fix: add restriction on add/remove user to public group

2026-01-08 23:10:05 +00:00 · 2022-08-02 18:05:28 +05:00
parent c3e3befc17
commit d3a516c36e
2 changed files with 33 additions and 1 deletions
--- a/api/src/controllers/group.ts
+++ b/api/src/controllers/group.ts
@@ -10,7 +10,7 @@ import {
  Body
 } from 'tsoa'

-import Group, { GroupPayload } from '../model/Group'
+import Group, { GroupPayload, PUBLIC_GROUP_NAME } from '../model/Group'
 import User from '../model/User'
 import { UserResponse } from './user'

@@ -241,6 +241,13 @@ const updateUsersListInGroup = async (
      message: 'Group not found.'
    }

+  if (group.name === PUBLIC_GROUP_NAME)
+    throw {
+      code: 400,
+      status: 'Bad Request',
+      message: `Can't add/remove user to '${PUBLIC_GROUP_NAME}' group.`
+    }
+
  const user = await User.findOne({ id: userId })
  if (!user)
    throw {