2014-05-14 17:53:23 -04:00
|
|
|
|
|
|
|
|
'use strict';
|
|
|
|
|
|
2016-01-23 12:12:46 +02:00
|
|
|
var async = require('async');
|
2017-12-20 14:49:20 -05:00
|
|
|
var _ = require('lodash');
|
|
|
|
|
|
2016-08-27 12:58:08 +03:00
|
|
|
var groups = require('../groups');
|
2017-12-20 14:49:20 -05:00
|
|
|
var user = require('../user');
|
|
|
|
|
var plugins = require('../plugins');
|
2014-05-14 17:53:23 -04:00
|
|
|
|
2017-05-25 21:17:20 -04:00
|
|
|
var helpers = module.exports;
|
2014-05-14 17:53:23 -04:00
|
|
|
|
2016-10-13 11:43:39 +02:00
|
|
|
helpers.some = function (tasks, callback) {
|
|
|
|
|
async.some(tasks, function (task, next) {
|
2017-01-02 22:23:17 -07:00
|
|
|
task(next);
|
|
|
|
|
}, callback);
|
2014-05-15 10:38:02 -04:00
|
|
|
};
|
|
|
|
|
|
2016-10-13 11:43:39 +02:00
|
|
|
helpers.isUserAllowedTo = function (privilege, uid, cid, callback) {
|
2016-09-15 14:01:56 +03:00
|
|
|
if (Array.isArray(privilege) && !Array.isArray(cid)) {
|
|
|
|
|
isUserAllowedToPrivileges(privilege, uid, cid, callback);
|
|
|
|
|
} else if (Array.isArray(cid) && !Array.isArray(privilege)) {
|
|
|
|
|
isUserAllowedToCids(privilege, uid, cid, callback);
|
|
|
|
|
} else {
|
|
|
|
|
return callback(new Error('[[error:invalid-data]]'));
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
function isUserAllowedToCids(privilege, uid, cids, callback) {
|
2014-07-29 21:51:46 -04:00
|
|
|
if (parseInt(uid, 10) === 0) {
|
2016-09-15 14:01:56 +03:00
|
|
|
return isGuestAllowedToCids(privilege, cids, callback);
|
2014-07-29 21:51:46 -04:00
|
|
|
}
|
|
|
|
|
|
2017-02-17 20:20:42 -07:00
|
|
|
var userKeys = [];
|
|
|
|
|
var groupKeys = [];
|
2017-05-25 21:17:20 -04:00
|
|
|
cids.forEach(function (cid) {
|
|
|
|
|
userKeys.push('cid:' + cid + ':privileges:' + privilege);
|
|
|
|
|
groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege);
|
2014-05-14 17:53:23 -04:00
|
|
|
});
|
2017-05-25 21:17:20 -04:00
|
|
|
|
|
|
|
|
checkIfAllowed(uid, userKeys, groupKeys, callback);
|
2016-09-15 14:01:56 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function isUserAllowedToPrivileges(privileges, uid, cid, callback) {
|
|
|
|
|
if (parseInt(uid, 10) === 0) {
|
|
|
|
|
return isGuestAllowedToPrivileges(privileges, cid, callback);
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-17 20:20:42 -07:00
|
|
|
var userKeys = [];
|
|
|
|
|
var groupKeys = [];
|
2017-05-25 21:17:20 -04:00
|
|
|
privileges.forEach(function (privilege) {
|
|
|
|
|
userKeys.push('cid:' + cid + ':privileges:' + privilege);
|
|
|
|
|
groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege);
|
|
|
|
|
});
|
2016-09-15 14:01:56 +03:00
|
|
|
|
2017-05-25 21:17:20 -04:00
|
|
|
checkIfAllowed(uid, userKeys, groupKeys, callback);
|
|
|
|
|
}
|
2016-09-15 14:01:56 +03:00
|
|
|
|
2017-05-25 21:17:20 -04:00
|
|
|
function checkIfAllowed(uid, userKeys, groupKeys, callback) {
|
|
|
|
|
async.waterfall([
|
|
|
|
|
function (next) {
|
|
|
|
|
async.parallel({
|
|
|
|
|
hasUserPrivilege: function (next) {
|
|
|
|
|
groups.isMemberOfGroups(uid, userKeys, next);
|
|
|
|
|
},
|
|
|
|
|
hasGroupPrivilege: function (next) {
|
|
|
|
|
groups.isMemberOfGroupsList(uid, groupKeys, next);
|
|
|
|
|
},
|
|
|
|
|
}, next);
|
|
|
|
|
},
|
|
|
|
|
function (results, next) {
|
|
|
|
|
var result = userKeys.map(function (key, index) {
|
|
|
|
|
return results.hasUserPrivilege[index] || results.hasGroupPrivilege[index];
|
|
|
|
|
});
|
2016-09-15 14:01:56 +03:00
|
|
|
|
2017-05-25 21:17:20 -04:00
|
|
|
next(null, result);
|
|
|
|
|
},
|
|
|
|
|
], callback);
|
2016-09-15 14:01:56 +03:00
|
|
|
}
|
|
|
|
|
|
2016-10-13 11:43:39 +02:00
|
|
|
helpers.isUsersAllowedTo = function (privilege, uids, cid, callback) {
|
2017-05-25 21:17:20 -04:00
|
|
|
async.waterfall([
|
|
|
|
|
function (next) {
|
|
|
|
|
async.parallel({
|
|
|
|
|
hasUserPrivilege: function (next) {
|
|
|
|
|
groups.isMembers(uids, 'cid:' + cid + ':privileges:' + privilege, next);
|
|
|
|
|
},
|
|
|
|
|
hasGroupPrivilege: function (next) {
|
|
|
|
|
groups.isMembersOfGroupList(uids, 'cid:' + cid + ':privileges:groups:' + privilege, next);
|
|
|
|
|
},
|
|
|
|
|
}, next);
|
2014-09-09 15:19:57 -04:00
|
|
|
},
|
2017-05-25 21:17:20 -04:00
|
|
|
function (results, next) {
|
|
|
|
|
var result = uids.map(function (uid, index) {
|
|
|
|
|
return results.hasUserPrivilege[index] || results.hasGroupPrivilege[index];
|
|
|
|
|
});
|
2014-09-09 15:19:57 -04:00
|
|
|
|
2017-05-25 21:17:20 -04:00
|
|
|
next(null, result);
|
|
|
|
|
},
|
|
|
|
|
], callback);
|
2014-09-09 15:19:57 -04:00
|
|
|
};
|
|
|
|
|
|
2016-09-15 14:01:56 +03:00
|
|
|
function isGuestAllowedToCids(privilege, cids, callback) {
|
2017-05-25 21:17:20 -04:00
|
|
|
var groupKeys = cids.map(function (cid) {
|
|
|
|
|
return 'cid:' + cid + ':privileges:groups:' + privilege;
|
|
|
|
|
});
|
2016-08-27 12:58:08 +03:00
|
|
|
|
2014-11-11 17:25:16 -05:00
|
|
|
groups.isMemberOfGroups('guests', groupKeys, callback);
|
2014-07-29 21:51:46 -04:00
|
|
|
}
|
2014-05-14 17:53:23 -04:00
|
|
|
|
2016-09-15 14:01:56 +03:00
|
|
|
function isGuestAllowedToPrivileges(privileges, cid, callback) {
|
2017-05-25 21:17:20 -04:00
|
|
|
var groupKeys = privileges.map(function (privilege) {
|
|
|
|
|
return 'cid:' + cid + ':privileges:groups:' + privilege;
|
|
|
|
|
});
|
2016-09-15 14:01:56 +03:00
|
|
|
|
|
|
|
|
groups.isMemberOfGroups('guests', groupKeys, callback);
|
|
|
|
|
}
|
2017-12-20 14:49:20 -05:00
|
|
|
|
|
|
|
|
helpers.getUserPrivileges = function (cid, hookName, userPrivilegeList, callback) {
|
|
|
|
|
var userPrivileges;
|
|
|
|
|
var memberSets;
|
|
|
|
|
async.waterfall([
|
|
|
|
|
async.apply(plugins.fireHook, hookName, userPrivilegeList.slice()),
|
|
|
|
|
function (_privs, next) {
|
|
|
|
|
userPrivileges = _privs;
|
|
|
|
|
groups.getMembersOfGroups(userPrivileges.map(function (privilege) {
|
|
|
|
|
return 'cid:' + cid + ':privileges:' + privilege;
|
|
|
|
|
}), next);
|
|
|
|
|
},
|
|
|
|
|
function (_memberSets, next) {
|
|
|
|
|
memberSets = _memberSets.map(function (set) {
|
|
|
|
|
return set.map(function (uid) {
|
|
|
|
|
return parseInt(uid, 10);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
var members = _.uniq(_.flatten(memberSets));
|
|
|
|
|
|
|
|
|
|
user.getUsersFields(members, ['picture', 'username'], next);
|
|
|
|
|
},
|
|
|
|
|
function (memberData, next) {
|
|
|
|
|
memberData.forEach(function (member) {
|
|
|
|
|
member.privileges = {};
|
|
|
|
|
for (var x = 0, numPrivs = userPrivileges.length; x < numPrivs; x += 1) {
|
|
|
|
|
member.privileges[userPrivileges[x]] = memberSets[x].indexOf(parseInt(member.uid, 10)) !== -1;
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
next(null, memberData);
|
|
|
|
|
},
|
|
|
|
|
], callback);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
helpers.getGroupPrivileges = function (cid, hookName, groupPrivilegeList, callback) {
|
|
|
|
|
var groupPrivileges;
|
|
|
|
|
async.waterfall([
|
|
|
|
|
async.apply(plugins.fireHook, hookName, groupPrivilegeList.slice()),
|
|
|
|
|
function (_privs, next) {
|
|
|
|
|
groupPrivileges = _privs;
|
|
|
|
|
async.parallel({
|
|
|
|
|
memberSets: function (next) {
|
|
|
|
|
groups.getMembersOfGroups(groupPrivileges.map(function (privilege) {
|
|
|
|
|
return 'cid:' + cid + ':privileges:' + privilege;
|
|
|
|
|
}), next);
|
|
|
|
|
},
|
|
|
|
|
groupNames: function (next) {
|
|
|
|
|
groups.getGroups('groups:createtime', 0, -1, next);
|
|
|
|
|
},
|
|
|
|
|
}, next);
|
|
|
|
|
},
|
|
|
|
|
function (results, next) {
|
|
|
|
|
var memberSets = results.memberSets;
|
|
|
|
|
var uniqueGroups = _.uniq(_.flatten(memberSets));
|
|
|
|
|
|
|
|
|
|
var groupNames = results.groupNames.filter(function (groupName) {
|
|
|
|
|
return groupName.indexOf(':privileges:') === -1 && uniqueGroups.indexOf(groupName) !== -1;
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
groupNames = groups.ephemeralGroups.concat(groupNames);
|
|
|
|
|
var registeredUsersIndex = groupNames.indexOf('registered-users');
|
|
|
|
|
if (registeredUsersIndex !== -1) {
|
|
|
|
|
groupNames.splice(0, 0, groupNames.splice(registeredUsersIndex, 1)[0]);
|
|
|
|
|
} else {
|
|
|
|
|
groupNames = ['registered-users'].concat(groupNames);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var adminIndex = groupNames.indexOf('administrators');
|
|
|
|
|
if (adminIndex !== -1) {
|
|
|
|
|
groupNames.splice(adminIndex, 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var memberPrivs;
|
|
|
|
|
|
|
|
|
|
var memberData = groupNames.map(function (member) {
|
|
|
|
|
memberPrivs = {};
|
|
|
|
|
|
|
|
|
|
for (var x = 0, numPrivs = groupPrivileges.length; x < numPrivs; x += 1) {
|
|
|
|
|
memberPrivs[groupPrivileges[x]] = memberSets[x].indexOf(member) !== -1;
|
|
|
|
|
}
|
|
|
|
|
return {
|
|
|
|
|
name: member,
|
|
|
|
|
privileges: memberPrivs,
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
next(null, memberData);
|
|
|
|
|
},
|
|
|
|
|
function (memberData, next) {
|
|
|
|
|
// Grab privacy info for the groups as well
|
|
|
|
|
async.map(memberData, function (member, next) {
|
|
|
|
|
async.waterfall([
|
|
|
|
|
function (next) {
|
|
|
|
|
groups.isPrivate(member.name, next);
|
|
|
|
|
},
|
|
|
|
|
function (isPrivate, next) {
|
|
|
|
|
member.isPrivate = isPrivate;
|
|
|
|
|
next(null, member);
|
|
|
|
|
},
|
|
|
|
|
], next);
|
|
|
|
|
}, next);
|
|
|
|
|
},
|
|
|
|
|
], callback);
|
2017-12-20 15:19:22 -05:00
|
|
|
};
|
2018-01-03 13:27:30 -05:00
|
|
|
|
|
|
|
|
helpers.giveOrRescind = function (method, privileges, cid, groupName, callback) {
|
|
|
|
|
async.eachSeries(privileges, function (privilege, next) {
|
|
|
|
|
method('cid:' + cid + ':privileges:groups:' + privilege, groupName, next);
|
|
|
|
|
}, callback);
|
|
|
|
|
};
|
