Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: checking correct permissions for user search (#8371)

Browse Source 
* fix: checking correct permissions for user search

* fix: missing permissions porperty in openapi /api/search
This commit is contained in:
cryptoethic
2020-06-05 03:27:43 +02:00
committed by GitHub
parent c1d8b9bb5a
commit f6b92d241a
2 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
public/openapi/read.yaml
View File

@@ -4542,6 +4542,13 @@ paths:
type: string type: string
searchDefaultSortBy: searchDefaultSortBy:
type: string type: string
permissions:
type: object
properties:
users:
type: boolean
content:
type: boolean
required: required:
- posts - posts
- matchCount - matchCount
@@ -4556,6 +4563,7 @@ paths:
- showAsTopics - showAsTopics
- title - title
- searchDefaultSortBy - searchDefaultSortBy
- permissions
- $ref: components/schemas/Pagination.yaml#/Pagination - $ref: components/schemas/Pagination.yaml#/Pagination
- $ref: components/schemas/Breadcrumbs.yaml#/Breadcrumbs - $ref: components/schemas/Breadcrumbs.yaml#/Breadcrumbs
- $ref: components/schemas/CommonProps.yaml#/CommonProps - $ref: components/schemas/CommonProps.yaml#/CommonProps

11
src/controllers/search.js
View File

@@ -9,6 +9,7 @@ const search = require('../search');
const categories = require('../categories'); const categories = require('../categories');
const pagination = require('../pagination'); const pagination = require('../pagination');
const privileges = require('../privileges'); const privileges = require('../privileges');
const utils = require('../utils');
const helpers = require('./helpers'); const helpers = require('./helpers');
const searchController = module.exports; const searchController = module.exports;
@@ -21,7 +22,13 @@ searchController.search = async function (req, res, next) {
const searchOnly = parseInt(req.query.searchOnly, 10) === 1; const searchOnly = parseInt(req.query.searchOnly, 10) === 1;
const allowed = await privileges.global.can('search:content', req.uid); const permissions = await utils.promiseParallel({
users: privileges.global.can('search:users', req.uid),
content: privileges.global.can('search:content', req.uid),
});
const allowed = (req.query.in === 'users') ? permissions.users : permissions.content;
if (!allowed) { if (!allowed) {
return helpers.notAllowed(req, res); return helpers.notAllowed(req, res);
} }
@@ -77,6 +84,8 @@ searchController.search = async function (req, res, next) {
searchData.title = '[[global:header.search]]'; searchData.title = '[[global:header.search]]';
searchData.searchDefaultSortBy = meta.config.searchDefaultSortBy || ''; searchData.searchDefaultSortBy = meta.config.searchDefaultSortBy || '';
searchData.permissions = permissions;
res.render('search', searchData); res.render('search', searchData);
}; };