Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #8957

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2020-11-26 12:45:02 -05:00
parent 7e6427bca7
commit 414caac01b
2 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/socket.io/posts/move.js
View File

@@ -19,6 +19,11 @@ module.exports = function (SocketPosts) {
throw new Error('[[error:invalid-data]]'); throw new Error('[[error:invalid-data]]');
} }
const canMove = await privileges.topics.isAdminOrMod(data.tid, socket.uid);
if (!canMove) {
throw new Error('[[error:no-privileges]]');
}
for (const pid of data.pids) { for (const pid of data.pids) {
/* eslint-disable no-await-in-loop */ /* eslint-disable no-await-in-loop */
const canMove = await privileges.posts.canMove(pid, socket.uid); const canMove = await privileges.posts.canMove(pid, socket.uid);

15
test/posts.js
View File

@@ -721,6 +721,21 @@ describe('Post\'s', function () {
}); });
}); });
}); });
it('should fail to move post if not moderator of target category', async function () {
const cat1 = await categories.create({ name: 'Test Category', description: 'Test category created by testing script' });
const cat2 = await categories.create({ name: 'Test Category', description: 'Test category created by testing script' });
const result = await socketTopics.post({ uid: globalModUid }, { title: 'target topic', content: 'queued topic', cid: cat2.cid });
const modUid = await user.create({ username: 'modofcat1' });
await privileges.categories.give(privileges.userPrivilegeList, cat1.cid, modUid);
let err;
try {
await socketPosts.movePost({ uid: modUid }, { pid: replyPid, tid: result.tid });
} catch (_err) {
err = _err;
}
assert.strictEqual(err.message, '[[error:no-privileges]]');
});
}); });
describe('getPostSummaryByPids', function () { describe('getPostSummaryByPids', function () {