nodebb-plugin-onekite-calendar 2.0.74 → 2.0.75

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/lib/api.js +22 -25
  2. package/package.json +1 -1
package/lib/api.js CHANGED
@@ -778,7 +778,7 @@ api.getCapabilities = async function (req, res) {
778
778
  isValidator: canMod,
779
779
  canCreateSpecial: canSpecialC,
780
780
  canDeleteSpecial: canSpecialD,
781
- canCreateOuting: canReq,
781
+ canCreateOuting: canMod || canReq,
782
782
  canCreateReservation: canReq,
783
783
  specialEventCategoryCid: parseInt(settings && settings.specialEventCategoryId, 10) || 0,
784
784
  });
@@ -938,7 +938,7 @@ api.getOutingDetails = async function (req, res) {
938
938
  });
939
939
 
940
940
  const participants = normalizeUidList(o.participants);
941
- const canEditOuting = uid ? await canRequest(uid, settings, Date.now()) : false;
941
+ const canEditOuting = uid ? (canMod || await canRequest(uid, settings, Date.now())) : false;
942
942
  const out = {
943
943
  oid: o.oid,
944
944
  title: o.title || '',
@@ -967,8 +967,7 @@ api.joinOuting = async function (req, res) {
967
967
  const settings = await getSettings();
968
968
  const uid = req.uid;
969
969
  if (!uid) return res.status(401).json({ error: 'not-logged-in' });
970
- // Outings share the same rights as reservations/locations.
971
- const ok = await canRequest(uid, settings, Date.now());
970
+ const ok = (await canValidate(uid, settings)) || (await canRequest(uid, settings, Date.now()));
972
971
  if (!ok) return res.status(403).json({ error: 'not-allowed' });
973
972
 
974
973
  const oid = String(req.params.oid || '').replace(/^outing:/, '').trim();
@@ -999,8 +998,7 @@ api.leaveOuting = async function (req, res) {
999
998
  const settings = await getSettings();
1000
999
  const uid = req.uid;
1001
1000
  if (!uid) return res.status(401).json({ error: 'not-logged-in' });
1002
- // Outings share the same rights as reservations/locations.
1003
- const ok = await canRequest(uid, settings, Date.now());
1001
+ const ok = (await canValidate(uid, settings)) || (await canRequest(uid, settings, Date.now()));
1004
1002
  if (!ok) return res.status(403).json({ error: 'not-allowed' });
1005
1003
 
1006
1004
  const oid = String(req.params.oid || '').replace(/^outing:/, '').trim();
@@ -1032,12 +1030,9 @@ api.createOuting = async function (req, res) {
1032
1030
  if (!req.uid) return res.status(401).json({ error: 'not-logged-in' });
1033
1031
 
1034
1032
  const startTs = toTs(req.body && req.body.start);
1035
- // Permissions for outings must match reservations/locations rights.
1036
- // We intentionally base the "auto" yearly group on the *current* year,
1037
- // not on the outing date, so members can plan future outings without
1038
- // requiring next-year group membership.
1039
- const ok = await canRequest(req.uid, settings, Date.now());
1040
- if (!ok) {
1033
+ const isValidatorForOuting = await canValidate(req.uid, settings);
1034
+ const canMakeOuting = isValidatorForOuting || (await canRequest(req.uid, settings, Date.now()));
1035
+ if (!canMakeOuting) {
1041
1036
  return res.status(403).json({
1042
1037
  error: 'not-allowed',
1043
1038
  code: 'NOT_MEMBER',
@@ -1051,18 +1046,20 @@ api.createOuting = async function (req, res) {
1051
1046
  return res.status(400).json({ error: 'bad-dates' });
1052
1047
  }
1053
1048
 
1054
- // Business rule: nothing can be created in the past.
1055
- try {
1056
- const today0 = new Date();
1057
- today0.setHours(0, 0, 0, 0);
1058
- const today0ts = today0.getTime();
1059
- if (startTs < today0ts) {
1060
- return res.status(400).json({
1061
- error: 'date-too-soon',
1062
- message: "Impossible de créer pour une date passée.",
1063
- });
1064
- }
1065
- } catch (e) {}
1049
+ // Validators can create outings in the past (regularization); others cannot.
1050
+ if (!isValidatorForOuting) {
1051
+ try {
1052
+ const today0 = new Date();
1053
+ today0.setHours(0, 0, 0, 0);
1054
+ const today0ts = today0.getTime();
1055
+ if (startTs < today0ts) {
1056
+ return res.status(400).json({
1057
+ error: 'date-too-soon',
1058
+ message: "Impossible de créer pour une date passée.",
1059
+ });
1060
+ }
1061
+ } catch (e) {}
1062
+ }
1066
1063
 
1067
1064
  const address = String((req.body && req.body.address) || '').trim();
1068
1065
  const notes = String((req.body && req.body.notes) || '').trim();
@@ -1122,7 +1119,7 @@ api.deleteOuting = async function (req, res) {
1122
1119
  api.updateOuting = async function (req, res) {
1123
1120
  const settings = await getSettings();
1124
1121
  if (!req.uid) return res.status(401).json({ error: 'not-logged-in' });
1125
- const ok = await canRequest(req.uid, settings, Date.now());
1122
+ const ok = (await canValidate(req.uid, settings)) || (await canRequest(req.uid, settings, Date.now()));
1126
1123
  if (!ok) return res.status(403).json({ error: 'not-allowed' });
1127
1124
 
1128
1125
  const oid = String(req.params.oid || '').replace(/^outing:/, '').trim();
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "nodebb-plugin-onekite-calendar",
3
- "version": "2.0.74",
3
+ "version": "2.0.75",
4
4
  "description": "FullCalendar-based equipment reservation workflow with admin approval & HelloAsso payment for NodeBB",
5
5
  "main": "library.js",
6
6
  "license": "MIT",