Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 08:36:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: if votes are not public, dont show upvoter names in tooltip

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2024-04-15 12:02:08 -04:00
parent d2e042d15b
commit 5af69dbcef
2 changed files with 31 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
public/src/client/topic/votes.js
View File

@@ -37,6 +37,9 @@ define('forum/topic/votes', [
socket.emit('posts.getUpvoters', [pid], function (err, data) { socket.emit('posts.getUpvoters', [pid], function (err, data) {
if (err) { if (err) {
if (err.message === '[[error:no-privileges]]') {
return;
}
return alerts.error(err); return alerts.error(err);
} }
if (_showTooltip[pid] && data.length) { if (_showTooltip[pid] && data.length) {
@@ -98,7 +101,7 @@ define('forum/topic/votes', [
}; };
Votes.showVotes = function (pid) { Votes.showVotes = function (pid) {
socket.emit('posts.getVoters', { pid: pid, cid: ajaxify.data.cid }, function (err, data) { socket.emit('posts.getVoters', { pid: pid }, function (err, data) {
if (err) { if (err) {
if (err.message === '[[error:no-privileges]]') { if (err.message === '[[error:no-privileges]]') {
return; return;

44
src/socket.io/posts/votes.js
View File

@@ -10,14 +10,14 @@ const meta = require('../../meta');
module.exports = function (SocketPosts) { module.exports = function (SocketPosts) {
SocketPosts.getVoters = async function (socket, data) { SocketPosts.getVoters = async function (socket, data) {
if (!data || !data.pid || !data.cid) { if (!data || !data.pid) {
throw new Error('[[error:invalid-data]]'); throw new Error('[[error:invalid-data]]');
} }
const showDownvotes = !meta.config['downvote:disabled']; const cid = await posts.getCidByPid(data.pid);
const canSeeVotes = meta.config.votesArePublic || await privileges.categories.isAdminOrMod(data.cid, socket.uid); if (!await canSeeVotes(socket.uid, cid)) {
if (!canSeeVotes) {
throw new Error('[[error:no-privileges]]'); throw new Error('[[error:no-privileges]]');
} }
const showDownvotes = !meta.config['downvote:disabled'];
const [upvoteUids, downvoteUids] = await Promise.all([ const [upvoteUids, downvoteUids] = await Promise.all([
db.getSetMembers(`pid:${data.pid}:upvote`), db.getSetMembers(`pid:${data.pid}:upvote`),
showDownvotes ? db.getSetMembers(`pid:${data.pid}:downvote`) : [], showDownvotes ? db.getSetMembers(`pid:${data.pid}:downvote`) : [],
@@ -42,21 +42,12 @@ module.exports = function (SocketPosts) {
throw new Error('[[error:invalid-data]]'); throw new Error('[[error:invalid-data]]');
} }
const [cids, data, isAdmin] = await Promise.all([ const cids = await posts.getCidsByPids(pids);
posts.getCidsByPids(pids), if ((await canSeeVotes(socket.uid, cids)).includes(false)) {
posts.getUpvotedUidsByPids(pids), throw new Error('[[error:no-privileges]]');
privileges.users.isAdministrator(socket.uid),
]);
if (!isAdmin) {
const isAllowed = await privileges.categories.isUserAllowedTo(
'topics:read', _.uniq(cids), socket.uid
);
if (isAllowed.includes(false)) {
throw new Error('[[error:no-privileges]]');
}
} }
const data = await posts.getUpvotedUidsByPids(pids);
if (!data.length) { if (!data.length) {
return []; return [];
} }
@@ -84,4 +75,23 @@ module.exports = function (SocketPosts) {
); );
return result; return result;
}; };
async function canSeeVotes(uid, cids) {
const isArray = Array.isArray(cids);
if (!isArray) {
cids = [cids];
}
const [canRead, isAdmin, isMod] = await Promise.all([
privileges.categories.isUserAllowedTo(
'topics:read', _.uniq(cids), uid
),
privileges.users.isAdministrator(uid),
privileges.users.isModerator(uid, cids),
]);
const checks = cids.map(
(cid, index) => isAdmin || isMod[index] || (canRead[index] && !!meta.config.votesArePublic)
);
return isArray ? checks : checks[0];
}
}; };