fix(web): prevent invalid owner leave action in group/channel info
Some checks are pending
CI / test (push) Has started running
Some checks are pending
CI / test (push) Has started running
This commit is contained in:
@@ -32,7 +32,7 @@ Legend:
|
|||||||
23. Groups - `PARTIAL` (create/add/remove/invite link; join-by-invite and invite permissions covered by integration tests; members API now returns profile fields (`username/name/avatar_url`) and web Chat Info consumes them to avoid extra per-member profile requests; add-member search also shows avatars; advanced moderation still partial)
|
23. Groups - `PARTIAL` (create/add/remove/invite link; join-by-invite and invite permissions covered by integration tests; members API now returns profile fields (`username/name/avatar_url`) and web Chat Info consumes them to avoid extra per-member profile requests; add-member search also shows avatars; advanced moderation still partial)
|
||||||
24. Roles - `DONE` (owner/admin/member)
|
24. Roles - `DONE` (owner/admin/member)
|
||||||
25. Admin Rights - `PARTIAL` (delete/pin/edit info + explicit ban APIs for groups/channels including ban list endpoint; web Chat Info now shows searchable `Banned users` with both inline and right-click `Unban` actions for owner/admin, member search, avatars in moderation lists, invite-link copy/regenerate actions, ban metadata (`who banned/when`), explicit member action button for touch/trackpad UX, `@username`-friendly moderation filters, and resilient profile hydration (`allSettled`) for partially missing users; integration tests cover channel member read-only, channel admin full-delete, channel message delete-for-all permissions, group profile edit permissions, owner-only role management rules, and admin-visible/member-forbidden ban-list access; remaining UX moderation tools limited)
|
25. Admin Rights - `PARTIAL` (delete/pin/edit info + explicit ban APIs for groups/channels including ban list endpoint; web Chat Info now shows searchable `Banned users` with both inline and right-click `Unban` actions for owner/admin, member search, avatars in moderation lists, invite-link copy/regenerate actions, ban metadata (`who banned/when`), explicit member action button for touch/trackpad UX, `@username`-friendly moderation filters, and resilient profile hydration (`allSettled`) for partially missing users; integration tests cover channel member read-only, channel admin full-delete, channel message delete-for-all permissions, group profile edit permissions, owner-only role management rules, and admin-visible/member-forbidden ban-list access; remaining UX moderation tools limited)
|
||||||
26. Channels - `PARTIAL` (create/post/edit/delete/subscribe/unsubscribe; integration tests now also cover invite-link permissions (member forbidden, admin allowed); web Chat Info now differentiates destructive actions by role for both groups/channels (`Delete ... for all` for owner/admin, `Leave` for members); app auto-join by invite token is now single-shot with toast errors (no retry spam on invalid/expired links); remaining UX edge-cases still polishing)
|
26. Channels - `PARTIAL` (create/post/edit/delete/subscribe/unsubscribe; integration tests now also cover invite-link permissions (member forbidden, admin allowed); web Chat Info now differentiates destructive actions by role for both groups/channels (`Delete ... for all` for owner/admin, `Leave` for members) and blocks invalid owner-leave action when members remain; app auto-join by invite token is now single-shot with toast errors (no retry spam on invalid/expired links); remaining UX edge-cases still polishing)
|
||||||
27. Channel Types - `DONE` (public/private)
|
27. Channel Types - `DONE` (public/private)
|
||||||
28. Notifications - `PARTIAL` (browser notifications + mute/settings; chat mute is propagated in chat list payload, honored by web realtime notifications with mention override, and mute toggle now syncs instantly in chat store; backend now emits `chat_updated` after notification mute/unmute for cross-tab consistency; no mobile push infra)
|
28. Notifications - `PARTIAL` (browser notifications + mute/settings; chat mute is propagated in chat list payload, honored by web realtime notifications with mention override, and mute toggle now syncs instantly in chat store; backend now emits `chat_updated` after notification mute/unmute for cross-tab consistency; no mobile push infra)
|
||||||
29. Archive - `DONE`
|
29. Archive - `DONE`
|
||||||
|
|||||||
@@ -92,6 +92,16 @@ export function ChatInfoPanel({ chatId, open, onClose }: Props) {
|
|||||||
const canManageMembers = Boolean(isGroupLike && (myRoleNormalized === "owner" || myRoleNormalized === "admin"));
|
const canManageMembers = Boolean(isGroupLike && (myRoleNormalized === "owner" || myRoleNormalized === "admin"));
|
||||||
const canEditTitle = Boolean(isGroupLike && (myRoleNormalized === "owner" || myRoleNormalized === "admin"));
|
const canEditTitle = Boolean(isGroupLike && (myRoleNormalized === "owner" || myRoleNormalized === "admin"));
|
||||||
const canEditChatProfile = Boolean(isGroupLike && (myRoleNormalized === "owner" || myRoleNormalized === "admin"));
|
const canEditChatProfile = Boolean(isGroupLike && (myRoleNormalized === "owner" || myRoleNormalized === "admin"));
|
||||||
|
const canLeaveGroupLikeChat = useMemo(() => {
|
||||||
|
if (!chat || !isGroupLike) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
if (myRoleNormalized !== "owner") {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
const count = chat.members_count ?? members.length;
|
||||||
|
return count <= 1;
|
||||||
|
}, [chat, isGroupLike, myRoleNormalized, members.length]);
|
||||||
const photoAttachments = useMemo(() => attachments.filter((item) => item.file_type.startsWith("image/")).sort((a, b) => b.id - a.id), [attachments]);
|
const photoAttachments = useMemo(() => attachments.filter((item) => item.file_type.startsWith("image/")).sort((a, b) => b.id - a.id), [attachments]);
|
||||||
const videoAttachments = useMemo(() => attachments.filter((item) => item.file_type.startsWith("video/")).sort((a, b) => b.id - a.id), [attachments]);
|
const videoAttachments = useMemo(() => attachments.filter((item) => item.file_type.startsWith("video/")).sort((a, b) => b.id - a.id), [attachments]);
|
||||||
const voiceAttachments = useMemo(() => attachments.filter((item) => item.message_type === "voice").sort((a, b) => b.id - a.id), [attachments]);
|
const voiceAttachments = useMemo(() => attachments.filter((item) => item.message_type === "voice").sort((a, b) => b.id - a.id), [attachments]);
|
||||||
@@ -983,8 +993,12 @@ export function ChatInfoPanel({ chatId, open, onClose }: Props) {
|
|||||||
</button>
|
</button>
|
||||||
) : null}
|
) : null}
|
||||||
<button
|
<button
|
||||||
className="w-full rounded bg-slate-700 px-3 py-2 text-sm"
|
className="w-full rounded bg-slate-700 px-3 py-2 text-sm disabled:cursor-not-allowed disabled:opacity-60"
|
||||||
|
disabled={!canLeaveGroupLikeChat}
|
||||||
onClick={async () => {
|
onClick={async () => {
|
||||||
|
if (!canLeaveGroupLikeChat) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
await leaveChat(chatId);
|
await leaveChat(chatId);
|
||||||
await loadChats();
|
await loadChats();
|
||||||
@@ -995,7 +1009,9 @@ export function ChatInfoPanel({ chatId, open, onClose }: Props) {
|
|||||||
}
|
}
|
||||||
}}
|
}}
|
||||||
>
|
>
|
||||||
{chat.type === "channel" ? "Leave channel" : "Leave chat"}
|
{canLeaveGroupLikeChat
|
||||||
|
? (chat.type === "channel" ? "Leave channel" : "Leave chat")
|
||||||
|
: "Owner cannot leave while members remain"}
|
||||||
</button>
|
</button>
|
||||||
</>
|
</>
|
||||||
) : null}
|
) : null}
|
||||||
|
|||||||
Reference in New Issue
Block a user