nodebb-plugin-onekite-calendar 2.0.64 → 2.0.65

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/api.js +16 -18
  2. package/package.json +1 -1
  3. package/plugin.json +1 -1
package/lib/api.js CHANGED
@@ -2,12 +2,9 @@
2
2
 
3
3
  const crypto = require('crypto');
4
4
 
5
- const meta = require.main.require('./src/meta');
6
5
  const nconf = require.main.require('nconf');
7
6
  const user = require.main.require('./src/user');
8
7
  const groups = require.main.require('./src/groups');
9
- const db = require.main.require('./src/database');
10
- const logger = require.main.require('./src/logger');
11
8
 
12
9
  const dbLayer = require('./db');
13
10
  const { getSettings } = require('./settings');
@@ -251,25 +248,26 @@ async function canCreateSpecial(uid, settings) {
251
248
  }
252
249
 
253
250
 
251
+ /**
252
+ * Determines if a user can join or leave special events as a participant.
253
+ *
254
+ * This permission is intentionally permissive: any authenticated user can participate
255
+ * in special events, regardless of group membership. This differs from creation/deletion
256
+ * permissions which remain restricted to specific groups.
257
+ *
258
+ * @param {number|string} uid - The user ID. Falsy values (0, null, undefined, '') indicate guest/unauthenticated users.
259
+ * @param {Object} settings - Plugin settings (unused but kept for API consistency with other permission functions).
260
+ * @returns {boolean} True if the user can join/leave special events (i.e., is authenticated).
261
+ *
262
+ * @since 1.0.0 Modified to allow all authenticated users (previously restricted to specific groups)
263
+ */
254
264
  async function canJoinSpecial(uid, settings) {
255
- if (!uid) return false;
256
- // Admins always allowed
257
- try {
258
- const isAdmin = await groups.isMember(uid, 'administrators');
259
- if (isAdmin) return true;
260
- } catch (e) {}
261
-
262
- // Special-event creators can join/leave
263
- if (await canCreateSpecial(uid, settings)) return true;
264
-
265
- // Location creator groups can also participate (even if they can't create events)
266
- const allowed = normalizeAllowedGroups(settings.creatorGroups || '');
267
- if (!allowed.length) return false;
268
- return userInAnyGroup(uid, allowed);
265
+ // Any authenticated user (non-zero uid) can participate in special events.
266
+ // The !! coercion converts truthy values to true, falsy to false.
267
+ return !!uid;
269
268
  }
270
269
 
271
270
 
272
-
273
271
  async function canDeleteSpecial(uid, settings) {
274
272
  if (!uid) return false;
275
273
  try {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nodebb-plugin-onekite-calendar",
3
- "version": "2.0.64",
3
+ "version": "2.0.65",
4
4
  "description": "FullCalendar-based equipment reservation workflow with admin approval & HelloAsso payment for NodeBB",
5
5
  "main": "library.js",
6
6
  "license": "MIT",
package/plugin.json CHANGED
@@ -39,5 +39,5 @@
39
39
  "acpScripts": [
40
40
  "public/admin.js"
41
41
  ],
42
- "version": "2.0.64"
42
+ "version": "2.0.65"
43
43
  }