From 4215aa1e3bbdd8060f308dadc8679e870b3b7974 Mon Sep 17 00:00:00 2001
From: Audric Ackermann <audric@loki.network>
Date: Mon, 5 Oct 2020 11:39:00 +1100
Subject: [PATCH] require admin for editing a closed group, but not a medium
 one

---
 js/views/conversation_view.js        | 6 +++++-
 js/views/create_group_dialog_view.js | 5 ++++-
 ts/receiver/groups.ts                | 5 +++--
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/js/views/conversation_view.js b/js/views/conversation_view.js
index c2752c2bf..fc0219f9c 100644
--- a/js/views/conversation_view.js
+++ b/js/views/conversation_view.js
@@ -271,6 +271,10 @@
       };
       const getGroupSettingsProps = () => {
         const members = this.model.get('members') || [];
+        const ourPK = window.textsecure.storage.user.getNumber();
+        const isAdmin = this.model.isMediumGroup()
+          ? true
+          : this.model.get('groupAdmins').includes(ourPK);
 
         return {
           id: this.model.id,
@@ -280,7 +284,7 @@
           avatarPath: this.model.getAvatarPath(),
           isGroup: !this.model.isPrivate(),
           isPublic: this.model.isPublic(),
-          isAdmin: true, // allow closed group edits from anyone this.model.get('groupAdmins').includes(ourPK),
+          isAdmin,
           isRss: this.model.isRss(),
           memberCount: members.length,
           amMod: this.model.isModerator(
diff --git a/js/views/create_group_dialog_view.js b/js/views/create_group_dialog_view.js
index 6a0f5715b..ddc183d2e 100644
--- a/js/views/create_group_dialog_view.js
+++ b/js/views/create_group_dialog_view.js
@@ -98,7 +98,10 @@
       } else {
         this.titleText = i18n('updateGroupDialogTitle', this.groupName);
         // anybody can edit a closed group name or members
-        this.isAdmin = true;
+        const ourPK = window.textsecure.storage.user.getNumber();
+        this.isAdmin = groupConvo.isMediumGroup()
+          ? true
+          : groupConvo.get('groupAdmins').includes(ourPK);
         const convos = window.getConversations().models.filter(d => !!d);
 
         this.existingMembers = groupConvo.get('members') || [];
diff --git a/ts/receiver/groups.ts b/ts/receiver/groups.ts
index df5a70a28..2c74f92a0 100644
--- a/ts/receiver/groups.ts
+++ b/ts/receiver/groups.ts
@@ -85,8 +85,9 @@ export async function preprocessGroupMessage(
     if (newGroup) {
       conversation.updateGroupAdmins(group.admins);
     } else {
-      // group members and names can be changed from any member
-      const fromAdmin = true;
+      // be sure to drop a message from a non admin if it tries to change group members
+      // or change the group name
+      const fromAdmin = conversation.get('groupAdmins').includes(primarySource);
 
       if (!fromAdmin) {
         // Make sure the message is not removing members / renaming the group