From a95a4cc89155f448e6f9ca0957170f3c72a9d964 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Tue, 30 Jul 2019 09:59:19 +0200
Subject: Moderators can only manage users

---
 .../app/+admin/users/user-list/user-list.component.ts | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

(limited to 'client/src/app/+admin/users/user-list')

diff --git a/client/src/app/+admin/users/user-list/user-list.component.ts b/client/src/app/+admin/users/user-list/user-list.component.ts
index c9c790689..ab82713b2 100644
--- a/client/src/app/+admin/users/user-list/user-list.component.ts
+++ b/client/src/app/+admin/users/user-list/user-list.component.ts
@@ -1,5 +1,5 @@
 import { Component, OnInit, ViewChild } from '@angular/core'
-import { Notifier } from '@app/core'
+import { AuthService, Notifier } from '@app/core'
 import { SortMeta } from 'primeng/components/common/sortmeta'
 import { ConfirmService, ServerService } from '../../../core'
 import { RestPagination, RestTable, UserService } from '../../../shared'
@@ -30,11 +30,16 @@ export class UserListComponent extends RestTable implements OnInit {
     private confirmService: ConfirmService,
     private serverService: ServerService,
     private userService: UserService,
+    private auth: AuthService,
     private i18n: I18n
   ) {
     super()
   }
 
+  get authUser () {
+    return this.auth.getUser()
+  }
+
   get requiresEmailVerification () {
     return this.serverService.getConfig().signup.requiresEmailVerification
   }
@@ -45,22 +50,26 @@ export class UserListComponent extends RestTable implements OnInit {
     this.bulkUserActions = [
       {
         label: this.i18n('Delete'),
-        handler: users => this.removeUsers(users)
+        handler: users => this.removeUsers(users),
+        isDisplayed: users => users.every(u => this.authUser.canManage(u))
       },
       {
         label: this.i18n('Ban'),
         handler: users => this.openBanUserModal(users),
-        isDisplayed: users => users.every(u => u.blocked === false)
+        isDisplayed: users => users.every(u => this.authUser.canManage(u) && u.blocked === false)
       },
       {
         label: this.i18n('Unban'),
         handler: users => this.unbanUsers(users),
-        isDisplayed: users => users.every(u => u.blocked === true)
+        isDisplayed: users => users.every(u => this.authUser.canManage(u) && u.blocked === true)
       },
       {
         label: this.i18n('Set Email as Verified'),
         handler: users => this.setEmailsAsVerified(users),
-        isDisplayed: users => this.requiresEmailVerification && users.every(u => !u.blocked && u.emailVerified === false)
+        isDisplayed: users => {
+          return this.requiresEmailVerification &&
+            users.every(u => this.authUser.canManage(u) && !u.blocked && u.emailVerified === false)
+        }
       }
     ]
   }
-- 
cgit v1.2.3