closes #1864

doing andrew's //todo's since 1991
2025-10-27 09:06:15 +01:00 · 2014-07-20 21:10:23 -04:00
parent 04c6ca2ebb
commit ef8bbdd359
5 changed files with 40 additions and 18 deletions
--- a/public/src/forum/account/header.js
+++ b/public/src/forum/account/header.js
@@ -10,10 +10,6 @@ define('forum/account/header', function() {
 		var yourid = ajaxify.variables.get('yourid'),
 			theirid = ajaxify.variables.get('theirid');

-		var editLink = $('#editLink'),
-			settingsLink = $('#settingsLink'),
-			favouritesLink = $('#favouritesLink');
-
 		if (parseInt(yourid, 10) !== 0 && parseInt(yourid, 10) === parseInt(theirid, 10)) {
 			$('#editLink, #settingsLink, #favouritesLink').removeClass('hide');
 		} else {
@@ -24,7 +20,7 @@ define('forum/account/header', function() {
 		}

 		if (app.isAdmin) {
-			editLink.removeClass('hide');
+			$('#editLink, #settingsLink').removeClass('hide');
 		}
 	}

--- a/public/src/forum/account/settings.js
+++ b/public/src/forum/account/settings.js
@@ -26,20 +26,22 @@ define('forum/account/settings', ['forum/account/header'], function(header) {
 				}
 			});

-			socket.emit('user.saveSettings', settings, function(err) {
+			socket.emit('user.saveSettings', {uid: ajaxify.variables.get('theirid'), settings: settings}, function(err) {
 				if (err) {
 					return app.alertError(err.message);
 				}

 				app.alertSuccess('[[success:settings-saved]]');
 				app.loadConfig();
-				ajaxify.refresh();
+				if (parseInt(app.uid, 10) === parseInt(ajaxify.variables.get('theirid'), 10)) {
+					ajaxify.refresh();
+				}
 			});

 			return false;
 		});

-		socket.emit('user.getSettings', function(err, settings) {
+		socket.emit('user.getSettings', {uid: ajaxify.variables.get('theirid')}, function(err, settings) {
 			var inputs = $('.account').find('input, textarea, select');

 			inputs.each(function(index, input) {
--- a/src/controllers/accounts.js
+++ b/src/controllers/accounts.js
@@ -346,10 +346,6 @@ accountsController.accountSettings = function(req, res, next) {
 			return userNotFound(res);
 		}

-		if (parseInt(userData.uid, 10) !== callerUID) {
-			return userNotAllowed(res);
-		}
-
 		async.parallel({
 			settings: function(next) {
 				plugins.fireHook('filter:user.settings', [], next);
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -112,7 +112,6 @@ function accountRoutes(app, middleware, controllers) {
 	app.get('/user/:userslug/edit', middleware.buildHeader, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountEdit);
 	app.get('/api/user/:userslug/edit', middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountEdit);

-	// todo: admin recently gained access to this page, pls check if it actually works
 	app.get('/user/:userslug/settings', middleware.buildHeader, middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountSettings);
 	app.get('/api/user/:userslug/settings', middleware.checkGlobalPrivacySettings, middleware.checkAccountPermissions, controllers.accounts.accountSettings);

--- a/src/socket.io/user.js
+++ b/src/socket.io/user.js
@@ -140,7 +140,6 @@ SocketUser.changePicture = function(socket, data, callback) {
 			if(err) {
 				return callback(err);
 			}
-
 		});
 		return;
 	}
@@ -172,18 +171,48 @@ SocketUser.unfollow = function(socket, data, callback) {

 SocketUser.getSettings = function(socket, data, callback) {
 	if (socket.uid) {
-		user.getSettings(socket.uid, callback);
+		if (socket.uid === parseInt(data.uid, 10)) {
+			return user.getSettings(socket.uid, callback);
+		}
+
+		user.isAdministrator(socket.uid, function(err, isAdmin) {
+			if (err) {
+				return callback(err);
+			}
+
+			if (!isAdmin) {
+				return callback(new Error('[[error:no-privileges]]'));
+			}
+
+			user.getSettings(data.uid, callback);
+		});
 	}
 };

 SocketUser.saveSettings = function(socket, data, callback) {
-	if (socket.uid && data) {
-		user.saveSettings(socket.uid, data, callback);
+	if (!socket.uid || !data) {
+		return callback(new Error('[[error:invalid-data]]'));
 	}
+
+	if (socket.uid === parseInt(data.uid, 10)) {
+		return user.saveSettings(socket.uid, data.settings, callback);
+	}
+
+	user.isAdministrator(socket.uid, function(err, isAdmin) {
+		if (err) {
+			return callback(err);
+		}
+
+		if (!isAdmin) {
+			return callback(new Error('[[error:no-privileges]]'));
+		}
+
+		user.saveSettings(data.uid, data.settings, callback);
+	});
 };

 SocketUser.setTopicSort = function(socket, sort, callback) {
-	if(socket.uid) {
+	if (socket.uid) {
 		user.setSetting(socket.uid, 'topicPostSort', sort, callback);
 	}
 };