nodebb-plugin-onekite-calendar 2.0.61 → 2.0.62

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/api.js +23 -3
  2. package/package.json +1 -1
  3. package/plugin.json +1 -1
package/lib/api.js CHANGED
@@ -420,6 +420,26 @@ async function canCreateSpecial(uid, settings) {
420
420
  return false;
421
421
  }
422
422
 
423
+
424
+ async function canJoinSpecial(uid, settings) {
425
+ if (!uid) return false;
426
+ // Admins always allowed
427
+ try {
428
+ const isAdmin = await groups.isMember(uid, 'administrators');
429
+ if (isAdmin) return true;
430
+ } catch (e) {}
431
+
432
+ // Special-event creators can join/leave
433
+ if (await canCreateSpecial(uid, settings)) return true;
434
+
435
+ // Location creator groups can also participate (even if they can't create events)
436
+ const allowed = normalizeAllowedGroups(settings.creatorGroups || '');
437
+ if (!allowed.length) return false;
438
+ return userInAnyGroup(uid, allowed);
439
+ }
440
+
441
+
442
+
423
443
  async function canDeleteSpecial(uid, settings) {
424
444
  if (!uid) return false;
425
445
  try {
@@ -958,7 +978,7 @@ api.getSpecialEventDetails = async function (req, res) {
958
978
  participants,
959
979
  participantsUsernames: await usernamesByUids(participants),
960
980
  canDeleteSpecial: canSpecialDelete,
961
- canJoin: uid ? await canCreateSpecial(uid, settings) : false,
981
+ canJoin: uid ? await canJoinSpecial(uid, settings) : false,
962
982
  isParticipant: uid ? participants.includes(String(uid)) : false,
963
983
  icsUrl: links.icsUrl,
964
984
  googleCalUrl: links.googleCalUrl,
@@ -973,7 +993,7 @@ api.joinSpecialEvent = async function (req, res) {
973
993
  const settings = await getSettings();
974
994
  const uid = req.uid;
975
995
  if (!uid) return res.status(401).json({ error: 'not-logged-in' });
976
- const ok = await canCreateSpecial(uid, settings);
996
+ const ok = await canJoinSpecial(uid, settings);
977
997
  if (!ok) return res.status(403).json({ error: 'not-allowed' });
978
998
 
979
999
  const eid = String(req.params.eid || '').replace(/^special:/, '').trim();
@@ -1000,7 +1020,7 @@ api.leaveSpecialEvent = async function (req, res) {
1000
1020
  const settings = await getSettings();
1001
1021
  const uid = req.uid;
1002
1022
  if (!uid) return res.status(401).json({ error: 'not-logged-in' });
1003
- const ok = await canCreateSpecial(uid, settings);
1023
+ const ok = await canJoinSpecial(uid, settings);
1004
1024
  if (!ok) return res.status(403).json({ error: 'not-allowed' });
1005
1025
 
1006
1026
  const eid = String(req.params.eid || '').replace(/^special:/, '').trim();
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nodebb-plugin-onekite-calendar",
3
- "version": "2.0.61",
3
+ "version": "2.0.62",
4
4
  "description": "FullCalendar-based equipment reservation workflow with admin approval & HelloAsso payment for NodeBB",
5
5
  "main": "library.js",
6
6
  "license": "MIT",
package/plugin.json CHANGED
@@ -39,5 +39,5 @@
39
39
  "acpScripts": [
40
40
  "public/admin.js"
41
41
  ],
42
- "version": "2.0.61"
42
+ "version": "2.0.62"
43
43
  }