deepcrayon
/
lila
1
0
Fork 0
Code Releases Activity

only the team creator (and mods) can remove self from team leaders 

closes #7008
pull/7026/head
Thibault Duplessis 2020-07-23 11:31:57 +02:00
parent 2a95045d72
commit 3d6bdfb159
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/Team.scala
View File

@ -159,10 +159,10 @@ final class Team(
}
def leaders(id: String) =
AuthBody { implicit ctx => _ =>
AuthBody { implicit ctx => me =>
WithOwnedTeam(id) { team =>
implicit val req = ctx.body
forms.leaders(team).bindFromRequest().value ?? { api.setLeaders(team, _) } inject Redirect(
forms.leaders(team).bindFromRequest().value ?? { api.setLeaders(team, _, me, isGranted(_.ManageTeam)) } inject Redirect(
routes.Team.show(team.id)
).flashSuccess
}

10
modules/team/src/main/TeamApi.scala
View File

@ -222,7 +222,7 @@ final class TeamApi(
private case class TagifyUser(value: String)
implicit private val TagifyUserReads = Json.reads[TagifyUser]
def setLeaders(team: Team, json: String): Funit = {
def setLeaders(team: Team, json: String, by: User, byMod: Boolean): Funit = {
val leaders: Set[User.ID] = Try {
json.trim.nonEmpty ?? {
Json.parse(json).validate[List[TagifyUser]] match {
@ -236,9 +236,11 @@ final class TeamApi(
}
} getOrElse Set.empty
memberRepo.filterUserIdsInTeam(team.id, leaders) flatMap { ids =>
ids.nonEmpty ?? {
cached.leaders.put(team.id, fuccess(ids))
teamRepo.setLeaders(team.id, ids).void
(team.leaders(team.createdBy) && !ids(team.createdBy) && by.id != team.createdBy && !byMod) ?? {
ids.nonEmpty ?? {
cached.leaders.put(team.id, fuccess(ids))
teamRepo.setLeaders(team.id, ids).void
}
}
}
}