Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: handle search tag permission as well

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2020-06-04 21:42:38 -04:00
parent 2100a03c1a
commit 1b5d5425b4
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
public/openapi/read.yaml
View File

@@ -4549,6 +4549,8 @@ paths:
type: boolean type: boolean
search:content: search:content:
type: boolean type: boolean
search:tags:
type: boolean
required: required:
- posts - posts
- matchCount - matchCount

5
src/controllers/search.js
View File

@@ -25,9 +25,12 @@ searchController.search = async function (req, res, next) {
const userPrivileges = await utils.promiseParallel({ const userPrivileges = await utils.promiseParallel({
'search:users': privileges.global.can('search:users', req.uid), 'search:users': privileges.global.can('search:users', req.uid),
'search:content': privileges.global.can('search:content', req.uid), 'search:content': privileges.global.can('search:content', req.uid),
'search:tags': privileges.global.can('search:tags', req.uid),
}); });
const allowed = (req.query.in === 'users') ? userPrivileges['search:users'] : userPrivileges['search:content']; const allowed = (req.query.in === 'users' && userPrivileges['search:users']) ||
(req.query.in === 'tags' && userPrivileges['search:tags']) ||
(['titles', 'titlesposts', 'posts'].includes(req.query.in) && userPrivileges['search:content']);
if (!allowed) { if (!allowed) {
return helpers.notAllowed(req, res); return helpers.notAllowed(req, res);