new privilege: Access Topic

differentiation between Access Category and Access Topic, ie. allows you to see the category view but not actually enter the topic itself
2025-11-01 19:46:01 +01:00 · 2016-05-28 05:41:17 -04:00
parent 839ff06967
commit b37b083a4d
8 changed files with 29 additions and 14 deletions
--- a/public/src/admin/manage/category.js
+++ b/public/src/admin/manage/category.js
@@ -316,7 +316,7 @@ define('admin/manage/category', [
 			autocomplete.user(inputEl, function(ev, ui) {
 				socket.emit('admin.categories.setPrivilege', {
 					cid: ajaxify.data.category.cid,
-					privilege: ['find', 'read'],
+					privilege: ['find', 'read', 'topics:read'],
 					set: true,
 					member: ui.item.user.uid
 				}, function(err) {
--- a/src/categories/create.js
+++ b/src/categories/create.js
@@ -48,7 +48,7 @@ module.exports = function(Categories) {
 			function(data, next) {
 				category = data.category;

-				var defaultPrivileges = ['find', 'read', 'topics:create', 'topics:reply'];
+				var defaultPrivileges = ['find', 'read', 'topics:read', 'topics:create', 'topics:reply'];

 				async.series([
 					async.apply(db.setObject, 'category:' + category.cid, category),
@@ -57,7 +57,7 @@ module.exports = function(Categories) {
 					async.apply(db.sortedSetAdd, 'cid:' + parentCid + ':children', category.order, category.cid),
 					async.apply(privileges.categories.give, defaultPrivileges, category.cid, 'administrators'),
 					async.apply(privileges.categories.give, defaultPrivileges, category.cid, 'registered-users'),
-					async.apply(privileges.categories.give, ['find', 'read'], category.cid, 'guests')
+					async.apply(privileges.categories.give, ['find', 'read', 'topics:read'], category.cid, 'guests')
 				], next);
 			},
 			function(results, next) {
@@ -130,7 +130,7 @@ module.exports = function(Categories) {

 	Categories.copyPrivilegesFrom = function(fromCid, toCid, callback) {
 		var privilegeList = [
-			'find', 'read', 'topics:create', 'topics:reply', 'purge', 'mods',
+			'find', 'read', 'topics:create', 'topics:read', 'topics:reply', 'purge', 'mods',
 			'groups:find', 'groups:read', 'groups:topics:create', 'groups:topics:reply', 'groups:purge', 'groups:moderate'
 		];

--- a/src/controllers/topics.js
+++ b/src/controllers/topics.js
@@ -50,7 +50,7 @@ topicsController.get = function(req, res, callback) {

 			userPrivileges = results.privileges;

-			if (!userPrivileges.read || (parseInt(results.topic.deleted, 10) && !userPrivileges.view_deleted)) {
+			if (!userPrivileges.read || !userPrivileges['topics:read'] || (parseInt(results.topic.deleted, 10) && !userPrivileges.view_deleted)) {
 				return helpers.notAllowed(req, res);
 			}

--- a/src/privileges/categories.js
+++ b/src/privileges/categories.js
@@ -18,8 +18,9 @@ module.exports = function(privileges) {
 		// Method used in admin/category controller to show all users/groups with privs in that given cid

 		var privilegeLabels = [
-			{name: 'Find category'},
-			{name: 'Access & Read'},
+			{name: 'Find Category'},
+			{name: 'Access Category'},
+			{name: 'Access Topics'},
 			{name: 'Create Topics'},
 			{name: 'Reply to Topics'},
 			{name: 'Purge'},
@@ -27,10 +28,10 @@ module.exports = function(privileges) {
 		];

 		var userPrivilegeList = [
-			'find', 'read', 'topics:create', 'topics:reply', 'purge', 'mods'
+			'find', 'read', 'topics:read', 'topics:create', 'topics:reply', 'purge', 'mods'
 		];
 		var groupPrivilegeList = [
-			'groups:find', 'groups:read', 'groups:topics:create', 'groups:topics:reply', 'groups:purge', 'groups:moderate'
+			'groups:find', 'groups:read', 'groups:topics:read', 'groups:topics:create', 'groups:topics:reply', 'groups:purge', 'groups:moderate'
 		];

 		async.parallel({
@@ -162,6 +163,9 @@ module.exports = function(privileges) {
 			'topics:create': function(next) {
 				helpers.isUserAllowedTo('topics:create', uid, [cid], next);
 			},
+			'topics:read': function(next) {
+				helpers.isUserAllowedTo('topics:read', uid, [cid], next);
+			},
 			read: function(next) {
 				helpers.isUserAllowedTo('read', uid, [cid], next);
 			},
@@ -182,6 +186,7 @@ module.exports = function(privileges) {
 				cid: cid,
 				uid: uid,
 				'topics:create': results['topics:create'][0] || isAdminOrMod,
+				'topics:read': results['topics:read'][0] || isAdminOrMod,
 				editable: isAdminOrMod,
 				view_deleted: isAdminOrMod,
 				read: results.read[0] || isAdminOrMod,
@@ -356,6 +361,9 @@ module.exports = function(privileges) {
 			'topics:create': function(next) {
 				groups.isMember(uid, 'cid:' + cid + ':privileges:topics:create', next);
 			},
+			'topics:read': function(next) {
+				groups.isMember(uid, 'cid:' + cid + ':privileges:topics:read', next);
+			},
 			'topics:reply': function(next) {
 				groups.isMember(uid, 'cid:' + cid + ':privileges:topics:reply', next);
 			},
@@ -376,6 +384,9 @@ module.exports = function(privileges) {
 			},
 			'groups:topics:reply': function(next) {
 				groups.isMember(groupName, 'cid:' + cid + ':privileges:groups:topics:reply', next);
+			},
+			'groups:topics:read': function(next) {
+				groups.isMember(groupName, 'cid:' + cid + ':privileges:groups:topics:read', next);
 			}
 		}, callback);
 	};
--- a/src/privileges/topics.js
+++ b/src/privileges/topics.js
@@ -21,6 +21,7 @@ module.exports = function(privileges) {
 				topic = _topic;
 				async.parallel({
 					'topics:reply': async.apply(helpers.isUserAllowedTo, 'topics:reply', uid, [topic.cid]),
+					'topics:read': async.apply(helpers.isUserAllowedTo, 'topics:read', uid, [topic.cid]),
 					read: async.apply(helpers.isUserAllowedTo, 'read', uid, [topic.cid]),
 					isOwner: function(next) {
 						next(null, !!parseInt(uid, 10) && parseInt(uid, 10) === parseInt(topic.uid, 10));
@@ -44,6 +45,7 @@ module.exports = function(privileges) {
 			plugins.fireHook('filter:privileges.topics.get', {
 				'topics:reply': (results['topics:reply'][0] && !locked) || isAdminOrMod,
 				read: results.read[0] || isAdminOrMod,
+				'topics:read': results['topics:read'][0] || isAdminOrMod,
 				view_thread_tools: editable || deletable,
 				editable: editable,
 				deletable: deletable,
--- a/src/routes/feeds.js
+++ b/src/routes/feeds.js
@@ -38,7 +38,7 @@ function generateForTopic(req, res, callback) {
 			if (parseInt(results.topic.deleted, 10) && !results.privileges.view_deleted) {
 				return callback();
 			}
-			if (!results.privileges.read) {
+			if (!results.privileges.read || !results.privileges['topics:read']) {
 				return helpers.notAllowed(req, res);
 			}
 			userPrivileges = results.privileges;
--- a/src/views/admin/partials/categories/groups.tpl
+++ b/src/views/admin/partials/categories/groups.tpl
@@ -5,8 +5,9 @@
 			Privileges <span class="caret"></span>
 		</button>
 		<ul class="dropdown-menu" role="menu">
-			<li role="presentation"><a href="#" data-priv="groups:find" class="<!-- IF groups.privileges.groups:find -->active<!-- ENDIF groups.privileges.groups:find -->">Find category</a></li>
-			<li role="presentation"><a href="#" data-priv="groups:read" class="<!-- IF groups.privileges.groups:read -->active<!-- ENDIF groups.privileges.groups:read -->">Access &amp; Read</a></li>
+			<li role="presentation"><a href="#" data-priv="groups:find" class="<!-- IF groups.privileges.groups:find -->active<!-- ENDIF groups.privileges.groups:find -->">Find Category</a></li>
+			<li role="presentation"><a href="#" data-priv="groups:read" class="<!-- IF groups.privileges.groups:read -->active<!-- ENDIF groups.privileges.groups:read -->">Access Category</a></li>
+			<li role="presentation"><a href="#" data-priv="groups:topics:read" class="<!-- IF groups.privileges.groups:topics:read -->active<!-- ENDIF groups.privileges.groups:topics:read -->">Access Topics</a></li>
 			<li role="presentation"><a href="#" data-priv="groups:topics:create" class="<!-- IF groups.privileges.groups:topics:create -->active<!-- ENDIF groups.privileges.groups:topics:create -->">Create Topics</a></li>
 			<li role="presentation"><a href="#" data-priv="groups:topics:reply" class="<!-- IF groups.privileges.groups:topics:reply -->active<!-- ENDIF groups.privileges.groups:topics:reply -->">Reply to Topics</a></li>
 		</ul>
--- a/src/views/admin/partials/categories/users.tpl
+++ b/src/views/admin/partials/categories/users.tpl
@@ -5,8 +5,9 @@
 			Privileges <span class="caret"></span>
 		</button>
 		<ul class="dropdown-menu" role="menu">
-			<li role="presentation"><a href="#" data-priv="find" class="<!-- IF users.privileges.find -->active<!-- ENDIF users.privileges.find -->">Find category</a></li>
-			<li role="presentation"><a href="#" data-priv="read" class="<!-- IF users.privileges.read -->active<!-- ENDIF users.privileges.read -->">Access &amp; Read</a></li>
+			<li role="presentation"><a href="#" data-priv="find" class="<!-- IF users.privileges.find -->active<!-- ENDIF users.privileges.find -->">Find Category</a></li>
+			<li role="presentation"><a href="#" data-priv="read" class="<!-- IF users.privileges.read -->active<!-- ENDIF users.privileges.read -->">Access Category</a></li>
+			<li role="presentation"><a href="#" data-priv="topics:read" class="<!-- IF users.privileges.topics:read -->active<!-- ENDIF users.privileges.topics:read -->">Access Topics</a></li>
 			<li role="presentation"><a href="#" data-priv="topics:create" class="<!-- IF users.privileges.topics:create -->active<!-- ENDIF users.privileges.topics:create -->">Create Topics</a></li>
 			<li role="presentation"><a href="#" data-priv="topics:reply" class="<!-- IF users.privileges.topics:reply -->active<!-- ENDIF users.privileges.topics:reply -->">Reply to Topics</a></li>
 			<li role="presentation" class="divider"></li>