mirror of
https://github.com/NodeBB/NodeBB.git
synced 2025-10-31 11:05:54 +01:00
category whitelisting for posting messages, isAdmin now error-first
This commit is contained in:
Julian Lam
@@ -6,7 +6,7 @@ var RDB = require('../redis'),
|
|||||||
(function(UserAdmin) {
|
(function(UserAdmin) {
|
||||||
|
|
||||||
UserAdmin.makeAdmin = function(uid, theirid, socket) {
|
UserAdmin.makeAdmin = function(uid, theirid, socket) {
|
||||||
user.isAdministrator(uid, function(isAdmin) {
|
user.isAdministrator(uid, function(err, isAdmin) {
|
||||||
if (isAdmin) {
|
if (isAdmin) {
|
||||||
Groups.getGidFromName('Administrators', function(err, gid) {
|
Groups.getGidFromName('Administrators', function(err, gid) {
|
||||||
Groups.join(gid, theirid, function(err) {
|
Groups.join(gid, theirid, function(err) {
|
||||||
@@ -32,7 +32,7 @@ var RDB = require('../redis'),
|
|||||||
};
|
};
|
||||||
|
|
||||||
UserAdmin.removeAdmin = function(uid, theirid, socket) {
|
UserAdmin.removeAdmin = function(uid, theirid, socket) {
|
||||||
user.isAdministrator(uid, function(isAdmin) {
|
user.isAdministrator(uid, function(err, isAdmin) {
|
||||||
if (isAdmin) {
|
if (isAdmin) {
|
||||||
Groups.getGidFromName('Administrators', function(err, gid) {
|
Groups.getGidFromName('Administrators', function(err, gid) {
|
||||||
Groups.leave(gid, theirid, function(err) {
|
Groups.leave(gid, theirid, function(err) {
|
||||||
@@ -52,8 +52,8 @@ var RDB = require('../redis'),
|
|||||||
};
|
};
|
||||||
|
|
||||||
UserAdmin.banUser = function(uid, theirid, socket, callback) {
|
UserAdmin.banUser = function(uid, theirid, socket, callback) {
|
||||||
user.isAdministrator(uid, function(amIAdmin) {
|
user.isAdministrator(uid, function(err, amIAdmin) {
|
||||||
user.isAdministrator(theirid, function(areTheyAdmin) {
|
user.isAdministrator(theirid, function(err, areTheyAdmin) {
|
||||||
if (amIAdmin && !areTheyAdmin) {
|
if (amIAdmin && !areTheyAdmin) {
|
||||||
user.ban(theirid, function(err, result) {
|
user.ban(theirid, function(err, result) {
|
||||||
callback(true);
|
callback(true);
|
||||||
@@ -70,7 +70,7 @@ var RDB = require('../redis'),
|
|||||||
};
|
};
|
||||||
|
|
||||||
UserAdmin.unbanUser = function(uid, theirid, socket) {
|
UserAdmin.unbanUser = function(uid, theirid, socket) {
|
||||||
user.isAdministrator(uid, function(amIAdmin) {
|
user.isAdministrator(uid, function(err, amIAdmin) {
|
||||||
if (amIAdmin) {
|
if (amIAdmin) {
|
||||||
user.unban(theirid, function(err, result) {
|
user.unban(theirid, function(err, result) {
|
||||||
socket.emit('event:alert', {
|
socket.emit('event:alert', {
|
||||||
|
|||||||
@@ -8,10 +8,22 @@ var Groups = require('./groups'),
|
|||||||
CategoryTools.privileges = function(cid, uid, callback) {
|
CategoryTools.privileges = function(cid, uid, callback) {
|
||||||
async.parallel({
|
async.parallel({
|
||||||
"+r": function(next) {
|
"+r": function(next) {
|
||||||
Groups.isMemberByGroupName(uid, 'cid:' + cid + ':privileges:+r', next);
|
Groups.exists('cid:' + cid + ':privileges:+r', function(err, exists) {
|
||||||
|
if (exists) {
|
||||||
|
Groups.isMemberByGroupName(uid, 'cid:' + cid + ':privileges:+r', next);
|
||||||
|
} else {
|
||||||
|
next(null, true);
|
||||||
|
}
|
||||||
|
});
|
||||||
},
|
},
|
||||||
"+w": function(next) {
|
"+w": function(next) {
|
||||||
Groups.isMemberByGroupName(uid, 'cid:' + cid + ':privileges:+w', next);
|
Groups.exists('cid:' + cid + ':privileges:+w', function(err, exists) {
|
||||||
|
if (exists) {
|
||||||
|
Groups.isMemberByGroupName(uid, 'cid:' + cid + ':privileges:+w', next);
|
||||||
|
} else {
|
||||||
|
next(null, true);
|
||||||
|
}
|
||||||
|
});
|
||||||
},
|
},
|
||||||
moderator: function(next) {
|
moderator: function(next) {
|
||||||
User.isModerator(uid, cid, next);
|
User.isModerator(uid, cid, next);
|
||||||
|
|||||||
@@ -63,12 +63,24 @@
|
|||||||
});
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
|
Groups.isDeleted = function(gid, callback) {
|
||||||
|
RDB.hget('gid:' + gid, 'deleted', function(err, deleted) {
|
||||||
|
callback(err, deleted === '1');
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
Groups.getGidFromName = function(name, callback) {
|
Groups.getGidFromName = function(name, callback) {
|
||||||
RDB.hget('group:gid', name, callback);
|
RDB.hget('group:gid', name, callback);
|
||||||
};
|
};
|
||||||
|
|
||||||
Groups.isMember = function(uid, gid, callback) {
|
Groups.isMember = function(uid, gid, callback) {
|
||||||
RDB.sismember('gid:' + gid + ':members', uid, callback);
|
Groups.isDeleted(gid, function(err, deleted) {
|
||||||
|
if (!deleted) {
|
||||||
|
RDB.sismember('gid:' + gid + ':members', uid, callback);
|
||||||
|
} else {
|
||||||
|
callback(err, false);
|
||||||
|
}
|
||||||
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
Groups.isMemberByGroupName = function(uid, groupName, callback) {
|
Groups.isMemberByGroupName = function(uid, groupName, callback) {
|
||||||
@@ -84,7 +96,18 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
Groups.exists = function(name, callback) {
|
Groups.exists = function(name, callback) {
|
||||||
RDB.hexists('group:gid', name, callback);
|
async.parallel({
|
||||||
|
exists: function(next) {
|
||||||
|
RDB.hexists('group:gid', name, next);
|
||||||
|
},
|
||||||
|
deleted: function(next) {
|
||||||
|
Groups.getGidFromName(name, function(err, gid) {
|
||||||
|
Groups.isDeleted(gid, next);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}, function(err, results) {
|
||||||
|
callback(err, !results ? null : (results.exists && !results.deleted));
|
||||||
|
});
|
||||||
};
|
};
|
||||||
|
|
||||||
Groups.create = function(name, description, callback) {
|
Groups.create = function(name, description, callback) {
|
||||||
|
|||||||
@@ -13,7 +13,7 @@ var user = require('./../user.js'),
|
|||||||
|
|
||||||
(function (Admin) {
|
(function (Admin) {
|
||||||
Admin.isAdmin = function (req, res, next) {
|
Admin.isAdmin = function (req, res, next) {
|
||||||
user.isAdministrator((req.user && req.user.uid) ? req.user.uid : 0, function (isAdmin) {
|
user.isAdministrator((req.user && req.user.uid) ? req.user.uid : 0, function (err, isAdmin) {
|
||||||
if (!isAdmin) res.redirect('/403');
|
if (!isAdmin) res.redirect('/403');
|
||||||
else next();
|
else next();
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -1,12 +1,14 @@
|
|||||||
var user = require('./../user.js'),
|
var user = require('../user'),
|
||||||
auth = require('./authentication.js'),
|
auth = require('./authentication'),
|
||||||
topics = require('./../topics.js'),
|
topics = require('../topics'),
|
||||||
posts = require('./../posts.js'),
|
posts = require('../posts'),
|
||||||
categories = require('./../categories.js'),
|
categories = require('../categories'),
|
||||||
|
CategoryTools = require('../categoryTools')
|
||||||
Groups = require('../groups'),
|
Groups = require('../groups'),
|
||||||
utils = require('./../../public/src/utils.js'),
|
utils = require('../../public/src/utils'),
|
||||||
pkg = require('../../package.json'),
|
pkg = require('../../package.json'),
|
||||||
meta = require('./../meta.js'),
|
meta = require('../meta'),
|
||||||
|
|
||||||
path = require('path'),
|
path = require('path'),
|
||||||
nconf = require('nconf'),
|
nconf = require('nconf'),
|
||||||
async = require('async');
|
async = require('async');
|
||||||
@@ -129,27 +131,15 @@ var user = require('./../user.js'),
|
|||||||
app.get('/category/:id/:slug?', function (req, res, next) {
|
app.get('/category/:id/:slug?', function (req, res, next) {
|
||||||
var uid = (req.user) ? req.user.uid : 0;
|
var uid = (req.user) ? req.user.uid : 0;
|
||||||
|
|
||||||
// Category Whitelisting (support for "-r" to come later)
|
// Category Whitelisting
|
||||||
var whitelistReadKey = 'cid:' + req.params.id + ':privileges:+r',
|
CategoryTools.privileges(req.params.id, uid, function(err, privileges) {
|
||||||
success = function() {
|
if (!err && privileges.read) {
|
||||||
categories.getCategoryById(req.params.id, uid, function (err, data) {
|
categories.getCategoryById(req.params.id, uid, function (err, data) {
|
||||||
if (!err && data && data.disabled === "0")
|
if (!err && data && data.disabled === "0")
|
||||||
res.json(data);
|
res.json(data);
|
||||||
else
|
else
|
||||||
next();
|
next();
|
||||||
}, req.params.id, uid);
|
}, req.params.id, uid);
|
||||||
};
|
|
||||||
Groups.exists(whitelistReadKey, function(err, exists) {
|
|
||||||
if (!err && exists) {
|
|
||||||
Groups.isMemberByGroupName(uid, whitelistReadKey, function(err, isMember) {
|
|
||||||
if (!err && isMember) {
|
|
||||||
success();
|
|
||||||
} else {
|
|
||||||
res.send(403);
|
|
||||||
}
|
|
||||||
});
|
|
||||||
} else if (!err && !exists) {
|
|
||||||
success();
|
|
||||||
} else {
|
} else {
|
||||||
res.send(403);
|
res.send(403);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -338,7 +338,7 @@ var bcrypt = require('bcrypt'),
|
|||||||
|
|
||||||
function iterator(uid, callback) {
|
function iterator(uid, callback) {
|
||||||
User.getUserData(uid, function(err, userData) {
|
User.getUserData(uid, function(err, userData) {
|
||||||
User.isAdministrator(uid, function(isAdmin) {
|
User.isAdministrator(uid, function(err, isAdmin) {
|
||||||
if (userData) {
|
if (userData) {
|
||||||
userData.administrator = isAdmin?"1":"0";
|
userData.administrator = isAdmin?"1":"0";
|
||||||
data.push(userData);
|
data.push(userData);
|
||||||
|
|||||||
@@ -106,7 +106,7 @@ var path = require('path'),
|
|||||||
uid = options.req.user.uid;
|
uid = options.req.user.uid;
|
||||||
}
|
}
|
||||||
|
|
||||||
user.isAdministrator(uid, function(isAdmin) {
|
user.isAdministrator(uid, function(err, isAdmin) {
|
||||||
templateValues.adminDisplay = isAdmin ? 'show' : 'hide';
|
templateValues.adminDisplay = isAdmin ? 'show' : 'hide';
|
||||||
|
|
||||||
translator.translate(templates.header.parse(templateValues), function(template) {
|
translator.translate(templates.header.parse(templateValues), function(template) {
|
||||||
|
|||||||
Reference in New Issue
Block a user