mirror of
https://github.com/NodeBB/NodeBB.git
synced 2025-11-15 10:16:12 +01:00
Julian Lam
@@ -2,6 +2,8 @@
|
||||
|
||||
const categories = require('../categories');
|
||||
const events = require('../events');
|
||||
const user = require('../user');
|
||||
const groups = require('../groups');
|
||||
const privileges = require('../privileges');
|
||||
|
||||
const categoriesAPI = module.exports;
|
||||
@@ -39,3 +41,50 @@ categoriesAPI.delete = async function (caller, data) {
|
||||
name: name,
|
||||
});
|
||||
};
|
||||
|
||||
categoriesAPI.getPrivileges = async (caller, cid) => {
|
||||
let responsePayload;
|
||||
|
||||
if (cid === 'admin') {
|
||||
responsePayload = await privileges.admin.list(caller.uid);
|
||||
} else if (!parseInt(cid, 10)) {
|
||||
responsePayload = await privileges.global.list();
|
||||
} else {
|
||||
responsePayload = await privileges.categories.list(cid);
|
||||
}
|
||||
|
||||
// The various privilege .list() methods return superfluous data for the template, return only a minimal set
|
||||
const validKeys = ['users', 'groups'];
|
||||
Object.keys(responsePayload).forEach((key) => {
|
||||
if (!validKeys.includes(key)) {
|
||||
delete responsePayload[key];
|
||||
}
|
||||
});
|
||||
|
||||
return responsePayload;
|
||||
};
|
||||
|
||||
categoriesAPI.setPrivilege = async (caller, data) => {
|
||||
const [userExists, groupExists] = await Promise.all([
|
||||
user.exists(data.member),
|
||||
groups.exists(data.member),
|
||||
]);
|
||||
|
||||
if (!userExists && !groupExists) {
|
||||
throw new Error('[[error:no-user-or-group]]');
|
||||
}
|
||||
|
||||
await privileges.categories[data.set ? 'give' : 'rescind'](
|
||||
Array.isArray(data.privilege) ? data.privilege : [data.privilege], data.cid, data.member
|
||||
);
|
||||
|
||||
await events.log({
|
||||
uid: caller.uid,
|
||||
type: 'privilege-change',
|
||||
ip: caller.ip,
|
||||
privilege: data.privilege.toString(),
|
||||
cid: data.cid,
|
||||
action: data.set ? 'grant' : 'rescind',
|
||||
target: data.member,
|
||||
});
|
||||
};
|
||||
|
||||
@@ -42,3 +42,27 @@ Categories.delete = async (req, res) => {
|
||||
await api.categories.delete(req, { cid: req.params.cid });
|
||||
helpers.formatApiResponse(200, res);
|
||||
};
|
||||
|
||||
Categories.getPrivileges = async (req, res) => {
|
||||
if (!await privileges.admin.can('admin:privileges', req.uid)) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
|
||||
const privilegeSet = await api.categories.getPrivileges(req, req.params.cid);
|
||||
helpers.formatApiResponse(200, res, privilegeSet);
|
||||
};
|
||||
|
||||
Categories.setPrivilege = async (req, res) => {
|
||||
if (!await privileges.admin.can('admin:privileges', req.uid)) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
|
||||
await api.categories.setPrivilege(req, {
|
||||
...req.params,
|
||||
member: req.body.member,
|
||||
set: req.method === 'PUT',
|
||||
});
|
||||
|
||||
const privilegeSet = await api.categories.getPrivileges(req, req.params.cid);
|
||||
helpers.formatApiResponse(200, res, privilegeSet);
|
||||
};
|
||||
|
||||
@@ -15,5 +15,9 @@ module.exports = function () {
|
||||
setupApiRoute(router, 'put', '/:cid', [...middlewares], controllers.write.categories.update);
|
||||
setupApiRoute(router, 'delete', '/:cid', [...middlewares], controllers.write.categories.delete);
|
||||
|
||||
setupApiRoute(router, 'get', '/:cid/privileges', [...middlewares], controllers.write.categories.getPrivileges);
|
||||
setupApiRoute(router, 'put', '/:cid/privileges/:privilege', [...middlewares, middleware.checkRequired.bind(null, ['member'])], controllers.write.categories.setPrivilege);
|
||||
setupApiRoute(router, 'delete', '/:cid/privileges/:privilege', [...middlewares, middleware.checkRequired.bind(null, ['member'])], controllers.write.categories.setPrivilege);
|
||||
|
||||
return router;
|
||||
};
|
||||
|
||||
@@ -2,12 +2,8 @@
|
||||
|
||||
const winston = require('winston');
|
||||
|
||||
const groups = require('../../groups');
|
||||
const user = require('../../user');
|
||||
const categories = require('../../categories');
|
||||
const privileges = require('../../privileges');
|
||||
const plugins = require('../../plugins');
|
||||
const events = require('../../events');
|
||||
const api = require('../../api');
|
||||
const sockets = require('..');
|
||||
|
||||
@@ -55,40 +51,21 @@ Categories.update = async function (socket, data) {
|
||||
};
|
||||
|
||||
Categories.setPrivilege = async function (socket, data) {
|
||||
sockets.warnDeprecated(socket, 'PUT /api/v3/categories/:cid/privileges/:privilege');
|
||||
|
||||
if (!data) {
|
||||
throw new Error('[[error:invalid-data]]');
|
||||
}
|
||||
const [userExists, groupExists] = await Promise.all([
|
||||
user.exists(data.member),
|
||||
groups.exists(data.member),
|
||||
]);
|
||||
|
||||
if (!userExists && !groupExists) {
|
||||
throw new Error('[[error:no-user-or-group]]');
|
||||
}
|
||||
|
||||
await privileges.categories[data.set ? 'give' : 'rescind'](
|
||||
Array.isArray(data.privilege) ? data.privilege : [data.privilege], data.cid, data.member
|
||||
);
|
||||
|
||||
await events.log({
|
||||
uid: socket.uid,
|
||||
type: 'privilege-change',
|
||||
ip: socket.ip,
|
||||
privilege: data.privilege.toString(),
|
||||
cid: data.cid,
|
||||
action: data.set ? 'grant' : 'rescind',
|
||||
target: data.member,
|
||||
});
|
||||
return await api.categories.setPrivilege(socket, data);
|
||||
};
|
||||
|
||||
Categories.getPrivilegeSettings = async function (socket, cid) {
|
||||
if (cid === 'admin') {
|
||||
return await privileges.admin.list(socket.uid);
|
||||
} else if (!parseInt(cid, 10)) {
|
||||
return await privileges.global.list();
|
||||
sockets.warnDeprecated(socket, 'GET /api/v3/categories/:cid/privileges');
|
||||
|
||||
if (!isFinite(cid) && cid !== 'admin') {
|
||||
throw new Error('[[error:invalid-data]]');
|
||||
}
|
||||
return await privileges.categories.list(cid);
|
||||
return await api.categories.getPrivileges(socket, cid);
|
||||
};
|
||||
|
||||
Categories.copyPrivilegesToChildren = async function (socket, data) {
|
||||
|
||||
@@ -57,6 +57,8 @@
|
||||
{function.spawnPrivilegeStates, privileges.groups.name, ../privileges}
|
||||
</tr>
|
||||
<!-- END privileges.groups -->
|
||||
</tbody>
|
||||
<tfoot>
|
||||
<tr>
|
||||
<td colspan="{privileges.columnCountGroup}">
|
||||
<div class="btn-toolbar">
|
||||
@@ -79,7 +81,7 @@
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</tfoot>
|
||||
</table>
|
||||
<div class="help-block">
|
||||
[[admin/manage/categories:privileges.inherit]]
|
||||
|
||||
@@ -29,6 +29,8 @@
|
||||
{function.spawnPrivilegeStates, privileges.groups.name, ../privileges}
|
||||
</tr>
|
||||
<!-- END privileges.groups -->
|
||||
</tbody>
|
||||
<tfoot>
|
||||
<tr>
|
||||
<td colspan="{privileges.columnCount}">
|
||||
<div class="btn-toolbar">
|
||||
@@ -39,7 +41,7 @@
|
||||
</div>
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</tfoot>
|
||||
</table>
|
||||
<div class="help-block">
|
||||
[[admin/manage/categories:privileges.inherit]]
|
||||
|
||||
Reference in New Issue
Block a user