Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-17 19:21:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: check schedule privilege, closes #11032

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2022-11-11 11:14:30 -05:00
parent b34e859c1b
commit 6109061501
2 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/api/helpers.js
View File

@@ -13,7 +13,7 @@ const events = require('../events');
exports.setDefaultPostData = function (reqOrSocket, data) { exports.setDefaultPostData = function (reqOrSocket, data) {
data.uid = reqOrSocket.uid; data.uid = reqOrSocket.uid;
data.req = exports.buildReqObject(reqOrSocket, { ...data }); data.req = exports.buildReqObject(reqOrSocket, { ...data });
data.timestamp = parseInt(data.timestamp, 10) || Date.now(); data.timestamp = Date.now();
data.fromQueue = false; data.fromQueue = false;
}; };

16
src/api/topics.js
View File

@@ -40,13 +40,19 @@ topicsAPI.create = async function (caller, data) {
const payload = { ...data }; const payload = { ...data };
payload.tags = payload.tags || []; payload.tags = payload.tags || [];
apiHelpers.setDefaultPostData(caller, payload); apiHelpers.setDefaultPostData(caller, payload);
const isScheduling = parseInt(data.timestamp, 10) > payload.timestamp;
if (isScheduling) {
if (await privileges.categories.can('topics:schedule', data.cid, caller.uid)) {
payload.timestamp = parseInt(data.timestamp, 10);
} else {
throw new Error('[[error:no-privileges]]');
}
}
// Blacklist & Post Queue
await meta.blacklist.test(caller.ip); await meta.blacklist.test(caller.ip);
const shouldQueue = await posts.shouldQueue(caller.uid, payload); const shouldQueue = await posts.shouldQueue(caller.uid, payload);
if (shouldQueue) { if (shouldQueue) {
const queueObj = await posts.addToQueue(payload); return await posts.addToQueue(payload);
return queueObj;
} }
const result = await topics.post(payload); const result = await topics.post(payload);
@@ -66,12 +72,10 @@ topicsAPI.reply = async function (caller, data) {
const payload = { ...data }; const payload = { ...data };
apiHelpers.setDefaultPostData(caller, payload); apiHelpers.setDefaultPostData(caller, payload);
// Blacklist & Post Queue
await meta.blacklist.test(caller.ip); await meta.blacklist.test(caller.ip);
const shouldQueue = await posts.shouldQueue(caller.uid, payload); const shouldQueue = await posts.shouldQueue(caller.uid, payload);
if (shouldQueue) { if (shouldQueue) {
const queueObj = await posts.addToQueue(payload); return await posts.addToQueue(payload);
return queueObj;
} }
const postData = await topics.reply(payload); // postData seems to be a subset of postObj, refactor? const postData = await topics.reply(payload); // postData seems to be a subset of postObj, refactor?