Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-17 11:11:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #12183, remove ensureLoggedIn middleware

Browse Source 
from category routes
add privilege check to getTopicCount
This commit is contained in:
Barış Soner Uşaklı
2023-11-24 17:05:36 -05:00
parent 22932bdb40
commit 0a4f3c8a56
2 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/api/categories.js
View File

@@ -80,6 +80,10 @@ categoriesAPI.delete = async function (caller, { cid }) {
}; };
categoriesAPI.getTopicCount = async (caller, { cid }) => { categoriesAPI.getTopicCount = async (caller, { cid }) => {
const allowed = await privileges.categories.can('find', cid, caller.uid);
if (!allowed) {
throw new Error('[[error:no-privileges]]');
}
const count = await categories.getCategoryField(cid, 'topic_count'); const count = await categories.getCategoryField(cid, 'topic_count');
return { count }; return { count };
}; };

8
src/routes/write/categories.js
View File

@@ -16,10 +16,10 @@ module.exports = function () {
setupApiRoute(router, 'put', '/:cid', [...middlewares], controllers.write.categories.update); setupApiRoute(router, 'put', '/:cid', [...middlewares], controllers.write.categories.update);
setupApiRoute(router, 'delete', '/:cid', [...middlewares], controllers.write.categories.delete); setupApiRoute(router, 'delete', '/:cid', [...middlewares], controllers.write.categories.delete);
setupApiRoute(router, 'get', '/:cid/count', [...middlewares, middleware.assert.category], controllers.write.categories.getTopicCount); setupApiRoute(router, 'get', '/:cid/count', [middleware.assert.category], controllers.write.categories.getTopicCount);
setupApiRoute(router, 'get', '/:cid/posts', [...middlewares, middleware.assert.category], controllers.write.categories.getPosts); setupApiRoute(router, 'get', '/:cid/posts', [middleware.assert.category], controllers.write.categories.getPosts);
setupApiRoute(router, 'get', '/:cid/children', [...middlewares, middleware.assert.category], controllers.write.categories.getChildren); setupApiRoute(router, 'get', '/:cid/children', [middleware.assert.category], controllers.write.categories.getChildren);
setupApiRoute(router, 'get', '/:cid/topics', [...middlewares, middleware.assert.category], controllers.write.categories.getTopics); setupApiRoute(router, 'get', '/:cid/topics', [middleware.assert.category], controllers.write.categories.getTopics);
setupApiRoute(router, 'put', '/:cid/watch', [...middlewares, middleware.assert.category], controllers.write.categories.setWatchState); setupApiRoute(router, 'put', '/:cid/watch', [...middlewares, middleware.assert.category], controllers.write.categories.setWatchState);
setupApiRoute(router, 'delete', '/:cid/watch', [...middlewares, middleware.assert.category], controllers.write.categories.setWatchState); setupApiRoute(router, 'delete', '/:cid/watch', [...middlewares, middleware.assert.category], controllers.write.categories.setWatchState);