Event changes

- changed creation to group-admins only
5 years ago · 05e69aacf3
parent f7dae45ab9
commit 05e69aacf3
2 changed files with 8 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -26,6 +26,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - changed the running behaviour to run in cluster threads via node.js cluster api
 - gql field userVote requires a userId
 - default findUser param limit to 20
+- only group admins can create group events

 ### Fixed

--- a/src/graphql/resolvers.ts
+++ b/src/graphql/resolvers.ts
@ -441,8 +441,13 @@ export function resolver(req: any, res: any): any {
        async createEvent({name, dueDate, groupId}: { name: string, dueDate: string, groupId: number }) {
            if (req.session.userId) {
                const date = new Date(Number(dueDate));
-                const group = await models.Group.findByPk(groupId);
-                return group.$create<models.Event>("rEvent", {name, dueDate: date});
+                const group = await models.Group.findByPk(groupId, {include: [{association: "rAdmins"}]});
+                if (group.rAdmins.find((x) => x.id === req.session.userId)) {
+                    return group.$create<models.Event>("rEvent", {name, dueDate: date});
+                } else {
+                    res.status(status.FORBIDDEN);
+                    return new GraphQLError("You are not a group admin!");
+                }
            } else {
                res.status(status.UNAUTHORIZED);
                return new NotLoggedInGqlError();