Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-11-02 20:16:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into develop

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2017-08-12 20:37:12 -04:00
parent 27a6b8a713 7ab152e582
commit fc0e5421d6
6 changed files with 60 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.github/CONTRIBUTING.md vendored
View File

@@ -15,7 +15,7 @@ If you are writing contributions as part of employment from another company / in
# Having problems installing NodeBB? # Having problems installing NodeBB?
Chances are somebody has run into this problem before. After consulting our [documentation](https://docs.nodebb.org/en/latest/installing/os.html), please head over to our [community support forum](https://community.nodebb.org) for advice. Chances are somebody has run into this problem before. After consulting our [documentation](https://docs.nodebb.org/installing/os/), please head over to our [community support forum](https://community.nodebb.org) for advice.
# Found a Security Vulnerability? # Found a Security Vulnerability?

2
nodebb
View File

@@ -40,7 +40,7 @@ try {
process.stdout.write( process.stdout.write(
'\x1b[31mNodeBB could not be initialised because there was an error while loading dependencies.\n' + '\x1b[31mNodeBB could not be initialised because there was an error while loading dependencies.\n' +
'Please run "\x1b[33mnpm install --production\x1b[31m" and try again.\x1b[0m\n\n' + 'Please run "\x1b[33mnpm install --production\x1b[31m" and try again.\x1b[0m\n\n' +
'For more information, please see: https://docs.nodebb.org/en/latest/installing/os.html\n\n' 'For more information, please see: https://docs.nodebb.org/installing/os/\n\n'
); );
throw e; throw e;

19
src/controllers/posts.js
View File

@@ -3,6 +3,7 @@
var async = require('async'); var async = require('async');
var posts = require('../posts'); var posts = require('../posts');
var privileges = require('../privileges');
var helpers = require('./helpers'); var helpers = require('./helpers');
var postsController = module.exports; var postsController = module.exports;
@@ -15,13 +16,23 @@ postsController.redirectToPost = function (req, res, next) {
async.waterfall([ async.waterfall([
function (next) { function (next) {
posts.generatePostPath(pid, req.uid, next); async.parallel({
canRead: function (next) {
privileges.posts.can('read', pid, req.uid, next);
},
path: function (next) {
posts.generatePostPath(pid, req.uid, next);
},
}, next);
}, },
function (path, next) { function (results, next) {
if (!path) { if (!results.canRead) {
return helpers.notAllowed(req, res);
}
if (!results.path) {
return next(); return next();
} }
helpers.redirect(res, path); helpers.redirect(res, results.path);
}, },
], next); ], next);
}; };

21
src/groups/membership.js
View File

@@ -251,6 +251,9 @@ module.exports = function (Groups) {
next(); next();
} }
}, },
function (next) {
clearGroupTitleIfSet(groupName, uid, next);
},
function (next) { function (next) {
plugins.fireHook('action:group.leave', { plugins.fireHook('action:group.leave', {
groupName: groupName, groupName: groupName,
@@ -261,6 +264,24 @@ module.exports = function (Groups) {
], callback); ], callback);
}; };
function clearGroupTitleIfSet(groupName, uid, callback) {
if (groupName === 'registered-users' || Groups.isPrivilegeGroup(groupName)) {
return callback();
}
async.waterfall([
function (next) {
db.getObjectField('user:' + uid, 'groupTitle', next);
},
function (groupTitle, next) {
if (groupTitle === groupName) {
db.deleteObjectField('user:' + uid, 'groupTitle', next);
} else {
next();
}
},
], callback);
}
Groups.leaveAllGroups = function (uid, callback) { Groups.leaveAllGroups = function (uid, callback) {
async.waterfall([ async.waterfall([
function (next) { function (next) {

4
src/views/admin/partials/groups/memberlist.tpl
View File

@@ -5,7 +5,7 @@
<table component="groups/members" class="table table-striped table-hover" data-nextstart="{group.membersNextStart}"> <table component="groups/members" class="table table-striped table-hover" data-nextstart="{group.membersNextStart}">
<tbody> <tbody>
<!-- BEGIN members --> <!-- BEGIN group.members -->
<tr data-uid="{group.members.uid}"> <tr data-uid="{group.members.uid}">
<td> <td>
<a href="{config.relative_path}/user/{group.members.userslug}"> <a href="{config.relative_path}/user/{group.members.userslug}">
@@ -32,6 +32,6 @@
<!-- ENDIF group.isOwner --> <!-- ENDIF group.isOwner -->
</td> </td>
</tr> </tr>
<!-- END members --> <!-- END group.members -->
</tbody> </tbody>
</table> </table>

20
test/controllers.js
View File

@@ -1233,6 +1233,15 @@ describe('Controllers', function () {
}); });
describe('post redirect', function () { describe('post redirect', function () {
var jar;
before(function (done) {
helpers.loginUser('foo', 'barbar', function (err, _jar) {
assert.ifError(err);
jar = _jar;
done();
});
});
it('should 404 for invalid pid', function (done) { it('should 404 for invalid pid', function (done) {
request(nconf.get('url') + '/api/post/fail', function (err, res) { request(nconf.get('url') + '/api/post/fail', function (err, res) {
assert.ifError(err); assert.ifError(err);
@@ -1241,6 +1250,17 @@ describe('Controllers', function () {
}); });
}); });
it('should 403 if user does not have read privilege', function (done) {
privileges.categories.rescind(['read'], category.cid, 'registered-users', function (err) {
assert.ifError(err);
request(nconf.get('url') + '/api/post/' + pid, { jar: jar }, function (err, res) {
assert.ifError(err);
assert.equal(res.statusCode, 403);
privileges.categories.give(['read'], category.cid, 'registered-users', done);
});
});
});
it('should return correct post path', function (done) { it('should return correct post path', function (done) {
request(nconf.get('url') + '/api/post/' + pid, { json: true }, function (err, res, body) { request(nconf.get('url') + '/api/post/' + pid, { json: true }, function (err, res, body) {
assert.ifError(err); assert.ifError(err);