Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-30 02:25:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

closes #6557

Browse Source
This commit is contained in:
Julian Lam
2018-06-11 16:45:19 -04:00
parent 4293403451
commit 9e90d1ea5d
2 changed files with 25 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/privileges/posts.js
View File

@@ -32,6 +32,7 @@ module.exports = function (privileges) {
'topics:read': async.apply(helpers.isUserAllowedTo, 'topics:read', uid, cids), 'topics:read': async.apply(helpers.isUserAllowedTo, 'topics:read', uid, cids),
read: async.apply(helpers.isUserAllowedTo, 'read', uid, cids), read: async.apply(helpers.isUserAllowedTo, 'read', uid, cids),
'posts:edit': async.apply(helpers.isUserAllowedTo, 'posts:edit', uid, cids), 'posts:edit': async.apply(helpers.isUserAllowedTo, 'posts:edit', uid, cids),
'posts:history': async.apply(helpers.isUserAllowedTo, 'posts:history', uid, cids),
'posts:view_deleted': async.apply(helpers.isUserAllowedTo, 'posts:view_deleted', uid, cids), 'posts:view_deleted': async.apply(helpers.isUserAllowedTo, 'posts:view_deleted', uid, cids),
}, next); }, next);
}, },
@@ -39,7 +40,8 @@ module.exports = function (privileges) {
var privileges = pids.map(function (pid, i) { var privileges = pids.map(function (pid, i) {
var isAdminOrMod = results.isAdmin || results.isModerator[i]; var isAdminOrMod = results.isAdmin || results.isModerator[i];
var editable = isAdminOrMod || (results.isOwner[i] && results['posts:edit'][i]); var editable = isAdminOrMod || (results.isOwner[i] && results['posts:edit'][i]);
var viewDeletedPosts = isAdminOrMod || (results.isOwner[i] && results['posts:view_deleted'][i]); var viewDeletedPosts = isAdminOrMod || results.isOwner[i] || results['posts:view_deleted'][i];
var viewHistory = isAdminOrMod || results.isOwner[i] || results['posts:history'][i];
return { return {
editable: editable, editable: editable,
@@ -48,6 +50,7 @@ module.exports = function (privileges) {
isAdminOrMod: isAdminOrMod, isAdminOrMod: isAdminOrMod,
'topics:read': results['topics:read'][i] || isAdminOrMod, 'topics:read': results['topics:read'][i] || isAdminOrMod,
read: results.read[i] || isAdminOrMod, read: results.read[i] || isAdminOrMod,
'posts:history': viewHistory,
'posts:view_deleted': viewDeletedPosts, 'posts:view_deleted': viewDeletedPosts,
}; };
}); });

29
src/socket.io/posts/diffs.js
View File

@@ -7,11 +7,7 @@ var privileges = require('../../privileges');
module.exports = function (SocketPosts) { module.exports = function (SocketPosts) {
SocketPosts.getDiffs = function (socket, data, callback) { SocketPosts.getDiffs = function (socket, data, callback) {
async.waterfall([ async.waterfall([
function (next) { async.apply(privilegeCheck, data.pid, socket.uid),
privileges.posts.can('posts:history', data.pid, socket.uid, function (err, allowed) {
next(err || allowed ? null : new Error('[[error:no-privileges]]'));
});
},
function (next) { function (next) {
posts.diffs.list(data.pid, next); posts.diffs.list(data.pid, next);
}, },
@@ -23,12 +19,29 @@ module.exports = function (SocketPosts) {
}; };
SocketPosts.showPostAt = function (socket, data, callback) { SocketPosts.showPostAt = function (socket, data, callback) {
privileges.posts.can('posts:history', data.pid, socket.uid, function (err, allowed) { privilegeCheck(data.pid, socket.uid, function (err) {
if (err || !allowed) { if (err) {
return callback(err || new Error('[[error:no-privileges]]')); return callback(err);
} }
posts.diffs.load(data.pid, data.since, socket.uid, callback); posts.diffs.load(data.pid, data.since, socket.uid, callback);
}); });
}; };
function privilegeCheck(pid, uid, callback) {
async.parallel({
deleted: async.apply(posts.getPostField, pid, 'deleted'),
privileges: async.apply(privileges.posts.get, [pid], uid),
}, function (err, payload) {
if (err) {
return callback(err);
}
payload.deleted = parseInt(payload.deleted, 10);
payload.privileges = payload.privileges[0];
const allowed = payload.privileges['posts:history'] && (payload.deleted ? payload.privileges['posts:view_deleted'] : true);
callback(!allowed ? new Error('[[error:no-privileges]]') : null);
});
}
}; };