Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-02 12:05:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(writeapi): calls to profile editing routes 200 even if user DNE

Browse Source
This commit is contained in:
Julian Lam
2020-10-01 19:37:13 -04:00
parent 7757f965eb
commit 8e7baac6ef
2 changed files with 16 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/routes/write/users.js
View File

@@ -18,16 +18,16 @@ function authenticatedRoutes() {
setupApiRoute(router, '/', middleware, [...middlewares, middleware.checkRequired.bind(null, ['username']), middleware.isAdmin], 'post', controllers.write.users.create);
setupApiRoute(router, '/', middleware, [...middlewares, middleware.checkRequired.bind(null, ['uids']), middleware.isAdmin, middleware.exposePrivileges], 'delete', controllers.write.users.deleteMany);
setupApiRoute(router, '/:uid', middleware, [...middlewares], 'put', controllers.write.users.update);
setupApiRoute(router, '/:uid', middleware, [...middlewares, middleware.exposePrivileges], 'delete', controllers.write.users.delete);
setupApiRoute(router, '/:uid', middleware, [...middlewares, middleware.assertUser], 'put', controllers.write.users.update);
setupApiRoute(router, '/:uid', middleware, [...middlewares, middleware.assertUser, middleware.exposePrivileges], 'delete', controllers.write.users.delete);
setupApiRoute(router, '/:uid/password', middleware, [...middlewares, middleware.checkRequired.bind(null, ['newPassword'])], 'put', controllers.write.users.changePassword);
setupApiRoute(router, '/:uid/password', middleware, [...middlewares, middleware.checkRequired.bind(null, ['newPassword']), middleware.assertUser], 'put', controllers.write.users.changePassword);
setupApiRoute(router, '/:uid/follow', middleware, [...middlewares], 'put', controllers.write.users.follow);
setupApiRoute(router, '/:uid/follow', middleware, [...middlewares], 'delete', controllers.write.users.unfollow);
setupApiRoute(router, '/:uid/follow', middleware, [...middlewares, middleware.assertUser], 'put', controllers.write.users.follow);
setupApiRoute(router, '/:uid/follow', middleware, [...middlewares, middleware.assertUser], 'delete', controllers.write.users.unfollow);
setupApiRoute(router, '/:uid/ban', middleware, [...middlewares, middleware.exposePrivileges], 'put', controllers.write.users.ban);
setupApiRoute(router, '/:uid/ban', middleware, [...middlewares, middleware.exposePrivileges], 'delete', controllers.write.users.unban);
setupApiRoute(router, '/:uid/ban', middleware, [...middlewares, middleware.assertUser, middleware.exposePrivileges], 'put', controllers.write.users.ban);
setupApiRoute(router, '/:uid/ban', middleware, [...middlewares, middleware.assertUser, middleware.exposePrivileges], 'delete', controllers.write.users.unban);
/**
* Chat routes were not migrated because chats may get refactored... also the logic is derpy