feat: allow multiple privileges to be defined for a given admin socket call

2025-10-31 02:55:58 +01:00 · 2020-12-23 13:07:41 -05:00
parent f55dddb2be
commit 3aa5beb832
1 changed files with 3 additions and 2 deletions
--- a/src/socket.io/admin.js
+++ b/src/socket.io/admin.js
@@ -41,8 +41,9 @@ SocketAdmin.before = async function (socket, method) {
 	}

 	// Check admin privileges mapping (if not in mapping, deny access)
-	const privilege = privileges.admin.socketMap[method];
-	if (privilege && await privileges.admin.can(privilege, socket.uid)) {
+	const privilegeSet = privileges.admin.socketMap[method].split(';');
+	const hasPrivilege = (await Promise.all(privilegeSet.map(async privilege => privileges.admin.can(privilege, socket.uid)))).some(Boolean);
+	if (privilegeSet.length && hasPrivilege) {
 		return;
 	}