;
return false;
};
$scope.isMember = function (user, group) {
return ~(group.members.indexOf(user._id));
};
$scope.Members = Members;
$scope._editing = {group: false};
$scope.groupCopy = {};
$scope.editGroup = function (group) {
angular.copy(group, $scope.groupCopy);
group._editing = true;
};
$scope.saveEdit = function (group) {
var newLeader = $scope.groupCopy._newLeader && $scope.groupCopy._newLeader._id;
if (newLeader) {
$scope.groupCopy.leader = newLeader;
}
angular.copy($scope.groupCopy, group);
Groups.Group.update(group);
$scope.cancelEdit(group);
};
$scope.cancelEdit = function (group) {
group._editing = false;
$scope.groupCopy = {};
};
$scope.deleteAllMessages = function() {
if (confirm(window.env.t('confirmDeleteAllMessages'))) {
User.clearPMs();
}
};
// ------ Modals ------
$scope.clickMember = function (uid, forceShow) {
if (User.user._id == uid && !forceShow) {
if ($state.is('tasks')) {
$state.go('options.profile.avatar');
} else {
$state.go('tasks');
}
} else {
// We need the member information up top here, but then we pass it down to the modal controller
// down below. Better way of handling this?
Members.selectMember(uid)
.then(function () {
$rootScope.openModal('member', {controller: 'MemberModalCtrl', windowClass: 'profile-modal', size: 'lg'});
});
}
};
$scope.removeMember = function (group, member, isMember) {
// TODO find a better way to do this (share data with remove member modal)
$scope.removeMemberData = {
group: group,
member: member,
isMember: isMember
};
$rootScope.openModal('remove-member', {scope: $scope});
};
$scope.confirmRemoveMember = function (confirm) {
if (confirm) {
Groups.Group.removeMember(
$scope.removeMemberData.group._id,
$scope.removeMemberData.member._id,
$scope.removeMemberData.message
).then(function (response) {
if($scope.removeMemberData.isMember){
_.pull($scope.removeMemberData.group.members, $scope.removeMemberData.member);
}else{
_.pull($scope.removeMemberData.group.invites, $scope.removeMemberData.member);
}
$scope.removeMemberData = undefined;
});
} else {
$scope.removeMemberData = undefined;
}
};
$scope.quickReply = function (uid) {
Members.selectMember(uid)
.then(function (response) {
$rootScope.openModal('private-message', {controller: 'MemberModalCtrl'});
});
};
$scope.memberProfileName = function (memberId) {
var member = _.find($scope.groupCopy.members, function (member) { return member._id === memberId; });
return member.profile.name;
};
$scope.addManager = function () {
Groups.Group.addManager($scope.groupCopy._id, $scope.groupCopy._newManager)
.then(function (response) {
$scope.groupCopy._newManager = '';
$scope.groupCopy.managers = response.data.data.managers;
});
};
$scope.removeManager = function (memberId) {
Groups.Group.removeManager($scope.groupCopy._id, memberId)
.then(function (response) {
$scope.groupCopy._newManager = '';
$scope.groupCopy.managers = response.data.data.managers;
});
};
$scope.isManager = function (memberId, group) {
return Boolean(group.managers[memberId]);
}
$scope.userCanApprove = function (userId, group) {
if (!group) return false;
var leader = group.leader._id === userId;
var userIsManager = !!group.managers[userId];
return leader || userIsManager;
};
}]);
Reference in New Issue View Git Blame Copy Permalink