new priv for uploads

2025-11-01 19:46:01 +01:00 · 2016-07-12 19:58:59 +03:00
parent 03208807e4
commit d2cbd7e6dc
7 changed files with 119 additions and 45 deletions
--- a/src/categories/create.js
+++ b/src/categories/create.js
@@ -48,7 +48,7 @@ module.exports = function(Categories) {
 			function(data, next) {
 				category = data.category;

-				var defaultPrivileges = ['find', 'read', 'topics:read', 'topics:create', 'topics:reply'];
+				var defaultPrivileges = ['find', 'read', 'topics:read', 'topics:create', 'topics:reply', 'upload:post:image'];

 				async.series([
 					async.apply(db.setObject, 'category:' + category.cid, category),
--- a/src/controllers/uploads.js
+++ b/src/controllers/uploads.js
@@ -12,17 +12,13 @@ var meta = require('../meta');
 var file = require('../file');
 var plugins = require('../plugins');
 var image = require('../image');
+var privileges = require('../privileges');

 var uploadsController = {};

 uploadsController.upload = function(req, res, filesIterator) {
 	var files = req.files.files;

-	if (!req.user && meta.config.allowGuestUploads !== '1') {
-		deleteTempFiles(files);
-		return res.status(403).json('[[error:guest-upload-disabled]]');
-	}
-
 	if (!Array.isArray(files)) {
 		return res.status(500).json('invalid files');
 	}
@@ -47,35 +43,57 @@ uploadsController.upload = function(req, res, filesIterator) {
 uploadsController.uploadPost = function(req, res, next) {
 	uploadsController.upload(req, res, function(uploadedFile, next) {
 		var isImage = uploadedFile.type.match(/image./);
-		if (isImage && plugins.hasListeners('filter:uploadImage')) {
-			return plugins.fireHook('filter:uploadImage', {image: uploadedFile, uid: req.uid}, next);
+		if (isImage) {
+			uploadAsImage(req, uploadedFile, next);
+		} else {
+			uploadAsFile(req, uploadedFile, next);
 		}
+	}, next);
+};

+function uploadAsImage(req, uploadedFile, callback) {
 	async.waterfall([
 		function(next) {
-				if (isImage) {
-					file.isFileTypeAllowed(uploadedFile.path, next);
-				} else {
-					next();
+			privileges.categories.can('upload:post:image', req.body.cid, req.uid, next);
+		},
+		function(canUpload, next) {
+			if (!canUpload) {
+				return next(new Error('[[error:no-privileges]]'));
 			}
+			if (plugins.hasListeners('filter:uploadImage')) {
+				return plugins.fireHook('filter:uploadImage', {image: uploadedFile, uid: req.uid}, callback);
+			}
+			file.isFileTypeAllowed(uploadedFile.path, next);
 		},
 		function(next) {
-				if (parseInt(meta.config.allowFileUploads, 10) !== 1) {
-					return next(new Error('[[error:uploads-are-disabled]]'));
-				}
 			uploadFile(req.uid, uploadedFile, next);
 		},
 		function(fileObj, next) {
-				if (!isImage || parseInt(meta.config.maximumImageWidth, 10) === 0) {
-					// Not an image, or resizing disabled. No need to resize.
+			if (parseInt(meta.config.maximumImageWidth, 10) === 0) {
 				return next(null, fileObj);
 			}

 			resizeImage(fileObj, next);
 		}
-		], next);
-	}, next);
-};
+	], callback);
+}
+
+function uploadAsFile(req, uploadedFile, callback) {
+	async.waterfall([
+		function(next) {
+			privileges.categories.can('upload:post:file', req.body.cid, req.uid, next);
+		},
+		function(canUpload, next) {
+			if (!canUpload) {
+				return next(new Error('[[error:no-privileges]]'));
+			}
+			if (parseInt(meta.config.allowFileUploads, 10) !== 1) {
+				return next(new Error('[[error:uploads-are-disabled]]'));
+			}
+			uploadFile(req.uid, uploadedFile, next);
+		}
+	], callback);
+}

 function resizeImage(fileObj, callback) {
 	var fullPath;
--- a/src/privileges.js
+++ b/src/privileges.js
@@ -2,8 +2,29 @@

 var privileges = {};

-privileges.userPrivilegeList = ['find', 'read', 'topics:read', 'topics:create', 'topics:reply', 'purge', 'mods'];
-privileges.groupPrivilegeList = ['groups:find', 'groups:read', 'groups:topics:read', 'groups:topics:create', 'groups:topics:reply', 'groups:purge', 'groups:moderate'];
+privileges.userPrivilegeList = [
+	'find',
+	'read',
+	'topics:read',
+	'topics:create',
+	'topics:reply',
+	'upload:post:image',
+	'upload:post:file',
+	'purge',
+	'mods'
+];
+
+privileges.groupPrivilegeList = [
+	'groups:find',
+	'groups:read',
+	'groups:topics:read',
+	'groups:topics:create',
+	'groups:topics:reply',
+	'groups:upload:post:image',
+	'groups:upload:post:file',
+	'groups:purge',
+	'groups:moderate'
+];

 privileges.privilegeList = privileges.userPrivilegeList.concat(privileges.groupPrivilegeList);

--- a/src/privileges/categories.js
+++ b/src/privileges/categories.js
@@ -23,6 +23,8 @@ module.exports = function(privileges) {
 			{name: 'Access Topics'},
 			{name: 'Create Topics'},
 			{name: 'Reply to Topics'},
+			{name: 'Upload Images'},
+			{name: 'Upload Files'},
 			{name: 'Purge'},
 			{name: 'Moderate'}
 		];
--- a/src/routes/api.js
+++ b/src/routes/api.js
@@ -1,8 +1,8 @@
 "use strict";

-var express = require('express'),
+var express = require('express');

-	uploadsController = require('../controllers/uploads');
+var uploadsController = require('../controllers/uploads');

 module.exports =  function(app, middleware, controllers) {

--- a/src/upgrade.js
+++ b/src/upgrade.js
@@ -10,7 +10,7 @@ var db = require('./database'),
 	schemaDate, thisSchemaDate,

 	// IMPORTANT: REMEMBER TO UPDATE VALUE OF latestSchema
-	latestSchema = Date.UTC(2016, 5, 13);
+	latestSchema = Date.UTC(2016, 6, 12);

 Upgrade.check = function(callback) {
 	db.get('schemaDate', function(err, value) {
@@ -617,6 +617,46 @@ Upgrade.upgrade = function(callback) {
 				winston.info('[2016/06/13] Store upvotes/downvotes separately skipped!');
 				next();
 			}
+		},
+		function(next) {
+			thisSchemaDate = Date.UTC(2016, 6, 12);
+
+			if (schemaDate < thisSchemaDate) {
+				updatesMade = true;
+				winston.info('[2016/07/12] Giving upload privileges');
+				var privilegesAPI = require('./privileges');
+				var meta = require('./meta');
+
+				db.getSortedSetRange('categories:cid', 0, -1, function(err, cids) {
+					async.eachSeries(cids, function(cid, next) {
+						privilegesAPI.categories.list(cid, function(err, data) {
+							if (err) {
+								return next(err);
+							}
+							async.eachSeries(data.groups, function(group, next) {
+								if (group.name === 'guests' && parseInt(meta.config.allowGuestUploads, 10) !== 1) {
+									return next();
+								}
+								if (group.privileges['groups:read']) {
+									privilegesAPI.categories.give(['upload:post:image'], cid, group.name, next);
+								} else {
+									next();
+								}
+							}, next);
+						});
+					}, function(err) {
+						if (err) {
+							return next(err);
+						}
+
+						winston.info('[2016/07/12] Upload privileges done');
+						Upgrade.update(thisSchemaDate, next);
+					});
+				});
+			} else {
+				winston.info('[2016/07/12] Upload privileges skipped!');
+				next();
+			}
 		}
 		// Add new schema updates here
 		// IMPORTANT: REMEMBER TO UPDATE VALUE OF latestSchema IN LINE 24!!!
--- a/src/views/admin/settings/uploads.tpl
+++ b/src/views/admin/settings/uploads.tpl
@@ -20,13 +20,6 @@
 				</label>
 			</div>

-			<div class="checkbox">
-				<label class="mdl-switch mdl-js-switch mdl-js-ripple-effect">
-					<input class="mdl-switch__input" type="checkbox" data-field="allowGuestUploads">
-					<span class="mdl-switch__label"><strong>Allow Guests to Upload Files</strong></span>
-				</label>
-			</div>
-			
 			<div class="form-group">
 				<label for="maximumImageWidth">Resize images down to specified width (in pixels)</label>
 				<input type="text" class="form-control" value="760" data-field="maximumImageWidth" placeholder="760">