closes #1924

2025-11-02 03:55:55 +01:00 · 2014-07-30 15:14:04 -04:00
parent 7e82d3d9a5
commit cfc67d4e90
8 changed files with 24 additions and 33 deletions
--- a/src/controllers/categories.js
+++ b/src/controllers/categories.js
@@ -70,11 +70,13 @@ categoriesController.get = function(req, res, next) {
 	async.waterfall([
 		function(next) {
-			categories.getCategoryField(cid, 'disabled', function(err, disabled) {
+			categories.getCategoryField(cid, 'disabled', next);
 				next(disabled === '1' ? new Error('category-disabled') : undefined);
 			});
 		},
-		function(next) {
+		function(disabled, next) {
 			if (parseInt(disabled, 10) === 1) {
 				return next(new Error('category-disabled'));
 			}
 			privileges.categories.get(cid, uid, function(err, categoryPrivileges) {
 				if (err) {
 					return next(err);
@@ -163,11 +165,7 @@ categoriesController.get = function(req, res, next) {
 		}
 	], function (err, data) {
 		if (err) {
-			if (err.message === '[[error:no-privileges]]') {
+			return res.locals.isAPI ? res.json(404, 'not-found') : res.redirect(nconf.get('relative_path') + '/404');
 				return res.locals.isAPI ? res.json(403, err.message) : res.redirect('403');
 			} else {
 				return res.locals.isAPI ? res.json(404, 'not-found') : res.redirect('404');
 			}
 		}
 		if (data.link) {
--- a/src/controllers/groups.js
+++ b/src/controllers/groups.js
@@ -30,7 +30,7 @@ groupsController.details = function(req, res) {
 		if (!err) {
 			res.render('groups/details', results);
 		} else {
-			res.redirect('404');
+			res.redirect(nconf.get('relative_path') + '/404')
 		}
 	});
 };
--- a/src/controllers/index.js
+++ b/src/controllers/index.js
@@ -188,7 +188,7 @@ Controllers.confirmEmail = function(req, res, next) {
 Controllers.sitemap = function(req, res, next) {
 	if (meta.config['feeds:disableSitemap'] === '1') {
-		return res.redirect('404');
+		return res.redirect(nconf.get('relative_path') + '/404')
 	}
 	var sitemap = require('../sitemap.js');
--- a/src/controllers/topics.js
+++ b/src/controllers/topics.js
@@ -24,7 +24,7 @@ topicsController.get = function(req, res, next) {
 			privileges.topics.get(tid, uid, next);
 		},
 		function (privileges, next) {
-			if (!privileges.read) {
+			if (!privileges.read || privileges.disabled) {
 				return next(new Error('[[error:no-privileges]]'));
 			}
@@ -164,11 +164,7 @@ topicsController.get = function(req, res, next) {
 		}
 	], function (err, data) {
 		if (err) {
-			if (err.message === '[[error:no-privileges]]') {
+			return res.locals.isAPI ? res.json(404, 'not-found') : res.redirect(nconf.get('relative_path') + '/404');
 				return res.locals.isAPI ? res.json(403, err.message) : res.redirect('403');
 			} else {
 				return res.locals.isAPI ? res.json(404, 'not-found') : res.redirect('404');
 			}
 		}
 		data.privileges = userPrivileges;
--- a/src/middleware/middleware.js
+++ b/src/middleware/middleware.js
@@ -161,11 +161,7 @@ middleware.checkAccountPermissions = function(req, res, next) {
 		}
 		if (!uid) {
-			if (res.locals.isAPI) {
+			return res.locals.isAPI ? res.json(404, 'not-found') : res.redirect(nconf.get('relative_path') + '/404');
 				return res.json(404, 'not-found');
 			} else {
 				return res.redirect('404');
 			}
 		}
 		if (parseInt(uid, 10) === callerUID) {
@@ -181,11 +177,7 @@ middleware.checkAccountPermissions = function(req, res, next) {
 				return next();
 			}
-			if (res.locals.isAPI) {
+			res.locals.isAPI ? res.json(403, 'not-allowed') : res.redirect(nconf.get('relative_path') + '/403');
 				return res.json(403, 'not-allowed');
 			} else {
 				return res.redirect('403');
 			}
 		});
 	});
 };
--- a/src/privileges/topics.js
+++ b/src/privileges/topics.js
@@ -39,13 +39,17 @@ module.exports = function(privileges) {
 				},
 				isModerator: function(next) {
 					user.isModerator(uid, cid, next);
 				},
 				disabled: function(next) {
 					categories.getCategoryField(cid, 'disabled', next);
 				}
 			}, function(err, results) {
 				if(err) {
 					return callback(err);
 				}
 				var disabled = parseInt(results.disabled, 10) === 1;
 				var	isAdminOrMod = results.isAdministrator || results.isModerator;
-				var editable =  isAdminOrMod || results.manage_topic;
+				var editable = isAdminOrMod || results.manage_topic;
 				var deletable = isAdminOrMod || results.isOwner;
 				callback(null, {
@@ -54,7 +58,8 @@ module.exports = function(privileges) {
 					view_thread_tools: editable || deletable,
 					editable: editable,
 					deletable: deletable,
-					view_deleted: isAdminOrMod || results.manage_topic || results.isOwner
+					view_deleted: isAdminOrMod || results.manage_topic || results.isOwner,
 					disabled: disabled
 				});
 			});
 		});
--- a/src/routes/feeds.js
+++ b/src/routes/feeds.js
@@ -31,7 +31,7 @@ function hasPrivileges(method, id, req, res, next) {
 		}
 		if (!canRead) {
-			return res.redirect('403');
+			return res.redirect(nconf.get('relative_path') + '/403')
 		}
 		return next();
@@ -53,7 +53,7 @@ function generateForTopic(req, res, next) {
 			}
 			if (topicData.deleted && !userPrivileges.view_deleted) {
-				return res.redirect('404');
+				return res.redirect(nconf.get('relative_path') + '/404')
 			}
 			var description = topicData.posts.length ? topicData.posts[0].content : '';
@@ -133,7 +133,7 @@ function generateForPopular(req, res, next) {
 function disabledRSS(req, res, next) {
 	if (meta.config['feeds:disableRSS'] === '1') {
-		return res.redirect('404');
+		return res.redirect(nconf.get('relative_path') + '/404')
 	}
 	next();
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -216,7 +216,7 @@ function handleErrors(err, req, res, next) {
 	req.flash('errorMessage', err.message);
-	res.redirect('500');
+	res.redirect(nconf.get('relative_path') + '/500')
 }
 function catch404(req, res, next) {