Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-16 02:36:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

closes #6253

Browse Source
This commit is contained in:
Baris Usakli
2018-01-17 12:25:08 -05:00
parent f122327f87
commit 61e408b4a2
1 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/socket.io/user/profile.js
View File

@@ -15,7 +15,7 @@ module.exports = function (SocketUser) {
async.waterfall([ async.waterfall([
function (next) { function (next) {
isAdminOrSelfAndPasswordMatch(socket.uid, data, next); isPrivilegedOrSelfAndPasswordMatch(socket.uid, data, next);
}, },
function (next) { function (next) {
SocketUser.updateProfile(socket, data, next); SocketUser.updateProfile(socket, data, next);
@@ -29,7 +29,7 @@ module.exports = function (SocketUser) {
} }
async.waterfall([ async.waterfall([
function (next) { function (next) {
user.isAdminOrSelf(socket.uid, data.uid, next); user.isAdminOrGlobalModOrSelf(socket.uid, data.uid, next);
}, },
function (next) { function (next) {
user.updateCoverPicture(data, next); user.updateCoverPicture(data, next);
@@ -43,7 +43,7 @@ module.exports = function (SocketUser) {
} }
async.waterfall([ async.waterfall([
function (next) { function (next) {
user.isAdminOrSelf(socket.uid, data.uid, next); user.isAdminOrGlobalModOrSelf(socket.uid, data.uid, next);
}, },
function (next) { function (next) {
user.uploadCroppedPicture(data, next); user.uploadCroppedPicture(data, next);
@@ -58,7 +58,7 @@ module.exports = function (SocketUser) {
async.waterfall([ async.waterfall([
function (next) { function (next) {
user.isAdminOrSelf(socket.uid, data.uid, next); user.isAdminOrGlobalModOrSelf(socket.uid, data.uid, next);
}, },
function (next) { function (next) {
user.removeCoverPicture(data, next); user.removeCoverPicture(data, next);
@@ -66,11 +66,13 @@ module.exports = function (SocketUser) {
], callback); ], callback);
}; };
function isAdminOrSelfAndPasswordMatch(uid, data, callback) { function isPrivilegedOrSelfAndPasswordMatch(uid, data, callback) {
async.waterfall([ async.waterfall([
function (next) { function (next) {
async.parallel({ async.parallel({
isAdmin: async.apply(user.isAdministrator, uid), isAdmin: async.apply(user.isAdministrator, uid),
isTargetAdmin: async.apply(user.isAdministrator, data.uid),
isGlobalMod: async.apply(user.isGlobalModerator, uid),
hasPassword: async.apply(user.hasPassword, data.uid), hasPassword: async.apply(user.hasPassword, data.uid),
passwordMatch: function (next) { passwordMatch: function (next) {
if (data.password) { if (data.password) {
@@ -84,7 +86,11 @@ module.exports = function (SocketUser) {
function (results, next) { function (results, next) {
var isSelf = parseInt(uid, 10) === parseInt(data.uid, 10); var isSelf = parseInt(uid, 10) === parseInt(data.uid, 10);
if (!results.isAdmin && !isSelf) { if (results.isTargetAdmin && !results.isAdmin) {
return next(new Error('[[error:no-privileges]]'));
}
if ((!results.isAdmin || !results.isGlobalMod) && !isSelf) {
return next(new Error('[[error:no-privileges]]')); return next(new Error('[[error:no-privileges]]'));
} }