Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-10 16:05:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #6806

Browse Source 
3 new global privileges
view:users
view:tags
view:groups
This commit is contained in:
Barış Soner Uşaklı
2019-02-05 12:08:18 -05:00
parent ae779ea4f9
commit c72da5595a
22 changed files with 160 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/middleware/user.js
View File

@@ -2,6 +2,7 @@
var async = require('async');
var nconf = require('nconf');
var winston = require('winston');
var meta = require('../meta');
var user = require('../user');
@@ -87,11 +88,26 @@ module.exports = function (middleware) {
}
middleware.checkGlobalPrivacySettings = function checkGlobalPrivacySettings(req, res, next) {
if (!req.loggedIn && meta.config.privateUserInfo) {
return middleware.authenticate(req, res, next);
}
winston.warn('[middleware], checkGlobalPrivacySettings deprecated, use canViewUsers or canViewGroups');
middleware.canViewUsers(req, res, next);
};
next();
middleware.canViewUsers = function canViewUsers(req, res, next) {
privileges.global.can('view:users', req.uid, function (err, canView) {
if (err || canView) {
return next(err);
}
controllers.helpers.notAllowed(req, res);
});
};
middleware.canViewGroups = function canViewGroups(req, res, next) {
privileges.global.can('view:groups', req.uid, function (err, canView) {
if (err || canView) {
return next(err);
}
controllers.helpers.notAllowed(req, res);
});
};
middleware.checkAccountPermissions = function checkAccountPermissions(req, res, next) {