Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-31 02:55:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix topics.loadMore so it checks read permission

Browse Source
This commit is contained in:
barisusakli
2014-08-05 23:22:21 -04:00
parent 805e6934b9
commit 90ac399f6d
2 changed files with 22 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/socket.io/topics.js
View File

@@ -342,20 +342,31 @@ SocketTopics.loadMore = function(socket, data, callback) {
return callback(new Error('[[error:invalid-data]]'));
}
user.getSettings(socket.uid, function(err, settings) {
if(err) {
async.parallel({
settings: function(next) {
user.getSettings(socket.uid, next);
},
privileges: function(next) {
privileges.topics.get(data.tid, socket.uid, next);
}
}, function(err, results) {
if (err) {
return callback(err);
}
if (!results.privileges.read) {
return callback(new Error('[[error:no-privileges]]'));
}
var start = Math.max(parseInt(data.after, 10) - 1, 0),
end = start + settings.postsPerPage - 1;
end = start + results.settings.postsPerPage - 1;
var set = 'tid:' + data.tid + ':posts',
reverse = false;
if (settings.topicPostSort === 'newest_to_oldest') {
if (results.settings.topicPostSort === 'newest_to_oldest') {
reverse = true;
} else if (settings.topicPostSort === 'most_votes') {
} else if (results.settings.topicPostSort === 'most_votes') {
reverse = true;
set = 'tid:' + data.tid + ':posts:votes';
}
@@ -365,7 +376,7 @@ SocketTopics.loadMore = function(socket, data, callback) {
topics.getTopicPosts(data.tid, set, start, end, socket.uid, reverse, next);
},
privileges: function(next) {
privileges.topics.get(data.tid, socket.uid, next);
next(null, results.privileges);
},
'reputation:disabled': function(next) {
next(null, parseInt(meta.config['reputation:disabled'], 10) === 1);

6
src/topics.js
View File

@@ -413,8 +413,12 @@ var async = require('async'),
};
Topics.isOwner = function(tid, uid, callback) {
uid = parseInt(uid, 10);
if (uid === 0) {
return callback(null, false);
}
Topics.getTopicField(tid, 'uid', function(err, author) {
callback(err, parseInt(author, 10) === parseInt(uid, 10));
callback(err, parseInt(author, 10) === uid);
});
};