src/privileges/helpers.js


'use strict';

const _ = require('lodash');
const validator = require('validator');

const groups = require('../groups');
const user = require('../user');
const plugins = require('../plugins');
const translator = require('../translator');

const helpers = module.exports;

const uidToSystemGroup = {
	0: 'guests',
	'-1': 'spiders',
};

helpers.isUserAllowedTo = async function (privilege, uid, cid) {
	if (Array.isArray(privilege) && !Array.isArray(cid)) {
		return await isUserAllowedToPrivileges(privilege, uid, cid);
	} else if (Array.isArray(cid) && !Array.isArray(privilege)) {
		return await isUserAllowedToCids(privilege, uid, cid);
	}
	throw new Error('[[error:invalid-data]]');
};

async function isUserAllowedToCids(privilege, uid, cids) {
	if (parseInt(uid, 10) <= 0) {
		return await isSystemGroupAllowedToCids(privilege, uid, cids);
	}

	const userKeys = [];
	const groupKeys = [];
	cids.forEach(function (cid) {
		userKeys.push('cid:' + cid + ':privileges:' + privilege);
		groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege);
	});

	return await checkIfAllowed(uid, userKeys, groupKeys);
}

async function isUserAllowedToPrivileges(privileges, uid, cid) {
	if (parseInt(uid, 10) <= 0) {
		return await isSystemGroupAllowedToPrivileges(privileges, uid, cid);
	}

	const userKeys = [];
	const groupKeys = [];
	privileges.forEach(function (privilege) {
		userKeys.push('cid:' + cid + ':privileges:' + privilege);
		groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege);
	});

	return await checkIfAllowed(uid, userKeys, groupKeys);
}

async function checkIfAllowed(uid, userKeys, groupKeys) {
	const [hasUserPrivilege, hasGroupPrivilege] = await Promise.all([
		groups.isMemberOfGroups(uid, userKeys),
		groups.isMemberOfGroupsList(uid, groupKeys),
	]);
	return userKeys.map((key, index) => hasUserPrivilege[index] || hasGroupPrivilege[index]);
}

helpers.isUsersAllowedTo = async function (privilege, uids, cid) {
	const [hasUserPrivilege, hasGroupPrivilege] = await Promise.all([
		groups.isMembers(uids, 'cid:' + cid + ':privileges:' + privilege),
		groups.isMembersOfGroupList(uids, 'cid:' + cid + ':privileges:groups:' + privilege),
	]);
	return uids.map((uid, index) => hasUserPrivilege[index] || hasGroupPrivilege[index]);
};

async function isSystemGroupAllowedToCids(privilege, uid, cids) {
	const groupKeys = cids.map(cid => 'cid:' + cid + ':privileges:groups:' + privilege);
	return await groups.isMemberOfGroups(uidToSystemGroup[uid], groupKeys);
}

async function isSystemGroupAllowedToPrivileges(privileges, uid, cid) {
	const groupKeys = privileges.map(privilege => 'cid:' + cid + ':privileges:groups:' + privilege);
	return await groups.isMemberOfGroups(uidToSystemGroup[uid], groupKeys);
}

helpers.getUserPrivileges = async function (cid, hookName, userPrivilegeList) {
	const userPrivileges = await plugins.fireHook(hookName, userPrivilegeList.slice());
	let memberSets = await groups.getMembersOfGroups(userPrivileges.map(privilege => 'cid:' + cid + ':privileges:' + privilege));
	memberSets = memberSets.map(function (set) {
		return set.map(uid => parseInt(uid, 10));
	});

	const members = _.uniq(_.flatten(memberSets));
	const memberData = await user.getUsersFields(members, ['picture', 'username']);

	memberData.forEach(function (member) {
		member.privileges = {};
		for (var x = 0, numPrivs = userPrivileges.length; x < numPrivs; x += 1) {
			member.privileges[userPrivileges[x]] = memberSets[x].includes(parseInt(member.uid, 10));
		}
	});

	return memberData;
};

helpers.getGroupPrivileges = async function (cid, hookName, groupPrivilegeList) {
	const groupPrivileges = await plugins.fireHook(hookName, groupPrivilegeList.slice());
	const [memberSets, allGroupNames] = await Promise.all([
		groups.getMembersOfGroups(groupPrivileges.map(privilege => 'cid:' + cid + ':privileges:' + privilege)),
		groups.getGroups('groups:createtime', 0, -1),
	]);

	const uniqueGroups = _.uniq(_.flatten(memberSets));

	let groupNames = allGroupNames.filter(groupName => !groupName.includes(':privileges:') && uniqueGroups.includes(groupName));

	groupNames = groups.ephemeralGroups.concat(groupNames);
	moveToFront(groupNames, 'Global Moderators');
	moveToFront(groupNames, 'registered-users');

	const adminIndex = groupNames.indexOf('administrators');
	if (adminIndex !== -1) {
		groupNames.splice(adminIndex, 1);
	}
	const groupData = await groups.getGroupsFields(groupNames, ['private']);
	const memberData = groupNames.map(function (member, index) {
		const memberPrivs = {};

		for (var x = 0, numPrivs = groupPrivileges.length; x < numPrivs; x += 1) {
			memberPrivs[groupPrivileges[x]] = memberSets[x].includes(member);
		}
		return {
			name: validator.escape(member),
			nameEscaped: translator.escape(validator.escape(member)),
			privileges: memberPrivs,
			isPrivate: groupData[index] && !!groupData[index].private,
		};
	});
	return memberData;
};

function moveToFront(groupNames, groupToMove) {
	const index = groupNames.indexOf(groupToMove);
	if (index !== -1) {
		groupNames.splice(0, 0, groupNames.splice(index, 1)[0]);
	} else {
		groupNames.unshift(groupToMove);
	}
}

helpers.giveOrRescind = async function (method, privileges, cids, groupNames) {
	groupNames = Array.isArray(groupNames) ? groupNames : [groupNames];
	cids = Array.isArray(cids) ? cids : [cids];
	for (const groupName of groupNames) {
		const groupKeys = [];
		cids.forEach((cid) => {
			privileges.forEach((privilege) => {
				groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege);
			});
		});
		/* eslint-disable no-await-in-loop */
		await method(groupKeys, groupName);
	}
};

require('../promisify')(helpers);
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00
			`'use strict';`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`const _ = require('lodash');`
fix: #7901, handle group names that are translation keys 2019-10-02 22:20:09 -04:00			`const validator = require('validator');`
move privileges to same page 2017-12-20 14:49:20 -05:00
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`const groups = require('../groups');`
			`const user = require('../user');`
			`const plugins = require('../plugins');`
fix: #7901, handle group names that are translation keys 2019-10-02 22:20:09 -04:00			`const translator = require('../translator');`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`const helpers = module.exports;`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`const uidToSystemGroup = {`
closes #2304 2018-01-31 15:20:17 -05:00			`0: 'guests',`
			`'-1': 'spiders',`
			`};`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`helpers.isUserAllowedTo = async function (privilege, uid, cid) {`
improve helpers.isUserAllowedTo ability to pass in an array of privileges and a single cid 2016-09-15 14:01:56 +03:00			`if (Array.isArray(privilege) && !Array.isArray(cid)) {`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`return await isUserAllowedToPrivileges(privilege, uid, cid);`
improve helpers.isUserAllowedTo ability to pass in an array of privileges and a single cid 2016-09-15 14:01:56 +03:00			`} else if (Array.isArray(cid) && !Array.isArray(privilege)) {`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`return await isUserAllowedToCids(privilege, uid, cid);`
improve helpers.isUserAllowedTo ability to pass in an array of privileges and a single cid 2016-09-15 14:01:56 +03:00			`}`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`throw new Error('[[error:invalid-data]]');`
improve helpers.isUserAllowedTo ability to pass in an array of privileges and a single cid 2016-09-15 14:01:56 +03:00			`};`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`async function isUserAllowedToCids(privilege, uid, cids) {`
closes #2304 2018-01-31 15:20:17 -05:00			`if (parseInt(uid, 10) <= 0) {`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`return await isSystemGroupAllowedToCids(privilege, uid, cids);`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 2014-07-29 21:51:46 -04:00			`}`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`const userKeys = [];`
			`const groupKeys = [];`
privileges style changes 2017-05-25 21:17:20 -04:00			`cids.forEach(function (cid) {`
			`userKeys.push('cid:' + cid + ':privileges:' + privilege);`
			`groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege);`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00			`});`
privileges style changes 2017-05-25 21:17:20 -04:00
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`return await checkIfAllowed(uid, userKeys, groupKeys);`
improve helpers.isUserAllowedTo ability to pass in an array of privileges and a single cid 2016-09-15 14:01:56 +03:00			`}`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`async function isUserAllowedToPrivileges(privileges, uid, cid) {`
closes #2304 2018-01-31 15:20:17 -05:00			`if (parseInt(uid, 10) <= 0) {`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`return await isSystemGroupAllowedToPrivileges(privileges, uid, cid);`
improve helpers.isUserAllowedTo ability to pass in an array of privileges and a single cid 2016-09-15 14:01:56 +03:00			`}`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`const userKeys = [];`
			`const groupKeys = [];`
privileges style changes 2017-05-25 21:17:20 -04:00			`privileges.forEach(function (privilege) {`
			`userKeys.push('cid:' + cid + ':privileges:' + privilege);`
			`groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege);`
			`});`
improve helpers.isUserAllowedTo ability to pass in an array of privileges and a single cid 2016-09-15 14:01:56 +03:00
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`return await checkIfAllowed(uid, userKeys, groupKeys);`
privileges style changes 2017-05-25 21:17:20 -04:00			`}`
improve helpers.isUserAllowedTo ability to pass in an array of privileges and a single cid 2016-09-15 14:01:56 +03:00
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`async function checkIfAllowed(uid, userKeys, groupKeys) {`
			`const [hasUserPrivilege, hasGroupPrivilege] = await Promise.all([`
			`groups.isMemberOfGroups(uid, userKeys),`
			`groups.isMemberOfGroupsList(uid, groupKeys),`
			`]);`
			`return userKeys.map((key, index) => hasUserPrivilege[index] \|\| hasGroupPrivilege[index]);`
improve helpers.isUserAllowedTo ability to pass in an array of privileges and a single cid 2016-09-15 14:01:56 +03:00			`}`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`helpers.isUsersAllowedTo = async function (privilege, uids, cid) {`
			`const [hasUserPrivilege, hasGroupPrivilege] = await Promise.all([`
			`groups.isMembers(uids, 'cid:' + cid + ':privileges:' + privilege),`
			`groups.isMembersOfGroupList(uids, 'cid:' + cid + ':privileges:groups:' + privilege),`
			`]);`
			`return uids.map((uid, index) => hasUserPrivilege[index] \|\| hasGroupPrivilege[index]);`
added filterUids method to privileges used to filter uids on a single category 2014-09-09 15:19:57 -04:00			`};`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`async function isSystemGroupAllowedToCids(privilege, uid, cids) {`
Remove implicit mod privs. closes #6345 (#7648) * feat: add upgrade script to give mods privs * feat: give all privileges when making a moderator * feat: remove implicit privs * feat: give global mods default privs * feat: more priv fixes * feat: use lodash * fix: remove implicit mod priv from topic delete * fix: more privs * fix: posts.canEdit * fix: canDelete and canEdit * fix: tests, remove console.log * feat: shorter functions * feat: add tests * fix: uids * fix: redis random test fail 2019-05-30 19:30:47 -04:00			`const groupKeys = cids.map(cid => 'cid:' + cid + ':privileges:groups:' + privilege);`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`return await groups.isMemberOfGroups(uidToSystemGroup[uid], groupKeys);`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 2014-07-29 21:51:46 -04:00			`}`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`async function isSystemGroupAllowedToPrivileges(privileges, uid, cid) {`
Remove implicit mod privs. closes #6345 (#7648) * feat: add upgrade script to give mods privs * feat: give all privileges when making a moderator * feat: remove implicit privs * feat: give global mods default privs * feat: more priv fixes * feat: use lodash * fix: remove implicit mod priv from topic delete * fix: more privs * fix: posts.canEdit * fix: canDelete and canEdit * fix: tests, remove console.log * feat: shorter functions * feat: add tests * fix: uids * fix: redis random test fail 2019-05-30 19:30:47 -04:00			`const groupKeys = privileges.map(privilege => 'cid:' + cid + ':privileges:groups:' + privilege);`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`return await groups.isMemberOfGroups(uidToSystemGroup[uid], groupKeys);`
improve helpers.isUserAllowedTo ability to pass in an array of privileges and a single cid 2016-09-15 14:01:56 +03:00			`}`
move privileges to same page 2017-12-20 14:49:20 -05:00
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`helpers.getUserPrivileges = async function (cid, hookName, userPrivilegeList) {`
			`const userPrivileges = await plugins.fireHook(hookName, userPrivilegeList.slice());`
			`let memberSets = await groups.getMembersOfGroups(userPrivileges.map(privilege => 'cid:' + cid + ':privileges:' + privilege));`
			`memberSets = memberSets.map(function (set) {`
			`return set.map(uid => parseInt(uid, 10));`
			`});`
move privileges to same page 2017-12-20 14:49:20 -05:00
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`const members = _.uniq(_.flatten(memberSets));`
			`const memberData = await user.getUsersFields(members, ['picture', 'username']);`
move privileges to same page 2017-12-20 14:49:20 -05:00
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`memberData.forEach(function (member) {`
			`member.privileges = {};`
			`for (var x = 0, numPrivs = userPrivileges.length; x < numPrivs; x += 1) {`
			`member.privileges[userPrivileges[x]] = memberSets[x].includes(parseInt(member.uid, 10));`
			`}`
			`});`
move privileges to same page 2017-12-20 14:49:20 -05:00
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`return memberData;`
move privileges to same page 2017-12-20 14:49:20 -05:00			`};`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`helpers.getGroupPrivileges = async function (cid, hookName, groupPrivilegeList) {`
			`const groupPrivileges = await plugins.fireHook(hookName, groupPrivilegeList.slice());`
			`const [memberSets, allGroupNames] = await Promise.all([`
			`groups.getMembersOfGroups(groupPrivileges.map(privilege => 'cid:' + cid + ':privileges:' + privilege)),`
			`groups.getGroups('groups:createtime', 0, -1),`
			`]);`

			`const uniqueGroups = _.uniq(_.flatten(memberSets));`

			`let groupNames = allGroupNames.filter(groupName => !groupName.includes(':privileges:') && uniqueGroups.includes(groupName));`

			`groupNames = groups.ephemeralGroups.concat(groupNames);`
			`moveToFront(groupNames, 'Global Moderators');`
			`moveToFront(groupNames, 'registered-users');`
move privileges to same page 2017-12-20 14:49:20 -05:00
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`const adminIndex = groupNames.indexOf('administrators');`
			`if (adminIndex !== -1) {`
			`groupNames.splice(adminIndex, 1);`
			`}`
			`const groupData = await groups.getGroupsFields(groupNames, ['private']);`
			`const memberData = groupNames.map(function (member, index) {`
			`const memberPrivs = {};`

			`for (var x = 0, numPrivs = groupPrivileges.length; x < numPrivs; x += 1) {`
			`memberPrivs[groupPrivileges[x]] = memberSets[x].includes(member);`
			`}`
			`return {`
fix: #7901, handle group names that are translation keys 2019-10-02 22:20:09 -04:00			`name: validator.escape(member),`
			`nameEscaped: translator.escape(validator.escape(member)),`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`privileges: memberPrivs,`
			`isPrivate: groupData[index] && !!groupData[index].private,`
			`};`
			`});`
			`return memberData;`
more fixes 2017-12-20 15:19:22 -05:00			`};`
make upload permissions global give upload image permission to registered users on install add global privileges to app.user.privileges for client side use 2018-01-03 13:27:30 -05:00
Remove implicit mod privs. closes #6345 (#7648) * feat: add upgrade script to give mods privs * feat: give all privileges when making a moderator * feat: remove implicit privs * feat: give global mods default privs * feat: more priv fixes * feat: use lodash * fix: remove implicit mod priv from topic delete * fix: more privs * fix: posts.canEdit * fix: canDelete and canEdit * fix: tests, remove console.log * feat: shorter functions * feat: add tests * fix: uids * fix: redis random test fail 2019-05-30 19:30:47 -04:00			`function moveToFront(groupNames, groupToMove) {`
			`const index = groupNames.indexOf(groupToMove);`
			`if (index !== -1) {`
			`groupNames.splice(0, 0, groupNames.splice(index, 1)[0]);`
			`} else {`
			`groupNames.unshift(groupToMove);`
			`}`
			`}`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`helpers.giveOrRescind = async function (method, privileges, cids, groupNames) {`
update groups join to take array of group names (#6834) * allow groups.join to take an array of group names * pass an array to groups.join/leave in privileges * split up groups/membership * add hits/miss to group cache * fix typo 2018-10-15 13:45:55 -04:00			`groupNames = Array.isArray(groupNames) ? groupNames : [groupNames];`
			`cids = Array.isArray(cids) ? cids : [cids];`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`for (const groupName of groupNames) {`
			`const groupKeys = [];`
fix(style): requiring parens in block bodies 2019-08-13 14:36:15 -04:00			`cids.forEach((cid) => {`
			`privileges.forEach((privilege) => {`
update groups join to take array of group names (#6834) * allow groups.join to take an array of group names * pass an array to groups.join/leave in privileges * split up groups/membership * add hits/miss to group cache * fix typo 2018-10-15 13:45:55 -04:00			`groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege);`
			`});`
			`});`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`/* eslint-disable no-await-in-loop */`
			`await method(groupKeys, groupName);`
			`}`
make upload permissions global give upload image permission to registered users on install add global privileges to app.user.privileges for client side use 2018-01-03 13:27:30 -05:00			`};`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00
			`require('../promisify')(helpers);`