src/privileges/helpers.js


'use strict';

var async = require('async');
var _ = require('lodash');

var groups = require('../groups');
var user = require('../user');
var plugins = require('../plugins');

var helpers = module.exports;

var uidToSystemGroup = {
	0: 'guests',
	'-1': 'spiders',
};

helpers.some = function (tasks, callback) {
	async.some(tasks, function (task, next) {
		task(next);
	}, callback);
};

helpers.isUserAllowedTo = function (privilege, uid, cid, callback) {
	if (Array.isArray(privilege) && !Array.isArray(cid)) {
		isUserAllowedToPrivileges(privilege, uid, cid, callback);
	} else if (Array.isArray(cid) && !Array.isArray(privilege)) {
		isUserAllowedToCids(privilege, uid, cid, callback);
	} else {
		return callback(new Error('[[error:invalid-data]]'));
	}
};

function isUserAllowedToCids(privilege, uid, cids, callback) {
	if (parseInt(uid, 10) <= 0) {
		return isSystemGroupAllowedToCids(privilege, uid, cids, callback);
	}

	var userKeys = [];
	var groupKeys = [];
	cids.forEach(function (cid) {
		userKeys.push('cid:' + cid + ':privileges:' + privilege);
		groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege);
	});

	checkIfAllowed(uid, userKeys, groupKeys, callback);
}

function isUserAllowedToPrivileges(privileges, uid, cid, callback) {
	if (parseInt(uid, 10) <= 0) {
		return isSystemGroupAllowedToPrivileges(privileges, uid, cid, callback);
	}

	var userKeys = [];
	var groupKeys = [];
	privileges.forEach(function (privilege) {
		userKeys.push('cid:' + cid + ':privileges:' + privilege);
		groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege);
	});

	checkIfAllowed(uid, userKeys, groupKeys, callback);
}

function checkIfAllowed(uid, userKeys, groupKeys, callback) {
	async.waterfall([
		function (next) {
			async.parallel({
				hasUserPrivilege: function (next) {
					groups.isMemberOfGroups(uid, userKeys, next);
				},
				hasGroupPrivilege: function (next) {
					groups.isMemberOfGroupsList(uid, groupKeys, next);
				},
			}, next);
		},
		function (results, next) {
			var result = userKeys.map(function (key, index) {
				return results.hasUserPrivilege[index] || results.hasGroupPrivilege[index];
			});

			next(null, result);
		},
	], callback);
}

helpers.isUsersAllowedTo = function (privilege, uids, cid, callback) {
	async.waterfall([
		function (next) {
			async.parallel({
				hasUserPrivilege: function (next) {
					groups.isMembers(uids, 'cid:' + cid + ':privileges:' + privilege, next);
				},
				hasGroupPrivilege: function (next) {
					groups.isMembersOfGroupList(uids, 'cid:' + cid + ':privileges:groups:' + privilege, next);
				},
			}, next);
		},
		function (results, next) {
			var result = uids.map(function (uid, index) {
				return results.hasUserPrivilege[index] || results.hasGroupPrivilege[index];
			});

			next(null, result);
		},
	], callback);
};

function isSystemGroupAllowedToCids(privilege, uid, cids, callback) {
	const groupKeys = cids.map(cid => 'cid:' + cid + ':privileges:groups:' + privilege);
	groups.isMemberOfGroups(uidToSystemGroup[uid], groupKeys, callback);
}

function isSystemGroupAllowedToPrivileges(privileges, uid, cid, callback) {
	const groupKeys = privileges.map(privilege => 'cid:' + cid + ':privileges:groups:' + privilege);
	groups.isMemberOfGroups(uidToSystemGroup[uid], groupKeys, callback);
}

helpers.getUserPrivileges = function (cid, hookName, userPrivilegeList, callback) {
	var userPrivileges;
	var memberSets;
	async.waterfall([
		async.apply(plugins.fireHook, hookName, userPrivilegeList.slice()),
		function (_privs, next) {
			userPrivileges = _privs;
			groups.getMembersOfGroups(userPrivileges.map(privilege => 'cid:' + cid + ':privileges:' + privilege), next);
		},
		function (_memberSets, next) {
			memberSets = _memberSets.map(function (set) {
				return set.map(uid => parseInt(uid, 10));
			});

			var members = _.uniq(_.flatten(memberSets));

			user.getUsersFields(members, ['picture', 'username'], next);
		},
		function (memberData, next) {
			memberData.forEach(function (member) {
				member.privileges = {};
				for (var x = 0, numPrivs = userPrivileges.length; x < numPrivs; x += 1) {
					member.privileges[userPrivileges[x]] = memberSets[x].includes(parseInt(member.uid, 10));
				}
			});

			next(null, memberData);
		},
	], callback);
};

helpers.getGroupPrivileges = function (cid, hookName, groupPrivilegeList, callback) {
	var groupPrivileges;
	async.waterfall([
		async.apply(plugins.fireHook, hookName, groupPrivilegeList.slice()),
		function (_privs, next) {
			groupPrivileges = _privs;
			async.parallel({
				memberSets: function (next) {
					groups.getMembersOfGroups(groupPrivileges.map(privilege => 'cid:' + cid + ':privileges:' + privilege), next);
				},
				groupNames: function (next) {
					groups.getGroups('groups:createtime', 0, -1, next);
				},
			}, next);
		},
		function (results, next) {
			var memberSets = results.memberSets;
			var uniqueGroups = _.uniq(_.flatten(memberSets));

			var groupNames = results.groupNames.filter(groupName => !groupName.includes(':privileges:') && uniqueGroups.includes(groupName));

			groupNames = groups.ephemeralGroups.concat(groupNames);
			moveToFront(groupNames, 'Global Moderators');
			moveToFront(groupNames, 'registered-users');

			var adminIndex = groupNames.indexOf('administrators');
			if (adminIndex !== -1) {
				groupNames.splice(adminIndex, 1);
			}

			var memberPrivs;

			var memberData = groupNames.map(function (member) {
				memberPrivs = {};

				for (var x = 0, numPrivs = groupPrivileges.length; x < numPrivs; x += 1) {
					memberPrivs[groupPrivileges[x]] = memberSets[x].includes(member);
				}
				return {
					name: member,
					privileges: memberPrivs,
				};
			});

			next(null, memberData);
		},
		function (memberData, next) {
			// Grab privacy info for the groups as well
			async.map(memberData, function (member, next) {
				async.waterfall([
					function (next) {
						groups.isPrivate(member.name, next);
					},
					function (isPrivate, next) {
						member.isPrivate = isPrivate;
						next(null, member);
					},
				], next);
			}, next);
		},
	], callback);
};

function moveToFront(groupNames, groupToMove) {
	const index = groupNames.indexOf(groupToMove);
	if (index !== -1) {
		groupNames.splice(0, 0, groupNames.splice(index, 1)[0]);
	} else {
		groupNames.unshift(groupToMove);
	}
}

helpers.giveOrRescind = function (method, privileges, cids, groupNames, callback) {
	groupNames = Array.isArray(groupNames) ? groupNames : [groupNames];
	cids = Array.isArray(cids) ? cids : [cids];
	async.eachSeries(groupNames, function (groupName, next) {
		var groupKeys = [];
		cids.forEach((cid) => {
			privileges.forEach((privilege) => {
				groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege);
			});
		});
		method(groupKeys, groupName, next);
	}, callback);
};
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00
			`'use strict';`

remove unused requires 2016-01-23 12:12:46 +02:00			`var async = require('async');`
move privileges to same page 2017-12-20 14:49:20 -05:00			`var _ = require('lodash');`

partially revert https://github.com/NodeBB/NodeBB/commit/fa9f1ac7fe26462febda07189203365e984a146d extending module.exports instead of overwriting fixes the issue 2016-08-27 12:58:08 +03:00			`var groups = require('../groups');`
move privileges to same page 2017-12-20 14:49:20 -05:00			`var user = require('../user');`
			`var plugins = require('../plugins');`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00
privileges style changes 2017-05-25 21:17:20 -04:00			`var helpers = module.exports;`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00
closes #2304 2018-01-31 15:20:17 -05:00			`var uidToSystemGroup = {`
			`0: 'guests',`
			`'-1': 'spiders',`
			`};`

Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`helpers.some = function (tasks, callback) {`
			`async.some(tasks, function (task, next) {`
Use async v2 2017-01-02 22:23:17 -07:00			`task(next);`
			`}, callback);`
more work on #1518 still needs more work, category is next 2014-05-15 10:38:02 -04:00			`};`

Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`helpers.isUserAllowedTo = function (privilege, uid, cid, callback) {`
improve helpers.isUserAllowedTo ability to pass in an array of privileges and a single cid 2016-09-15 14:01:56 +03:00			`if (Array.isArray(privilege) && !Array.isArray(cid)) {`
			`isUserAllowedToPrivileges(privilege, uid, cid, callback);`
			`} else if (Array.isArray(cid) && !Array.isArray(privilege)) {`
			`isUserAllowedToCids(privilege, uid, cid, callback);`
			`} else {`
			`return callback(new Error('[[error:invalid-data]]'));`
			`}`
			`};`

			`function isUserAllowedToCids(privilege, uid, cids, callback) {`
closes #2304 2018-01-31 15:20:17 -05:00			`if (parseInt(uid, 10) <= 0) {`
			`return isSystemGroupAllowedToCids(privilege, uid, cids, callback);`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 2014-07-29 21:51:46 -04:00			`}`

ESlint one-var, fix comma-dangle 2017-02-17 20:20:42 -07:00			`var userKeys = [];`
			`var groupKeys = [];`
privileges style changes 2017-05-25 21:17:20 -04:00			`cids.forEach(function (cid) {`
			`userKeys.push('cid:' + cid + ':privileges:' + privilege);`
			`groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege);`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00			`});`
privileges style changes 2017-05-25 21:17:20 -04:00
			`checkIfAllowed(uid, userKeys, groupKeys, callback);`
improve helpers.isUserAllowedTo ability to pass in an array of privileges and a single cid 2016-09-15 14:01:56 +03:00			`}`

			`function isUserAllowedToPrivileges(privileges, uid, cid, callback) {`
closes #2304 2018-01-31 15:20:17 -05:00			`if (parseInt(uid, 10) <= 0) {`
			`return isSystemGroupAllowedToPrivileges(privileges, uid, cid, callback);`
improve helpers.isUserAllowedTo ability to pass in an array of privileges and a single cid 2016-09-15 14:01:56 +03:00			`}`

ESlint one-var, fix comma-dangle 2017-02-17 20:20:42 -07:00			`var userKeys = [];`
			`var groupKeys = [];`
privileges style changes 2017-05-25 21:17:20 -04:00			`privileges.forEach(function (privilege) {`
			`userKeys.push('cid:' + cid + ':privileges:' + privilege);`
			`groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege);`
			`});`
improve helpers.isUserAllowedTo ability to pass in an array of privileges and a single cid 2016-09-15 14:01:56 +03:00
privileges style changes 2017-05-25 21:17:20 -04:00			`checkIfAllowed(uid, userKeys, groupKeys, callback);`
			`}`
improve helpers.isUserAllowedTo ability to pass in an array of privileges and a single cid 2016-09-15 14:01:56 +03:00
privileges style changes 2017-05-25 21:17:20 -04:00			`function checkIfAllowed(uid, userKeys, groupKeys, callback) {`
			`async.waterfall([`
			`function (next) {`
			`async.parallel({`
			`hasUserPrivilege: function (next) {`
			`groups.isMemberOfGroups(uid, userKeys, next);`
			`},`
			`hasGroupPrivilege: function (next) {`
			`groups.isMemberOfGroupsList(uid, groupKeys, next);`
			`},`
			`}, next);`
			`},`
			`function (results, next) {`
			`var result = userKeys.map(function (key, index) {`
			`return results.hasUserPrivilege[index] \|\| results.hasGroupPrivilege[index];`
			`});`
improve helpers.isUserAllowedTo ability to pass in an array of privileges and a single cid 2016-09-15 14:01:56 +03:00
privileges style changes 2017-05-25 21:17:20 -04:00			`next(null, result);`
			`},`
			`], callback);`
improve helpers.isUserAllowedTo ability to pass in an array of privileges and a single cid 2016-09-15 14:01:56 +03:00			`}`

Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`helpers.isUsersAllowedTo = function (privilege, uids, cid, callback) {`
privileges style changes 2017-05-25 21:17:20 -04:00			`async.waterfall([`
			`function (next) {`
			`async.parallel({`
			`hasUserPrivilege: function (next) {`
			`groups.isMembers(uids, 'cid:' + cid + ':privileges:' + privilege, next);`
			`},`
			`hasGroupPrivilege: function (next) {`
			`groups.isMembersOfGroupList(uids, 'cid:' + cid + ':privileges:groups:' + privilege, next);`
			`},`
			`}, next);`
added filterUids method to privileges used to filter uids on a single category 2014-09-09 15:19:57 -04:00			`},`
privileges style changes 2017-05-25 21:17:20 -04:00			`function (results, next) {`
			`var result = uids.map(function (uid, index) {`
			`return results.hasUserPrivilege[index] \|\| results.hasGroupPrivilege[index];`
			`});`
added filterUids method to privileges used to filter uids on a single category 2014-09-09 15:19:57 -04:00
privileges style changes 2017-05-25 21:17:20 -04:00			`next(null, result);`
			`},`
			`], callback);`
added filterUids method to privileges used to filter uids on a single category 2014-09-09 15:19:57 -04:00			`};`

closes #2304 2018-01-31 15:20:17 -05:00			`function isSystemGroupAllowedToCids(privilege, uid, cids, callback) {`
Remove implicit mod privs. closes #6345 (#7648) * feat: add upgrade script to give mods privs * feat: give all privileges when making a moderator * feat: remove implicit privs * feat: give global mods default privs * feat: more priv fixes * feat: use lodash * fix: remove implicit mod priv from topic delete * fix: more privs * fix: posts.canEdit * fix: canDelete and canEdit * fix: tests, remove console.log * feat: shorter functions * feat: add tests * fix: uids * fix: redis random test fail 2019-05-30 19:30:47 -04:00			`const groupKeys = cids.map(cid => 'cid:' + cid + ':privileges:groups:' + privilege);`
closes #2304 2018-01-31 15:20:17 -05:00			`groups.isMemberOfGroups(uidToSystemGroup[uid], groupKeys, callback);`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 2014-07-29 21:51:46 -04:00			`}`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00
closes #2304 2018-01-31 15:20:17 -05:00			`function isSystemGroupAllowedToPrivileges(privileges, uid, cid, callback) {`
Remove implicit mod privs. closes #6345 (#7648) * feat: add upgrade script to give mods privs * feat: give all privileges when making a moderator * feat: remove implicit privs * feat: give global mods default privs * feat: more priv fixes * feat: use lodash * fix: remove implicit mod priv from topic delete * fix: more privs * fix: posts.canEdit * fix: canDelete and canEdit * fix: tests, remove console.log * feat: shorter functions * feat: add tests * fix: uids * fix: redis random test fail 2019-05-30 19:30:47 -04:00			`const groupKeys = privileges.map(privilege => 'cid:' + cid + ':privileges:groups:' + privilege);`
closes #2304 2018-01-31 15:20:17 -05:00			`groups.isMemberOfGroups(uidToSystemGroup[uid], groupKeys, callback);`
improve helpers.isUserAllowedTo ability to pass in an array of privileges and a single cid 2016-09-15 14:01:56 +03:00			`}`
move privileges to same page 2017-12-20 14:49:20 -05:00
			`helpers.getUserPrivileges = function (cid, hookName, userPrivilegeList, callback) {`
			`var userPrivileges;`
			`var memberSets;`
			`async.waterfall([`
			`async.apply(plugins.fireHook, hookName, userPrivilegeList.slice()),`
			`function (_privs, next) {`
			`userPrivileges = _privs;`
Remove implicit mod privs. closes #6345 (#7648) * feat: add upgrade script to give mods privs * feat: give all privileges when making a moderator * feat: remove implicit privs * feat: give global mods default privs * feat: more priv fixes * feat: use lodash * fix: remove implicit mod priv from topic delete * fix: more privs * fix: posts.canEdit * fix: canDelete and canEdit * fix: tests, remove console.log * feat: shorter functions * feat: add tests * fix: uids * fix: redis random test fail 2019-05-30 19:30:47 -04:00			`groups.getMembersOfGroups(userPrivileges.map(privilege => 'cid:' + cid + ':privileges:' + privilege), next);`
move privileges to same page 2017-12-20 14:49:20 -05:00			`},`
			`function (_memberSets, next) {`
			`memberSets = _memberSets.map(function (set) {`
Remove implicit mod privs. closes #6345 (#7648) * feat: add upgrade script to give mods privs * feat: give all privileges when making a moderator * feat: remove implicit privs * feat: give global mods default privs * feat: more priv fixes * feat: use lodash * fix: remove implicit mod priv from topic delete * fix: more privs * fix: posts.canEdit * fix: canDelete and canEdit * fix: tests, remove console.log * feat: shorter functions * feat: add tests * fix: uids * fix: redis random test fail 2019-05-30 19:30:47 -04:00			`return set.map(uid => parseInt(uid, 10));`
move privileges to same page 2017-12-20 14:49:20 -05:00			`});`

			`var members = _.uniq(_.flatten(memberSets));`

			`user.getUsersFields(members, ['picture', 'username'], next);`
			`},`
			`function (memberData, next) {`
			`memberData.forEach(function (member) {`
			`member.privileges = {};`
			`for (var x = 0, numPrivs = userPrivileges.length; x < numPrivs; x += 1) {`
use includes instead of indexOf use _.uniq instead of filter&indexOf 2018-10-20 14:40:48 -04:00			`member.privileges[userPrivileges[x]] = memberSets[x].includes(parseInt(member.uid, 10));`
move privileges to same page 2017-12-20 14:49:20 -05:00			`}`
			`});`

			`next(null, memberData);`
			`},`
			`], callback);`
			`};`

			`helpers.getGroupPrivileges = function (cid, hookName, groupPrivilegeList, callback) {`
			`var groupPrivileges;`
			`async.waterfall([`
			`async.apply(plugins.fireHook, hookName, groupPrivilegeList.slice()),`
			`function (_privs, next) {`
			`groupPrivileges = _privs;`
			`async.parallel({`
			`memberSets: function (next) {`
Remove implicit mod privs. closes #6345 (#7648) * feat: add upgrade script to give mods privs * feat: give all privileges when making a moderator * feat: remove implicit privs * feat: give global mods default privs * feat: more priv fixes * feat: use lodash * fix: remove implicit mod priv from topic delete * fix: more privs * fix: posts.canEdit * fix: canDelete and canEdit * fix: tests, remove console.log * feat: shorter functions * feat: add tests * fix: uids * fix: redis random test fail 2019-05-30 19:30:47 -04:00			`groups.getMembersOfGroups(groupPrivileges.map(privilege => 'cid:' + cid + ':privileges:' + privilege), next);`
move privileges to same page 2017-12-20 14:49:20 -05:00			`},`
			`groupNames: function (next) {`
			`groups.getGroups('groups:createtime', 0, -1, next);`
			`},`
			`}, next);`
			`},`
			`function (results, next) {`
			`var memberSets = results.memberSets;`
			`var uniqueGroups = _.uniq(_.flatten(memberSets));`

Remove implicit mod privs. closes #6345 (#7648) * feat: add upgrade script to give mods privs * feat: give all privileges when making a moderator * feat: remove implicit privs * feat: give global mods default privs * feat: more priv fixes * feat: use lodash * fix: remove implicit mod priv from topic delete * fix: more privs * fix: posts.canEdit * fix: canDelete and canEdit * fix: tests, remove console.log * feat: shorter functions * feat: add tests * fix: uids * fix: redis random test fail 2019-05-30 19:30:47 -04:00			`var groupNames = results.groupNames.filter(groupName => !groupName.includes(':privileges:') && uniqueGroups.includes(groupName));`
move privileges to same page 2017-12-20 14:49:20 -05:00
			`groupNames = groups.ephemeralGroups.concat(groupNames);`
Remove implicit mod privs. closes #6345 (#7648) * feat: add upgrade script to give mods privs * feat: give all privileges when making a moderator * feat: remove implicit privs * feat: give global mods default privs * feat: more priv fixes * feat: use lodash * fix: remove implicit mod priv from topic delete * fix: more privs * fix: posts.canEdit * fix: canDelete and canEdit * fix: tests, remove console.log * feat: shorter functions * feat: add tests * fix: uids * fix: redis random test fail 2019-05-30 19:30:47 -04:00			`moveToFront(groupNames, 'Global Moderators');`
			`moveToFront(groupNames, 'registered-users');`
move privileges to same page 2017-12-20 14:49:20 -05:00
			`var adminIndex = groupNames.indexOf('administrators');`
			`if (adminIndex !== -1) {`
			`groupNames.splice(adminIndex, 1);`
			`}`

			`var memberPrivs;`

			`var memberData = groupNames.map(function (member) {`
			`memberPrivs = {};`

			`for (var x = 0, numPrivs = groupPrivileges.length; x < numPrivs; x += 1) {`
use includes instead of indexOf use _.uniq instead of filter&indexOf 2018-10-20 14:40:48 -04:00			`memberPrivs[groupPrivileges[x]] = memberSets[x].includes(member);`
move privileges to same page 2017-12-20 14:49:20 -05:00			`}`
			`return {`
			`name: member,`
			`privileges: memberPrivs,`
			`};`
			`});`

			`next(null, memberData);`
			`},`
			`function (memberData, next) {`
			`// Grab privacy info for the groups as well`
			`async.map(memberData, function (member, next) {`
			`async.waterfall([`
			`function (next) {`
			`groups.isPrivate(member.name, next);`
			`},`
			`function (isPrivate, next) {`
			`member.isPrivate = isPrivate;`
			`next(null, member);`
			`},`
			`], next);`
			`}, next);`
			`},`
			`], callback);`
more fixes 2017-12-20 15:19:22 -05:00			`};`
make upload permissions global give upload image permission to registered users on install add global privileges to app.user.privileges for client side use 2018-01-03 13:27:30 -05:00
Remove implicit mod privs. closes #6345 (#7648) * feat: add upgrade script to give mods privs * feat: give all privileges when making a moderator * feat: remove implicit privs * feat: give global mods default privs * feat: more priv fixes * feat: use lodash * fix: remove implicit mod priv from topic delete * fix: more privs * fix: posts.canEdit * fix: canDelete and canEdit * fix: tests, remove console.log * feat: shorter functions * feat: add tests * fix: uids * fix: redis random test fail 2019-05-30 19:30:47 -04:00			`function moveToFront(groupNames, groupToMove) {`
			`const index = groupNames.indexOf(groupToMove);`
			`if (index !== -1) {`
			`groupNames.splice(0, 0, groupNames.splice(index, 1)[0]);`
			`} else {`
			`groupNames.unshift(groupToMove);`
			`}`
			`}`

update groups join to take array of group names (#6834) * allow groups.join to take an array of group names * pass an array to groups.join/leave in privileges * split up groups/membership * add hits/miss to group cache * fix typo 2018-10-15 13:45:55 -04:00			`helpers.giveOrRescind = function (method, privileges, cids, groupNames, callback) {`
			`groupNames = Array.isArray(groupNames) ? groupNames : [groupNames];`
			`cids = Array.isArray(cids) ? cids : [cids];`
			`async.eachSeries(groupNames, function (groupName, next) {`
			`var groupKeys = [];`
			`cids.forEach((cid) => {`
			`privileges.forEach((privilege) => {`
			`groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege);`
			`});`
			`});`
			`method(groupKeys, groupName, next);`
make upload permissions global give upload image permission to registered users on install add global privileges to app.user.privileges for client side use 2018-01-03 13:27:30 -05:00			`}, callback);`
			`};`