Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-02 20:16:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Priv hook fix (#9775)

Browse Source 
* fix: #9773, fire hooks properly for priv changes

* fix: admin/global group privs

dont allow invalid privs
This commit is contained in:
Barış Soner Uşaklı
2021-09-03 11:58:17 -04:00
committed by GitHub
parent 4ac701d747
commit 1f91a31327
3 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/api/categories.js
View File

@@ -70,15 +70,19 @@ categoriesAPI.setPrivilege = async (caller, data) => {
if (!privs.length) {
throw new Error('[[error:invalid-data]]');
}
let privMethod = privileges.categories[type];
if (parseInt(data.cid, 10) === 0) {
if (privs[0].startsWith('admin:')) {
privMethod = privileges.admin[type];
} else {
privMethod = privileges.global[type];
const adminPrivs = privs.filter(priv => privileges.admin.privilegeList.includes(priv));
const globalPrivs = privs.filter(priv => privileges.global.privilegeList.includes(priv));
if (adminPrivs.length) {
await privileges.admin[type](adminPrivs, data.member);
}
if (globalPrivs.length) {
await privileges.global[type](globalPrivs, data.member);
}
} else {
const categoryPrivs = privs.filter(priv => privileges.categories.privilegeList.includes(priv));
await privileges.categories[type](categoryPrivs, data.cid, data.member);
}
await privMethod(privs, data.cid, data.member);
await events.log({
uid: caller.uid,