improve helpers.isUserAllowedTo

ability to pass in an array of privileges and a single cid
2025-11-02 20:16:04 +01:00 · 2016-09-15 14:01:56 +03:00
parent a42d8c5be2
commit 07852862f5
3 changed files with 75 additions and 34 deletions
--- a/src/privileges/categories.js
+++ b/src/privileges/categories.js
@@ -157,15 +157,10 @@ module.exports = function(privileges) {
 	};
 	privileges.categories.get = function(cid, uid, callback) {
 		var privs = ['topics:create', 'topics:read', 'read'];
 		async.parallel({
-			'topics:create': function(next) {
+			privileges: function(next) {
-				helpers.isUserAllowedTo('topics:create', uid, [cid], next);
+				helpers.isUserAllowedTo(privs, uid, cid, next);
 			},
 			'topics:read': function(next) {
 				helpers.isUserAllowedTo('topics:read', uid, [cid], next);
 			},
 			read: function(next) {
 				helpers.isUserAllowedTo('read', uid, [cid], next);
 			},
 			isAdministrator: function(next) {
 				user.isAdministrator(uid, next);
@@ -177,17 +172,17 @@ module.exports = function(privileges) {
 			if (err) {
 				return callback(err);
 			}
-
+			var privData = _.object(privs, results.privileges);
 			var isAdminOrMod = results.isAdministrator || results.isModerator;
 			plugins.fireHook('filter:privileges.categories.get', {
 				'topics:create': privData['topics:create'] || isAdminOrMod,
 				'topics:read': privData['topics:read'] || isAdminOrMod,
 				read: privData.read || isAdminOrMod,
 				cid: cid,
 				uid: uid,
 				'topics:create': results['topics:create'][0] || isAdminOrMod,
 				'topics:read': results['topics:read'][0] || isAdminOrMod,
 				editable: isAdminOrMod,
 				view_deleted: isAdminOrMod,
 				read: results.read[0] || isAdminOrMod,
 				isAdminOrMod: isAdminOrMod
 			}, callback);
 		});
--- a/src/privileges/helpers.js
+++ b/src/privileges/helpers.js
@@ -16,9 +16,19 @@ helpers.some = function(tasks, callback) {
 	});
 };
-helpers.isUserAllowedTo = function(privilege, uid, cids, callback) {
+helpers.isUserAllowedTo = function(privilege, uid, cid, callback) {
 	if (Array.isArray(privilege) && !Array.isArray(cid)) {
 		isUserAllowedToPrivileges(privilege, uid, cid, callback);
 	} else if (Array.isArray(cid) && !Array.isArray(privilege)) {
 		isUserAllowedToCids(privilege, uid, cid, callback);
 	} else {
 		return callback(new Error('[[error:invalid-data]]'));
 	}
 };
 function isUserAllowedToCids(privilege, uid, cids, callback) {
 	if (parseInt(uid, 10) === 0) {
-		return isGuestAllowedTo(privilege, cids, callback);
+		return isGuestAllowedToCids(privilege, cids, callback);
 	}
 	var userKeys = [], groupKeys = [];
@@ -46,7 +56,40 @@ helpers.isUserAllowedTo = function(privilege, uid, cids, callback) {
 		callback(null, result);
 	});
-};
+}
 function isUserAllowedToPrivileges(privileges, uid, cid, callback) {
 	if (parseInt(uid, 10) === 0) {
 		return isGuestAllowedToPrivileges(privileges, cid, callback);
 	}
 	var userKeys = [], groupKeys = [];
 	for (var i=0; i<privileges.length; ++i) {
 		userKeys.push('cid:' + cid + ':privileges:' + privileges[i]);
 		groupKeys.push('cid:' + cid + ':privileges:groups:' + privileges[i]);
 	}
 	async.parallel({
 		hasUserPrivilege: function(next) {
 			groups.isMemberOfGroups(uid, userKeys, next);
 		},
 		hasGroupPrivilege: function(next) {
 			groups.isMemberOfGroupsList(uid, groupKeys, next);
 		}
 	}, function(err, results) {
 		if (err) {
 			return callback(err);
 		}
 		var result = [];
 		for (var i=0; i<privileges.length; ++i) {
 			result.push(results.hasUserPrivilege[i] || results.hasGroupPrivilege[i]);
 		}
 		callback(null, result);
 	});
 }
 helpers.isUsersAllowedTo = function(privilege, uids, cid, callback) {
 	async.parallel({
@@ -70,7 +113,7 @@ helpers.isUsersAllowedTo = function(privilege, uids, cid, callback) {
 	});
 };
-function isGuestAllowedTo(privilege, cids, callback) {
+function isGuestAllowedToCids(privilege, cids, callback) {
 	var groupKeys = [];
 	for (var i=0; i<cids.length; ++i) {
 		groupKeys.push('cid:' + cids[i] + ':privileges:groups:' + privilege);
@@ -79,5 +122,13 @@ function isGuestAllowedTo(privilege, cids, callback) {
 	groups.isMemberOfGroups('guests', groupKeys, callback);
 }
 function isGuestAllowedToPrivileges(privileges, cid, callback) {
 	var groupKeys = [];
 	for (var i=0; i<privileges.length; ++i) {
 		groupKeys.push('cid:' + cid + ':privileges:groups:' + privileges[i]);
 	}
 	groups.isMemberOfGroups('guests', groupKeys, callback);
 }
 module.exports = helpers;
--- a/src/privileges/topics.js
+++ b/src/privileges/topics.js
@@ -2,6 +2,7 @@
 'use strict';
 var async = require('async');
 var _ = require('underscore');
 var meta = require('../meta');
 var topics = require('../topics');
@@ -16,20 +17,13 @@ module.exports = function(privileges) {
 	privileges.topics.get = function(tid, uid, callback) {
 		var topic;
 		var privs = ['topics:reply', 'topics:read', 'topics:delete', 'posts:edit', 'posts:delete', 'read'];
 		async.waterfall([
 			async.apply(topics.getTopicFields, tid, ['cid', 'uid', 'locked', 'deleted']),
 			function(_topic, next) {
 				topic = _topic;
 				async.parallel({
-					'topics:reply': async.apply(helpers.isUserAllowedTo, 'topics:reply', uid, [topic.cid]),
+					privileges: async.apply(helpers.isUserAllowedTo, privs, uid, topic.cid),
 					'topics:read': async.apply(helpers.isUserAllowedTo, 'topics:read', uid, [topic.cid]),
 					'topics:delete': async.apply(helpers.isUserAllowedTo, 'topics:delete', uid, [topic.cid]),
 					'posts:edit': async.apply(helpers.isUserAllowedTo, 'posts:edit', uid, [topic.cid]),
 					'posts:delete': async.apply(helpers.isUserAllowedTo, 'posts:delete', uid, [topic.cid]),
 					read: async.apply(helpers.isUserAllowedTo, 'read', uid, [topic.cid]),
 					isOwner: function(next) {
 						next(null, !!parseInt(uid, 10) && parseInt(uid, 10) === parseInt(topic.uid, 10));
 					},
 					isAdministrator: async.apply(user.isAdministrator, uid),
 					isModerator: async.apply(user.isModerator, uid, topic.cid),
 					disabled: async.apply(categories.getCategoryField, topic.cid, 'disabled')
@@ -40,25 +34,26 @@ module.exports = function(privileges) {
 				return callback(err);
 			}
 			var privData = _.object(privs, results.privileges);
 			var disabled = parseInt(results.disabled, 10) === 1;
 			var locked = parseInt(topic.locked, 10) === 1;
 			var deleted = parseInt(topic.deleted, 10) === 1;
-
+			var isOwner = !!parseInt(uid, 10) && parseInt(uid, 10) === parseInt(topic.uid, 10);
 			var isAdminOrMod = results.isAdministrator || results.isModerator;
 			var editable = isAdminOrMod;
-			var deletable = isAdminOrMod || (results.isOwner && results['topics:delete'][0]);
+			var deletable = isAdminOrMod || (isOwner && privData['topics:delete']);
 			plugins.fireHook('filter:privileges.topics.get', {
-				'topics:reply': (results['topics:reply'][0] && !locked && !deleted) || isAdminOrMod,
+				'topics:reply': (privData['topics:reply'] && !locked && !deleted) || isAdminOrMod,
-				'topics:read': results['topics:read'][0] || isAdminOrMod,
+				'topics:read': privData['topics:read'] || isAdminOrMod,
-				'topics:delete': (results.isOwner && results['topics:delete'][0]) || isAdminOrMod,
+				'topics:delete': (isOwner && privData['topics:delete']) || isAdminOrMod,
-				'posts:edit': (results['posts:edit'][0] && !locked) || isAdminOrMod,
+				'posts:edit': (privData['posts:edit'] && !locked) || isAdminOrMod,
-				'posts:delete': (results['posts:delete'][0] && !locked) || isAdminOrMod,
+				'posts:delete': (privData['posts:delete'] && !locked) || isAdminOrMod,
-				read: results.read[0] || isAdminOrMod,
+				read: privData.read || isAdminOrMod,
 				view_thread_tools: editable || deletable,
 				editable: editable,
 				deletable: deletable,
-				view_deleted: isAdminOrMod || results.isOwner,
+				view_deleted: isAdminOrMod || isOwner,
 				isAdminOrMod: isAdminOrMod,
 				disabled: disabled,
 				tid: tid,