Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-12 08:55:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: replace logic in isPrivilegedOrSelfAndPasswordMatch to use privileges.users.canEdit

Browse Source
This commit is contained in:
Julian Lam
2021-09-03 17:13:55 -04:00
parent 87ba768f5c
commit 856ba78a5f
1 changed files with 2 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/api/users.js
View File

@@ -227,14 +227,9 @@ usersAPI.unban = async function (caller, data) {
async function isPrivilegedOrSelfAndPasswordMatch(caller, data) { async function isPrivilegedOrSelfAndPasswordMatch(caller, data) {
const { uid } = caller; const { uid } = caller;
const isSelf = parseInt(uid, 10) === parseInt(data.uid, 10); const isSelf = parseInt(uid, 10) === parseInt(data.uid, 10);
const canEdit = await privileges.users.canEdit(uid, data.uid);
const [isAdmin, isTargetAdmin, isGlobalMod] = await Promise.all([ if (!canEdit) {
user.isAdministrator(uid),
user.isAdministrator(data.uid),
user.isGlobalModerator(uid),
]);
if ((isTargetAdmin && !isAdmin) || (!isSelf && !(isAdmin || isGlobalMod))) {
throw new Error('[[error:no-privileges]]'); throw new Error('[[error:no-privileges]]');
} }
const [hasPassword, passwordMatch] = await Promise.all([ const [hasPassword, passwordMatch] = await Promise.all([