nodebb/src/privileges/categories.js


'use strict';

const _ = require('lodash');

const categories = require('../categories');
const user = require('../user');
const groups = require('../groups');
const helpers = require('./helpers');
const plugins = require('../plugins');
const utils = require('../utils');

module.exports = function (privileges) {
	privileges.categories = {};

	// Method used in admin/category controller to show all users/groups with privs in that given cid
	privileges.categories.list = async function (cid) {
		async function getLabels() {
			return await utils.promiseParallel({
				users: plugins.fireHook('filter:privileges.list_human', privileges.privilegeLabels.slice()),
				groups: plugins.fireHook('filter:privileges.groups.list_human', privileges.privilegeLabels.slice()),
			});
		}

		const payload = await utils.promiseParallel({
			labels: getLabels(),
			users: helpers.getUserPrivileges(cid, 'filter:privileges.list', privileges.userPrivilegeList),
			groups: helpers.getGroupPrivileges(cid, 'filter:privileges.groups.list', privileges.groupPrivilegeList),
		});

		// This is a hack because I can't do {labels.users.length} to echo the count in templates.js
		payload.columnCountUser = payload.labels.users.length + 2;
		payload.columnCountUserOther = payload.labels.users.length - privileges.privilegeLabels.length;
		payload.columnCountGroup = payload.labels.groups.length + 2;
		payload.columnCountGroupOther = payload.labels.groups.length - privileges.privilegeLabels.length;
		return payload;
	};

	privileges.categories.get = async function (cid, uid) {
		const privs = ['topics:create', 'topics:read', 'topics:tag', 'read'];

		const [userPrivileges, isAdministrator, isModerator] = await Promise.all([
			helpers.isUserAllowedTo(privs, uid, cid),
			user.isAdministrator(uid),
			user.isModerator(uid, cid),
		]);

		const privData = _.zipObject(privs, userPrivileges);
		const isAdminOrMod = isAdministrator || isModerator;

		return await plugins.fireHook('filter:privileges.categories.get', {
			'topics:create': privData['topics:create'] || isAdministrator,
			'topics:read': privData['topics:read'] || isAdministrator,
			'topics:tag': privData['topics:tag'] || isAdministrator,
			read: privData.read || isAdministrator,
			cid: cid,
			uid: uid,
			editable: isAdminOrMod,
			view_deleted: isAdminOrMod,
			isAdminOrMod: isAdminOrMod,
		});
	};

	privileges.categories.isAdminOrMod = async function (cid, uid) {
		if (parseInt(uid, 10) <= 0) {
			return false;
		}
		const [isAdmin, isMod] = await Promise.all([
			user.isAdministrator(uid),
			user.isModerator(uid, cid),
		]);
		return isAdmin || isMod;
	};

	privileges.categories.isUserAllowedTo = async function (privilege, cid, uid) {
		if (!cid) {
			return false;
		}
		const results = await helpers.isUserAllowedTo(privilege, uid, Array.isArray(cid) ? cid : [cid]);

		if (Array.isArray(results) && results.length) {
			return Array.isArray(cid) ? results : results[0];
		}
		return false;
	};

	privileges.categories.can = async function (privilege, cid, uid) {
		if (!cid) {
			return false;
		}
		const [disabled, isAdmin, isAllowed] = await Promise.all([
			categories.getCategoryField(cid, 'disabled'),
			user.isAdministrator(uid),
			privileges.categories.isUserAllowedTo(privilege, cid, uid),
		]);
		return !disabled && (isAllowed || isAdmin);
	};

	privileges.categories.filterCids = async function (privilege, cids, uid) {
		if (!Array.isArray(cids) || !cids.length) {
			return [];
		}

		cids = _.uniq(cids);
		const results = await privileges.categories.getBase(privilege, cids, uid);
		return cids.filter((cid, index) => !!cid && !results.categories[index].disabled && (results.allowedTo[index] || results.isAdmin));
	};

	privileges.categories.getBase = async function (privilege, cids, uid) {
		return await utils.promiseParallel({
			categories: categories.getCategoriesFields(cids, ['disabled']),
			allowedTo: helpers.isUserAllowedTo(privilege, uid, cids),
			view_deleted: helpers.isUserAllowedTo('posts:view_deleted', uid, cids),
			isAdmin: user.isAdministrator(uid),
		});
	};

	privileges.categories.filterUids = async function (privilege, cid, uids) {
		if (!uids.length) {
			return [];
		}

		uids = _.uniq(uids);

		const [allowedTo, isAdmins] = await Promise.all([
			helpers.isUsersAllowedTo(privilege, uids, cid),
			user.isAdministrator(uids),
		]);
		return uids.filter((uid, index) => allowedTo[index] || isAdmins[index]);
	};

	privileges.categories.give = async function (privileges, cid, groupName) {
		await helpers.giveOrRescind(groups.join, privileges, cid, groupName);
	};

	privileges.categories.rescind = async function (privileges, cid, groupName) {
		await helpers.giveOrRescind(groups.leave, privileges, cid, groupName);
	};

	privileges.categories.canMoveAllTopics = async function (currentCid, targetCid, uid) {
		const [isAdmin, isModerators] = await Promise.all([
			user.isAdministrator(uid),
			user.isModerator(uid, [currentCid, targetCid]),
		]);
		return isAdmin || !isModerators.includes(false);
	};

	privileges.categories.userPrivileges = async function (cid, uid) {
		const tasks = {};
		privileges.userPrivilegeList.forEach(function (privilege) {
			tasks[privilege] = groups.isMember(uid, 'cid:' + cid + ':privileges:' + privilege);
		});
		return await utils.promiseParallel(tasks);
	};

	privileges.categories.groupPrivileges = async function (cid, groupName) {
		const tasks = {};
		privileges.groupPrivilegeList.forEach(function (privilege) {
			tasks[privilege] = groups.isMember(groupName, 'cid:' + cid + ':privileges:' + privilege);
		});
		return await utils.promiseParallel(tasks);
	};
};
more work on #1518 still needs more work, category is next 11 years ago
			`'use strict';`

feat: #7743, privileges 6 years ago			`const _ = require('lodash');`
more work on #1518 still needs more work, category is next 11 years ago
feat: #7743, privileges 6 years ago			`const categories = require('../categories');`
			`const user = require('../user');`
			`const groups = require('../groups');`
			`const helpers = require('./helpers');`
			`const plugins = require('../plugins');`
			`const utils = require('../utils');`
more work on #1518 still needs more work, category is next 11 years ago
Fix space-before-function-paren linter rule 9 years ago			`module.exports = function (privileges) {`
more work on #1518 still needs more work, category is next 11 years ago			`privileges.categories = {};`

feat: #7743, privileges 6 years ago			`// Method used in admin/category controller to show all users/groups with privs in that given cid`
			`privileges.categories.list = async function (cid) {`
			`async function getLabels() {`
			`return await utils.promiseParallel({`
			`users: plugins.fireHook('filter:privileges.list_human', privileges.privilegeLabels.slice()),`
			`groups: plugins.fireHook('filter:privileges.groups.list_human', privileges.privilegeLabels.slice()),`
			`});`
			`}`

			`const payload = await utils.promiseParallel({`
			`labels: getLabels(),`
			`users: helpers.getUserPrivileges(cid, 'filter:privileges.list', privileges.userPrivilegeList),`
			`groups: helpers.getGroupPrivileges(cid, 'filter:privileges.groups.list', privileges.groupPrivilegeList),`
			`});`

			`// This is a hack because I can't do {labels.users.length} to echo the count in templates.js`
			`payload.columnCountUser = payload.labels.users.length + 2;`
			`payload.columnCountUserOther = payload.labels.users.length - privileges.privilegeLabels.length;`
			`payload.columnCountGroup = payload.labels.groups.length + 2;`
			`payload.columnCountGroupOther = payload.labels.groups.length - privileges.privilegeLabels.length;`
			`return payload;`
a huge frickin' number of changes for #2887. This is part of #2463 10 years ago			`};`

feat: #7743, privileges 6 years ago			`privileges.categories.get = async function (cid, uid) {`
			`const privs = ['topics:create', 'topics:read', 'topics:tag', 'read'];`

			`const [userPrivileges, isAdministrator, isModerator] = await Promise.all([`
			`helpers.isUserAllowedTo(privs, uid, cid),`
			`user.isAdministrator(uid),`
			`user.isModerator(uid, cid),`
			`]);`

			`const privData = _.zipObject(privs, userPrivileges);`
			`const isAdminOrMod = isAdministrator \|\| isModerator;`

			`return await plugins.fireHook('filter:privileges.categories.get', {`
			`'topics:create': privData['topics:create'] \|\| isAdministrator,`
			`'topics:read': privData['topics:read'] \|\| isAdministrator,`
			`'topics:tag': privData['topics:tag'] \|\| isAdministrator,`
			`read: privData.read \|\| isAdministrator,`
			`cid: cid,`
			`uid: uid,`
			`editable: isAdminOrMod,`
			`view_deleted: isAdminOrMod,`
			`isAdminOrMod: isAdminOrMod,`
			`});`
closes #1518 11 years ago			`};`

feat: #7743, privileges 6 years ago			`privileges.categories.isAdminOrMod = async function (cid, uid) {`
misc fixes handle spider uids properly 6 years ago			`if (parseInt(uid, 10) <= 0) {`
feat: #7743, privileges 6 years ago			`return false;`
closes https://github.com/NodeBB/nodebb-theme-persona/issues/181 10 years ago			`}`
feat: #7743, privileges 6 years ago			`const [isAdmin, isMod] = await Promise.all([`
			`user.isAdministrator(uid),`
			`user.isModerator(uid, cid),`
			`]);`
			`return isAdmin \|\| isMod;`
privilege fixes 10 years ago			`};`

feat: #7743, privileges 6 years ago			`privileges.categories.isUserAllowedTo = async function (privilege, cid, uid) {`
closes #2330 10 years ago			`if (!cid) {`
feat: #7743, privileges 6 years ago			`return false;`
closes #2330 10 years ago			`}`
feat: #7743, privileges 6 years ago			`const results = await helpers.isUserAllowedTo(privilege, uid, Array.isArray(cid) ? cid : [cid]);`

			`if (Array.isArray(results) && results.length) {`
			`return Array.isArray(cid) ? results : results[0];`
feat: allow array results 6 years ago			`}`
feat: #7743, privileges 6 years ago			`return false;`
closes #2330 10 years ago			`};`

feat: #7743, privileges 6 years ago			`privileges.categories.can = async function (privilege, cid, uid) {`
api/post/pid route 10 years ago			`if (!cid) {`
feat: #7743, privileges 6 years ago			`return false;`
api/post/pid route 10 years ago			`}`
feat: #7743, privileges 6 years ago			`const [disabled, isAdmin, isAllowed] = await Promise.all([`
			`categories.getCategoryField(cid, 'disabled'),`
			`user.isAdministrator(uid),`
			`privileges.categories.isUserAllowedTo(privilege, cid, uid),`
			`]);`
			`return !disabled && (isAllowed \|\| isAdmin);`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`};`

feat: #7743, privileges 6 years ago			`privileges.categories.filterCids = async function (privilege, cids, uid) {`
fix moderators 10 years ago			`if (!Array.isArray(cids) \|\| !cids.length) {`
feat: #7743, privileges 6 years ago			`return [];`
early outs for privs no need to check if empty array is passed in, happens if there are no unread topics remove dupe cids before checking for privileges 11 years ago			`}`

use _.uniq 8 years ago			`cids = _.uniq(cids);`
feat: #7743, privileges 6 years ago			`const results = await privileges.categories.getBase(privilege, cids, uid);`
properly filter /unread /recent /popular /top (#7927) * feat: add failing test for pagination * feat: test * fix: redis tests * refactor: remove logs * fix: add new test * feat: make sortedSetRangeByScore work with keys on redis * fix: hardcoded set name * feat: show topics from readable categories on recent/popular/top * feat: rewrite unread topics respect watched categories and followed topics * fix: term + watched 6 years ago			`return cids.filter((cid, index) => !!cid && !results.categories[index].disabled && (results.allowedTo[index] \|\| results.isAdmin));`
closes #4499 9 years ago			`};`

feat: #7743, privileges 6 years ago			`privileges.categories.getBase = async function (privilege, cids, uid) {`
			`return await utils.promiseParallel({`
			`categories: categories.getCategoriesFields(cids, ['disabled']),`
			`allowedTo: helpers.isUserAllowedTo(privilege, uid, cids),`
fix: use view_deleted when filtering, closes #8137 5 years ago			`view_deleted: helpers.isUserAllowedTo('posts:view_deleted', uid, cids),`
feat: #7743, privileges 6 years ago			`isAdmin: user.isAdministrator(uid),`
			`});`
added new privilege "find", added guest meta group, closed #1282 11 years ago			`};`

feat: #7743, privileges 6 years ago			`privileges.categories.filterUids = async function (privilege, cid, uids) {`
added filterUids method to privileges used to filter uids on a single category 11 years ago			`if (!uids.length) {`
feat: #7743, privileges 6 years ago			`return [];`
added filterUids method to privileges used to filter uids on a single category 11 years ago			`}`

switch .filter to uniq 8 years ago			`uids = _.uniq(uids);`
partially revert https://github.com/NodeBB/NodeBB/commit/fa9f1ac7fe26462febda07189203365e984a146d extending module.exports instead of overwriting fixes the issue 9 years ago
feat: #7743, privileges 6 years ago			`const [allowedTo, isAdmins] = await Promise.all([`
			`helpers.isUsersAllowedTo(privilege, uids, cid),`
			`user.isAdministrator(uids),`
			`]);`
			`return uids.filter((uid, index) => allowedTo[index] \|\| isAdmins[index]);`
added filterUids method to privileges used to filter uids on a single category 11 years ago			`};`

feat: #7743, privileges 6 years ago			`privileges.categories.give = async function (privileges, cid, groupName) {`
			`await helpers.giveOrRescind(groups.join, privileges, cid, groupName);`
on category creation give defaults privs to admins and registered users 10 years ago			`};`

feat: #7743, privileges 6 years ago			`privileges.categories.rescind = async function (privileges, cid, groupName) {`
			`await helpers.giveOrRescind(groups.leave, privileges, cid, groupName);`
remove dupe 10 years ago			`};`

feat: #7743, privileges 6 years ago			`privileges.categories.canMoveAllTopics = async function (currentCid, targetCid, uid) {`
			`const [isAdmin, isModerators] = await Promise.all([`
			`user.isAdministrator(uid),`
			`user.isModerator(uid, [currentCid, targetCid]),`
			`]);`
			`return isAdmin \|\| !isModerators.includes(false);`
closes #1518 11 years ago			`};`

feat: #7743, privileges 6 years ago			`privileges.categories.userPrivileges = async function (cid, uid) {`
			`const tasks = {};`
refactor userPrivileges and groupPrivileges 8 years ago			`privileges.userPrivilegeList.forEach(function (privilege) {`
feat: #7743, privileges 6 years ago			`tasks[privilege] = groups.isMember(uid, 'cid:' + cid + ':privileges:' + privilege);`
refactor userPrivileges and groupPrivileges 8 years ago			`});`
feat: #7743, privileges 6 years ago			`return await utils.promiseParallel(tasks);`
closes #1518 11 years ago			`};`

feat: #7743, privileges 6 years ago			`privileges.categories.groupPrivileges = async function (cid, groupName) {`
			`const tasks = {};`
refactor userPrivileges and groupPrivileges 8 years ago			`privileges.groupPrivilegeList.forEach(function (privilege) {`
feat: #7743, privileges 6 years ago			`tasks[privilege] = groups.isMember(groupName, 'cid:' + cid + ':privileges:' + privilege);`
refactor userPrivileges and groupPrivileges 8 years ago			`});`
feat: #7743, privileges 6 years ago			`return await utils.promiseParallel(tasks);`
closes #1518 11 years ago			`};`
ESlint eol-last 8 years ago			`};`