--- /dev/null
+/* Copyright (c) 2019 AT&T Intellectual Property. #\r
+# #\r
+# Licensed under the Apache License, Version 2.0 (the "License"); #\r
+# you may not use this file except in compliance with the License. #\r
+# You may obtain a copy of the License at #\r
+# #\r
+# http://www.apache.org/licenses/LICENSE-2.0 #\r
+# #\r
+# Unless required by applicable law or agreed to in writing, software #\r
+# distributed under the License is distributed on an "AS IS" BASIS, #\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #\r
+# See the License for the specific language governing permissions and #\r
+# limitations under the License. #\r
+##############################################################################*/\r
+\r
+\r
+module.exports = function () {\r
+ return async context => {\r
+ let group = {};\r
+ if(context.data.parentGroupId){\r
+ //get the groups from the group service\r
+ //check if the user is an Admin in the parent group \r
+ await context.app.services[context.app.get('base-path') + 'groups']\r
+ .get(context.data.parentGroupId, context.params)\r
+ .then( result => { \r
+ group = result;\r
+ });\r
+ \r
+ if(group.members){\r
+ for(let i = 0; i < group.members.length; i++){\r
+ if(group.members[i].userId.toString() === context.params.user._id.toString()){\r
+ if(!group.members[i].roles.includes("admin")){\r
+ throw new Error('Can not create child group. You must be an admin of the parent group.');\r
+ }\r
+ }\r
+ }\r
+ }else{\r
+ throw new Error('Can not create child group. You must be an admin of the parent group.');\r
+ }\r
+ }\r
+ }\r
+}
\ No newline at end of file
Code Review / it / otf.git / blobdiff