- when updating a role, update the permissions for all the people with that role already

- dont allow making 2 roles the same permissions
2 years ago · 3a8f6b9e7e
parent 8b4a793d5a
commit 3a8f6b9e7e
3 changed files with 30 additions and 6 deletions
--- a/db/accounts.js
+++ b/db/accounts.js
@ -75,6 +75,18 @@ module.exports = {
 		return res;
 	},

+	setNewRolePermissions: async (oldPermissions, permissions) => {
+		const res = await db.updateMany({
+			'permissions': Mongo.Binary(oldPermissions.array),
+		}, {
+			'$set': {
+				'permissions': Mongo.Binary(permissions.array),
+			}
+		});
+		cache.deletePattern(`users:*`);
+		return res;
+	},
+
 	updateLastActiveDate: (username) => {
 		return db.updateOne({
 			'_id': username
--- a/gulpfile.js
+++ b/gulpfile.js
@ -187,6 +187,7 @@ async function wipe() {
 	await Boards.db.createIndex({tags: 1})
 	await Boards.db.createIndex({uri: 1})
 	await Boards.db.createIndex({lastPostTimestamp:1})
+	await Roles.db.dropIndexes()
 	await Bans.db.dropIndexes()
 	await Captchas.db.dropIndexes()
 	await Ratelimits.db.dropIndexes()
@ -194,6 +195,7 @@ async function wipe() {
 	await Modlogs.db.dropIndexes()
 	await CustomPages.db.dropIndexes()
 	await CustomPages.db.createIndex({ 'board': 1, 'page': 1 }, { unique: true })
+	await Roles.db.createIndex({ 'permissions': 1 }, { unique: true })
 	await Modlogs.db.createIndex({ 'board': 1 })
 	await Files.db.createIndex({ 'count': 1 })
 	await Bans.db.createIndex({ 'ip.single': 1 , 'board': 1 })
--- a/models/forms/editrole.js
+++ b/models/forms/editrole.js
@ -1,16 +1,16 @@
 'use strict';

-const { Roles } = require(__dirname+'/../../db/')
+const { Roles, Accounts } = require(__dirname+'/../../db/')
+	, { Binary } = require(__dirname+'/../../db/db.js')
 	, redis = require(__dirname+'/../../redis.js')
 	, dynamicResponse = require(__dirname+'/../../helpers/dynamic.js')
+	, roleManager = require(__dirname+'/../../helpers/rolemanager.js')
 	, Permissions = require(__dirname+'/../../helpers/permissions.js')
 	, Permission = require(__dirname+'/../../helpers/permission.js');

 module.exports = async (req, res, next) => {

-	let rolePermissions;
-
-	rolePermissions = new Permission(res.locals.editingRole.permissions);
+	let rolePermissions = new Permission(res.locals.editingRole.permissions);
 	rolePermissions.set(Permissions.VIEW_RAW_IP, (req.body.VIEW_RAW_IP != null));
 	rolePermissions.set(Permissions.CREATE_BOARD, (req.body.CREATE_BOARD != null));
 	rolePermissions.set(Permissions.CREATE_ACCOUNT, (req.body.CREATE_ACCOUNT != null));
@ -52,18 +52,28 @@ module.exports = async (req, res, next) => {
 	}
 	rolePermissions.applyInheritance();

-//todo: error for making role with same permissions as another role.
+	const existingRoleName = roleManager.roleNameMap[rolePermissions.base64]
+	if (existingRoleName) {
+		return dynamicResponse(req, res, 409, 'message', {
+			'title': 'Conflict',
+			'error': `Another role already exists with those same permissions: "${existingRoleName}"`,
+			'redirect': req.headers.referer || `/globalmanage/roles.html`,
+		});
+	}

 	const updated = await Roles.updateOne(req.body.roleid, rolePermissions).then(r => r.matchedCount);

 	if (updated === 0) {
 		return dynamicResponse(req, res, 400, 'message', {
 			'title': 'Bad request',
-			'errors': 'Role does not exist',
+			'error': 'Role does not exist',
 			'redirect': req.headers.referer || `/globalmanage/roles.html`,
 		});
 	}

+	const oldPermissions = new Permission(res.locals.editingRole.permissions);
+	await Accounts.setNewRolePermissions(oldPermissions, rolePermissions)
+
 	redis.redisPublisher.publish('roles', null);

 	return dynamicResponse(req, res, 200, 'message', {