src/privileges/categories.js


'use strict';

const _ = require('lodash');

const categories = require('../categories');
const user = require('../user');
const groups = require('../groups');
const helpers = require('./helpers');
const plugins = require('../plugins');
const utils = require('../utils');

module.exports = function (privileges) {
	privileges.categories = {};

	// Method used in admin/category controller to show all users/groups with privs in that given cid
	privileges.categories.list = async function (cid) {
		async function getLabels() {
			return await utils.promiseParallel({
				users: plugins.fireHook('filter:privileges.list_human', privileges.privilegeLabels.slice()),
				groups: plugins.fireHook('filter:privileges.groups.list_human', privileges.privilegeLabels.slice()),
			});
		}

		const payload = await utils.promiseParallel({
			labels: getLabels(),
			users: helpers.getUserPrivileges(cid, 'filter:privileges.list', privileges.userPrivilegeList),
			groups: helpers.getGroupPrivileges(cid, 'filter:privileges.groups.list', privileges.groupPrivilegeList),
		});

		// This is a hack because I can't do {labels.users.length} to echo the count in templates.js
		payload.columnCountUser = payload.labels.users.length + 2;
		payload.columnCountUserOther = payload.labels.users.length - privileges.privilegeLabels.length;
		payload.columnCountGroup = payload.labels.groups.length + 2;
		payload.columnCountGroupOther = payload.labels.groups.length - privileges.privilegeLabels.length;
		return payload;
	};

	privileges.categories.get = async function (cid, uid) {
		const privs = ['topics:create', 'topics:read', 'topics:tag', 'read'];

		const [userPrivileges, isAdministrator, isModerator] = await Promise.all([
			helpers.isUserAllowedTo(privs, uid, cid),
			user.isAdministrator(uid),
			user.isModerator(uid, cid),
		]);

		const privData = _.zipObject(privs, userPrivileges);
		const isAdminOrMod = isAdministrator || isModerator;

		return await plugins.fireHook('filter:privileges.categories.get', {
			'topics:create': privData['topics:create'] || isAdministrator,
			'topics:read': privData['topics:read'] || isAdministrator,
			'topics:tag': privData['topics:tag'] || isAdministrator,
			read: privData.read || isAdministrator,
			cid: cid,
			uid: uid,
			editable: isAdminOrMod,
			view_deleted: isAdminOrMod,
			isAdminOrMod: isAdminOrMod,
		});
	};

	privileges.categories.isAdminOrMod = async function (cid, uid) {
		if (parseInt(uid, 10) <= 0) {
			return false;
		}
		const [isAdmin, isMod] = await Promise.all([
			user.isAdministrator(uid),
			user.isModerator(uid, cid),
		]);
		return isAdmin || isMod;
	};

	privileges.categories.isUserAllowedTo = async function (privilege, cid, uid) {
		if (!cid) {
			return false;
		}
		const results = await helpers.isUserAllowedTo(privilege, uid, Array.isArray(cid) ? cid : [cid]);

		if (Array.isArray(results) && results.length) {
			return Array.isArray(cid) ? results : results[0];
		}
		return false;
	};

	privileges.categories.can = async function (privilege, cid, uid) {
		if (!cid) {
			return false;
		}
		const [disabled, isAdmin, isAllowed] = await Promise.all([
			categories.getCategoryField(cid, 'disabled'),
			user.isAdministrator(uid),
			privileges.categories.isUserAllowedTo(privilege, cid, uid),
		]);
		return !disabled && (isAllowed || isAdmin);
	};

	privileges.categories.filterCids = async function (privilege, cids, uid) {
		if (!Array.isArray(cids) || !cids.length) {
			return [];
		}

		cids = _.uniq(cids);
		const results = await privileges.categories.getBase(privilege, cids, uid);
		return cids.filter((cid, index) => !!cid && !results.categories[index].disabled && (results.allowedTo[index] || results.isAdmin));
	};

	privileges.categories.getBase = async function (privilege, cids, uid) {
		return await utils.promiseParallel({
			categories: categories.getCategoriesFields(cids, ['disabled']),
			allowedTo: helpers.isUserAllowedTo(privilege, uid, cids),
			isAdmin: user.isAdministrator(uid),
		});
	};

	privileges.categories.filterUids = async function (privilege, cid, uids) {
		if (!uids.length) {
			return [];
		}

		uids = _.uniq(uids);

		const [allowedTo, isAdmins] = await Promise.all([
			helpers.isUsersAllowedTo(privilege, uids, cid),
			user.isAdministrator(uids),
		]);
		return uids.filter((uid, index) => allowedTo[index] || isAdmins[index]);
	};

	privileges.categories.give = async function (privileges, cid, groupName) {
		await helpers.giveOrRescind(groups.join, privileges, cid, groupName);
	};

	privileges.categories.rescind = async function (privileges, cid, groupName) {
		await helpers.giveOrRescind(groups.leave, privileges, cid, groupName);
	};

	privileges.categories.canMoveAllTopics = async function (currentCid, targetCid, uid) {
		const [isAdmin, isModerators] = await Promise.all([
			user.isAdministrator(uid),
			user.isModerator(uid, [currentCid, targetCid]),
		]);
		return isAdmin || !isModerators.includes(false);
	};

	privileges.categories.userPrivileges = async function (cid, uid) {
		const tasks = {};
		privileges.userPrivilegeList.forEach(function (privilege) {
			tasks[privilege] = groups.isMember(uid, 'cid:' + cid + ':privileges:' + privilege);
		});
		return await utils.promiseParallel(tasks);
	};

	privileges.categories.groupPrivileges = async function (cid, groupName) {
		const tasks = {};
		privileges.groupPrivilegeList.forEach(function (privilege) {
			tasks[privilege] = groups.isMember(groupName, 'cid:' + cid + ':privileges:' + privilege);
		});
		return await utils.promiseParallel(tasks);
	};
};
more work on #1518 still needs more work, category is next 2014-05-15 10:38:02 -04:00
			`'use strict';`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`const _ = require('lodash');`
more work on #1518 still needs more work, category is next 2014-05-15 10:38:02 -04:00
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`const categories = require('../categories');`
			`const user = require('../user');`
			`const groups = require('../groups');`
			`const helpers = require('./helpers');`
			`const plugins = require('../plugins');`
			`const utils = require('../utils');`
more work on #1518 still needs more work, category is next 2014-05-15 10:38:02 -04:00
Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`module.exports = function (privileges) {`
more work on #1518 still needs more work, category is next 2014-05-15 10:38:02 -04:00			`privileges.categories = {};`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`// Method used in admin/category controller to show all users/groups with privs in that given cid`
			`privileges.categories.list = async function (cid) {`
			`async function getLabels() {`
			`return await utils.promiseParallel({`
			`users: plugins.fireHook('filter:privileges.list_human', privileges.privilegeLabels.slice()),`
			`groups: plugins.fireHook('filter:privileges.groups.list_human', privileges.privilegeLabels.slice()),`
			`});`
			`}`

			`const payload = await utils.promiseParallel({`
			`labels: getLabels(),`
			`users: helpers.getUserPrivileges(cid, 'filter:privileges.list', privileges.userPrivilegeList),`
			`groups: helpers.getGroupPrivileges(cid, 'filter:privileges.groups.list', privileges.groupPrivilegeList),`
			`});`

			`// This is a hack because I can't do {labels.users.length} to echo the count in templates.js`
			`payload.columnCountUser = payload.labels.users.length + 2;`
			`payload.columnCountUserOther = payload.labels.users.length - privileges.privilegeLabels.length;`
			`payload.columnCountGroup = payload.labels.groups.length + 2;`
			`payload.columnCountGroupOther = payload.labels.groups.length - privileges.privilegeLabels.length;`
			`return payload;`
a huge frickin' number of changes for #2887. This is part of #2463 2015-03-25 15:42:15 -04:00			`};`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`privileges.categories.get = async function (cid, uid) {`
			`const privs = ['topics:create', 'topics:read', 'topics:tag', 'read'];`

			`const [userPrivileges, isAdministrator, isModerator] = await Promise.all([`
			`helpers.isUserAllowedTo(privs, uid, cid),`
			`user.isAdministrator(uid),`
			`user.isModerator(uid, cid),`
			`]);`

			`const privData = _.zipObject(privs, userPrivileges);`
			`const isAdminOrMod = isAdministrator \|\| isModerator;`

			`return await plugins.fireHook('filter:privileges.categories.get', {`
			`'topics:create': privData['topics:create'] \|\| isAdministrator,`
			`'topics:read': privData['topics:read'] \|\| isAdministrator,`
			`'topics:tag': privData['topics:tag'] \|\| isAdministrator,`
			`read: privData.read \|\| isAdministrator,`
			`cid: cid,`
			`uid: uid,`
			`editable: isAdminOrMod,`
			`view_deleted: isAdminOrMod,`
			`isAdminOrMod: isAdminOrMod,`
			`});`
closes #1518 2014-05-15 20:49:47 -04:00			`};`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`privileges.categories.isAdminOrMod = async function (cid, uid) {`
misc fixes handle spider uids properly 2018-11-12 00:20:44 -05:00			`if (parseInt(uid, 10) <= 0) {`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`return false;`
closes https://github.com/NodeBB/nodebb-theme-persona/issues/181 2015-10-28 15:10:27 -04:00			`}`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`const [isAdmin, isMod] = await Promise.all([`
			`user.isAdministrator(uid),`
			`user.isModerator(uid, cid),`
			`]);`
			`return isAdmin \|\| isMod;`
privilege fixes 2015-09-15 18:21:17 -04:00			`};`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`privileges.categories.isUserAllowedTo = async function (privilege, cid, uid) {`
closes #2330 2015-09-16 08:35:40 -04:00			`if (!cid) {`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`return false;`
closes #2330 2015-09-16 08:35:40 -04:00			`}`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`const results = await helpers.isUserAllowedTo(privilege, uid, Array.isArray(cid) ? cid : [cid]);`

			`if (Array.isArray(results) && results.length) {`
			`return Array.isArray(cid) ? results : results[0];`
feat: allow array results 2018-12-04 15:29:50 -05:00			`}`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`return false;`
closes #2330 2015-09-16 08:35:40 -04:00			`};`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`privileges.categories.can = async function (privilege, cid, uid) {`
api/post/pid route 2015-02-24 13:02:58 -05:00			`if (!cid) {`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`return false;`
api/post/pid route 2015-02-24 13:02:58 -05:00			`}`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`const [disabled, isAdmin, isAllowed] = await Promise.all([`
			`categories.getCategoryField(cid, 'disabled'),`
			`user.isAdministrator(uid),`
			`privileges.categories.isUserAllowedTo(privilege, cid, uid),`
			`]);`
			`return !disabled && (isAllowed \|\| isAdmin);`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 2014-07-29 21:51:46 -04:00			`};`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`privileges.categories.filterCids = async function (privilege, cids, uid) {`
fix moderators 2014-11-09 00:33:26 -05:00			`if (!Array.isArray(cids) \|\| !cids.length) {`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`return [];`
early outs for privs no need to check if empty array is passed in, happens if there are no unread topics remove dupe cids before checking for privileges 2014-07-31 17:29:20 -04:00			`}`

use _.uniq 2017-06-25 20:00:05 -04:00			`cids = _.uniq(cids);`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`const results = await privileges.categories.getBase(privilege, cids, uid);`
properly filter /unread /recent /popular /top (#7927) * feat: add failing test for pagination * feat: test * fix: redis tests * refactor: remove logs * fix: add new test * feat: make sortedSetRangeByScore work with keys on redis * fix: hardcoded set name * feat: show topics from readable categories on recent/popular/top * feat: rewrite unread topics respect watched categories and followed topics * fix: term + watched 2019-09-26 21:55:49 -04:00			`return cids.filter((cid, index) => !!cid && !results.categories[index].disabled && (results.allowedTo[index] \|\| results.isAdmin));`
closes #4499 2016-04-29 20:35:49 +03:00			`};`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`privileges.categories.getBase = async function (privilege, cids, uid) {`
			`return await utils.promiseParallel({`
			`categories: categories.getCategoriesFields(cids, ['disabled']),`
			`allowedTo: helpers.isUserAllowedTo(privilege, uid, cids),`
			`isAdmin: user.isAdministrator(uid),`
			`});`
added new privilege "find", added guest meta group, closed #1282 2014-05-16 15:47:04 -04:00			`};`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`privileges.categories.filterUids = async function (privilege, cid, uids) {`
added filterUids method to privileges used to filter uids on a single category 2014-09-09 15:19:57 -04:00			`if (!uids.length) {`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`return [];`
added filterUids method to privileges used to filter uids on a single category 2014-09-09 15:19:57 -04:00			`}`

switch .filter to uniq 2017-06-25 19:05:13 -04:00			`uids = _.uniq(uids);`
partially revert https://github.com/NodeBB/NodeBB/commit/fa9f1ac7fe26462febda07189203365e984a146d extending module.exports instead of overwriting fixes the issue 2016-08-27 12:58:08 +03:00
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`const [allowedTo, isAdmins] = await Promise.all([`
			`helpers.isUsersAllowedTo(privilege, uids, cid),`
			`user.isAdministrator(uids),`
			`]);`
			`return uids.filter((uid, index) => allowedTo[index] \|\| isAdmins[index]);`
added filterUids method to privileges used to filter uids on a single category 2014-09-09 15:19:57 -04:00			`};`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`privileges.categories.give = async function (privileges, cid, groupName) {`
			`await helpers.giveOrRescind(groups.join, privileges, cid, groupName);`
on category creation give defaults privs to admins and registered users 2014-11-11 22:58:34 -05:00			`};`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`privileges.categories.rescind = async function (privileges, cid, groupName) {`
			`await helpers.giveOrRescind(groups.leave, privileges, cid, groupName);`
remove dupe 2015-09-27 15:02:04 -04:00			`};`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`privileges.categories.canMoveAllTopics = async function (currentCid, targetCid, uid) {`
			`const [isAdmin, isModerators] = await Promise.all([`
			`user.isAdministrator(uid),`
			`user.isModerator(uid, [currentCid, targetCid]),`
			`]);`
			`return isAdmin \|\| !isModerators.includes(false);`
closes #1518 2014-05-15 20:49:47 -04:00			`};`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`privileges.categories.userPrivileges = async function (cid, uid) {`
			`const tasks = {};`
refactor userPrivileges and groupPrivileges 2017-06-15 14:02:51 -04:00			`privileges.userPrivilegeList.forEach(function (privilege) {`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`tasks[privilege] = groups.isMember(uid, 'cid:' + cid + ':privileges:' + privilege);`
refactor userPrivileges and groupPrivileges 2017-06-15 14:02:51 -04:00			`});`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`return await utils.promiseParallel(tasks);`
closes #1518 2014-05-15 20:49:47 -04:00			`};`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`privileges.categories.groupPrivileges = async function (cid, groupName) {`
			`const tasks = {};`
refactor userPrivileges and groupPrivileges 2017-06-15 14:02:51 -04:00			`privileges.groupPrivilegeList.forEach(function (privilege) {`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`tasks[privilege] = groups.isMember(groupName, 'cid:' + cid + ':privileges:' + privilege);`
refactor userPrivileges and groupPrivileges 2017-06-15 14:02:51 -04:00			`});`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`return await utils.promiseParallel(tasks);`
closes #1518 2014-05-15 20:49:47 -04:00			`};`
ESlint eol-last 2017-02-18 02:30:48 -07:00			`};`