From 15626b8ae16cd260fadce5dbcc72078d0e53bb60 Mon Sep 17 00:00:00 2001
From: borisabramovich86 <bojaab3@gmail.com>
Date: Wed, 18 Oct 2017 23:26:01 +0300
Subject: [PATCH] Prevent user from blocking himself - fixes #9097 (#9194)

* Added check - user can't block himself

* removed exclusive test
---
 test/common/ops/blockUser.test.js         | 9 +++++++++
 website/common/locales/en_GB/contrib.json | 1 +
 website/common/script/ops/blockUser.js    | 1 +
 3 files changed, 11 insertions(+)

diff --git a/test/common/ops/blockUser.test.js b/test/common/ops/blockUser.test.js
index 216648624b..16c439c94d 100644
--- a/test/common/ops/blockUser.test.js
+++ b/test/common/ops/blockUser.test.js
@@ -25,6 +25,15 @@ describe('shared.ops.blockUser', () => {
     }
   });
 
+  it('validates user can\'t block himself', (done) => {
+    try {
+      blockUser(user, { params: { uuid: user._id } });
+    } catch (error) {
+      expect(error.message).to.eql(i18n.t('blockYourself'));
+      done();
+    }
+  });
+
   it('blocks user', () => {
     let [result] = blockUser(user, { params: { uuid: blockedUser._id } });
     expect(user.inbox.blocks).to.eql([blockedUser._id]);
diff --git a/website/common/locales/en_GB/contrib.json b/website/common/locales/en_GB/contrib.json
index d277baca47..239af2a87a 100644
--- a/website/common/locales/en_GB/contrib.json
+++ b/website/common/locales/en_GB/contrib.json
@@ -52,6 +52,7 @@
     "pageMustBeNumber": "req.query.page must be a number",
     "userNotFound": "User not found.",
     "invalidUUID": "UUID must be valid",
+    "blockYourself": "You can't block yourself!",
     "title": "Title",
     "moreDetails": "More details (1-7)",
     "moreDetails2": "more details (8-9)",
diff --git a/website/common/script/ops/blockUser.js b/website/common/script/ops/blockUser.js
index 2f4091c238..fe347a4b1d 100644
--- a/website/common/script/ops/blockUser.js
+++ b/website/common/script/ops/blockUser.js
@@ -6,6 +6,7 @@ import {
 
 module.exports = function blockUser (user, req = {}) {
   if (!validator.isUUID(req.params.uuid)) throw new BadRequest(i18n.t('invalidUUID', req.language));
+  if (req.params.uuid === user._id) throw new BadRequest(i18n.t('blockYourself', req.language));
 
   let i = user.inbox.blocks.indexOf(req.params.uuid);
   if (i === -1) {