improve helpers.isUserAllowedTo

ability to pass in an array of privileges and a single cid
8 years ago · 07852862f5
parent a42d8c5be2
commit 07852862f5
3 changed files with 75 additions and 34 deletions
--- a/src/privileges/categories.js
+++ b/src/privileges/categories.js
@ -157,15 +157,10 @@ module.exports = function(privileges) {
 	};

 	privileges.categories.get = function(cid, uid, callback) {
+		var privs = ['topics:create', 'topics:read', 'read'];
 		async.parallel({
-			'topics:create': function(next) {
-				helpers.isUserAllowedTo('topics:create', uid, [cid], next);
-			},
-			'topics:read': function(next) {
-				helpers.isUserAllowedTo('topics:read', uid, [cid], next);
-			},
-			read: function(next) {
-				helpers.isUserAllowedTo('read', uid, [cid], next);
+			privileges: function(next) {
+				helpers.isUserAllowedTo(privs, uid, cid, next);
 			},
 			isAdministrator: function(next) {
 				user.isAdministrator(uid, next);
@ -177,17 +172,17 @@ module.exports = function(privileges) {
 			if (err) {
 				return callback(err);
 			}
-
+			var privData = _.object(privs, results.privileges);
 			var isAdminOrMod = results.isAdministrator || results.isModerator;

 			plugins.fireHook('filter:privileges.categories.get', {
+				'topics:create': privData['topics:create'] || isAdminOrMod,
+				'topics:read': privData['topics:read'] || isAdminOrMod,
+				read: privData.read || isAdminOrMod,
 				cid: cid,
 				uid: uid,
-				'topics:create': results['topics:create'][0] || isAdminOrMod,
-				'topics:read': results['topics:read'][0] || isAdminOrMod,
 				editable: isAdminOrMod,
 				view_deleted: isAdminOrMod,
-				read: results.read[0] || isAdminOrMod,
 				isAdminOrMod: isAdminOrMod
 			}, callback);
 		});
--- a/src/privileges/helpers.js
+++ b/src/privileges/helpers.js
@ -16,9 +16,19 @@ helpers.some = function(tasks, callback) {
 	});
 };

-helpers.isUserAllowedTo = function(privilege, uid, cids, callback) {
+helpers.isUserAllowedTo = function(privilege, uid, cid, callback) {
+	if (Array.isArray(privilege) && !Array.isArray(cid)) {
+		isUserAllowedToPrivileges(privilege, uid, cid, callback);
+	} else if (Array.isArray(cid) && !Array.isArray(privilege)) {
+		isUserAllowedToCids(privilege, uid, cid, callback);
+	} else {
+		return callback(new Error('[[error:invalid-data]]'));
+	}
+};
+
+function isUserAllowedToCids(privilege, uid, cids, callback) {
 	if (parseInt(uid, 10) === 0) {
-		return isGuestAllowedTo(privilege, cids, callback);
+		return isGuestAllowedToCids(privilege, cids, callback);
 	}

 	var userKeys = [], groupKeys = [];
@ -46,7 +56,40 @@ helpers.isUserAllowedTo = function(privilege, uid, cids, callback) {

 		callback(null, result);
 	});
-};
+}
+
+function isUserAllowedToPrivileges(privileges, uid, cid, callback) {
+	if (parseInt(uid, 10) === 0) {
+		return isGuestAllowedToPrivileges(privileges, cid, callback);
+	}
+
+	var userKeys = [], groupKeys = [];
+	for (var i=0; i<privileges.length; ++i) {
+		userKeys.push('cid:' + cid + ':privileges:' + privileges[i]);
+		groupKeys.push('cid:' + cid + ':privileges:groups:' + privileges[i]);
+	}
+
+	async.parallel({
+		hasUserPrivilege: function(next) {
+			groups.isMemberOfGroups(uid, userKeys, next);
+		},
+		hasGroupPrivilege: function(next) {
+			groups.isMemberOfGroupsList(uid, groupKeys, next);
+		}
+	}, function(err, results) {
+		if (err) {
+			return callback(err);
+		}
+
+		var result = [];
+		for (var i=0; i<privileges.length; ++i) {
+			result.push(results.hasUserPrivilege[i] || results.hasGroupPrivilege[i]);
+		}
+
+		callback(null, result);
+	});
+}
+

 helpers.isUsersAllowedTo = function(privilege, uids, cid, callback) {
 	async.parallel({
@ -70,7 +113,7 @@ helpers.isUsersAllowedTo = function(privilege, uids, cid, callback) {
 	});
 };

-function isGuestAllowedTo(privilege, cids, callback) {
+function isGuestAllowedToCids(privilege, cids, callback) {
 	var groupKeys = [];
 	for (var i=0; i<cids.length; ++i) {
 		groupKeys.push('cid:' + cids[i] + ':privileges:groups:' + privilege);
@ -79,5 +122,13 @@ function isGuestAllowedTo(privilege, cids, callback) {
 	groups.isMemberOfGroups('guests', groupKeys, callback);
 }

+function isGuestAllowedToPrivileges(privileges, cid, callback) {
+	var groupKeys = [];
+	for (var i=0; i<privileges.length; ++i) {
+		groupKeys.push('cid:' + cid + ':privileges:groups:' + privileges[i]);
+	}
+
+	groups.isMemberOfGroups('guests', groupKeys, callback);
+}

 module.exports = helpers;
--- a/src/privileges/topics.js
+++ b/src/privileges/topics.js
@ -2,6 +2,7 @@
 'use strict';

 var async = require('async');
+var _ = require('underscore');

 var meta = require('../meta');
 var topics = require('../topics');
@ -16,20 +17,13 @@ module.exports = function(privileges) {

 	privileges.topics.get = function(tid, uid, callback) {
 		var topic;
+		var privs = ['topics:reply', 'topics:read', 'topics:delete', 'posts:edit', 'posts:delete', 'read'];
 		async.waterfall([
 			async.apply(topics.getTopicFields, tid, ['cid', 'uid', 'locked', 'deleted']),
 			function(_topic, next) {
 				topic = _topic;
 				async.parallel({
-					'topics:reply': async.apply(helpers.isUserAllowedTo, 'topics:reply', uid, [topic.cid]),
-					'topics:read': async.apply(helpers.isUserAllowedTo, 'topics:read', uid, [topic.cid]),
-					'topics:delete': async.apply(helpers.isUserAllowedTo, 'topics:delete', uid, [topic.cid]),
-					'posts:edit': async.apply(helpers.isUserAllowedTo, 'posts:edit', uid, [topic.cid]),
-					'posts:delete': async.apply(helpers.isUserAllowedTo, 'posts:delete', uid, [topic.cid]),
-					read: async.apply(helpers.isUserAllowedTo, 'read', uid, [topic.cid]),
-					isOwner: function(next) {
-						next(null, !!parseInt(uid, 10) && parseInt(uid, 10) === parseInt(topic.uid, 10));
-					},
+					privileges: async.apply(helpers.isUserAllowedTo, privs, uid, topic.cid),
 					isAdministrator: async.apply(user.isAdministrator, uid),
 					isModerator: async.apply(user.isModerator, uid, topic.cid),
 					disabled: async.apply(categories.getCategoryField, topic.cid, 'disabled')
@ -40,25 +34,26 @@ module.exports = function(privileges) {
 				return callback(err);
 			}

+			var privData = _.object(privs, results.privileges);
 			var disabled = parseInt(results.disabled, 10) === 1;
 			var locked = parseInt(topic.locked, 10) === 1;
 			var deleted = parseInt(topic.deleted, 10) === 1;
-
+			var isOwner = !!parseInt(uid, 10) && parseInt(uid, 10) === parseInt(topic.uid, 10);
 			var isAdminOrMod = results.isAdministrator || results.isModerator;
 			var editable = isAdminOrMod;
-			var deletable = isAdminOrMod || (results.isOwner && results['topics:delete'][0]);
+			var deletable = isAdminOrMod || (isOwner && privData['topics:delete']);

 			plugins.fireHook('filter:privileges.topics.get', {
-				'topics:reply': (results['topics:reply'][0] && !locked && !deleted) || isAdminOrMod,
-				'topics:read': results['topics:read'][0] || isAdminOrMod,
-				'topics:delete': (results.isOwner && results['topics:delete'][0]) || isAdminOrMod,
-				'posts:edit': (results['posts:edit'][0] && !locked) || isAdminOrMod,
-				'posts:delete': (results['posts:delete'][0] && !locked) || isAdminOrMod,
-				read: results.read[0] || isAdminOrMod,
+				'topics:reply': (privData['topics:reply'] && !locked && !deleted) || isAdminOrMod,
+				'topics:read': privData['topics:read'] || isAdminOrMod,
+				'topics:delete': (isOwner && privData['topics:delete']) || isAdminOrMod,
+				'posts:edit': (privData['posts:edit'] && !locked) || isAdminOrMod,
+				'posts:delete': (privData['posts:delete'] && !locked) || isAdminOrMod,
+				read: privData.read || isAdminOrMod,
 				view_thread_tools: editable || deletable,
 				editable: editable,
 				deletable: deletable,
-				view_deleted: isAdminOrMod || results.isOwner,
+				view_deleted: isAdminOrMod || isOwner,
 				isAdminOrMod: isAdminOrMod,
 				disabled: disabled,
 				tid: tid,