Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-27 00:56:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: is user doesnt have view:users privilege

Browse Source 
dont redirect uid/1 to userslug
This commit is contained in:
Barış Soner Uşaklı
2024-04-12 12:50:51 -04:00
parent 6816e39bd8
commit 14f5774f6a
2 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/middleware/user.js
View File

@@ -203,8 +203,12 @@ module.exports = function (middleware) {
if (uid <= 0) { if (uid <= 0) {
return next(); return next();
} }
const userslug = await user.getUserField(uid, 'userslug'); const [canView, userslug] = await Promise.all([
if (!userslug) { privileges.global.can('view:users', req.uid),
user.getUserField(uid, 'userslug'),
]);
if (!userslug || (!canView && req.uid !== uid)) {
return next(); return next();
} }
const path = req.url.replace(/^\/api/, '') const path = req.url.replace(/^\/api/, '')

6
src/routes/user.js
View File

@@ -5,7 +5,11 @@ const helpers = require('./helpers');
const { setupPageRoute } = helpers; const { setupPageRoute } = helpers;
module.exports = function (app, name, middleware, controllers) { module.exports = function (app, name, middleware, controllers) {
const middlewares = [middleware.exposeUid, middleware.canViewUsers, middleware.buildAccountData]; const middlewares = [
middleware.exposeUid,
middleware.canViewUsers,
middleware.buildAccountData,
];
const accountMiddlewares = [ const accountMiddlewares = [
...middlewares, ...middlewares,
middleware.ensureLoggedIn, middleware.ensureLoggedIn,