hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: limit privileges column to superadmins only

Browse Source
v1.18.x
Julian Lam 5 years ago
parent 9500871e47
commit 0903eb4b8c
3 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File

2
src/controllers/admin/privileges.js
Unescape Escape View File

@ -17,7 +17,7 @@ privilegesController.get = async function (req, res) {
} }
const [privilegesData, categoriesData] = await Promise.all([ const [privilegesData, categoriesData] = await Promise.all([
method(), method(isAdminPriv ? req.uid : undefined),
categories.buildForSelectAll(), categories.buildForSelectAll(),
]); ]);

24
src/privileges/admin.js
Unescape Escape View File

@ -42,7 +42,7 @@ module.exports = function (privileges) {
}; };
privileges.admin.routeRegexpMap = { privileges.admin.routeRegexpMap = {
'^manage/categories/\\d+': 'admin:categories', '^manage/categories/\\d+': 'admin:categories',
'^manage/privileges/\\d+': 'admin:privileges', '^manage/privileges/(\\d+|admin)': 'admin:privileges',
'^settings/[\\w\\-]+$': 'admin:settings', '^settings/[\\w\\-]+$': 'admin:settings',
'^appearance/[\\w]+$': 'admin:settings', '^appearance/[\\w]+$': 'admin:settings',
'^plugins/[\\w\\-]+$': 'admin:settings', '^plugins/[\\w\\-]+$': 'admin:settings',
@ -110,17 +110,29 @@ module.exports = function (privileges) {
return privilege; return privilege;
}; };
privileges.admin.list = async function () { privileges.admin.list = async function (uid) {
const privilegeLabels = privileges.admin.privilegeLabels.slice();
const userPrivilegeList = privileges.admin.userPrivilegeList.slice();
const groupPrivilegeList = privileges.admin.groupPrivilegeList.slice();
// Restrict privileges column to superadmins
if (!(await user.isAdministrator(uid))) {
const idx = privileges.admin.userPrivilegeList.indexOf('admin:privileges');
privilegeLabels.splice(idx, 1);
userPrivilegeList.splice(idx, 1);
groupPrivilegeList.splice(idx, 1);
}
async function getLabels() { async function getLabels() {
return await utils.promiseParallel({ return await utils.promiseParallel({
users: plugins.fireHook('filter:privileges.admin.list_human', privileges.admin.privilegeLabels.slice()), users: plugins.fireHook('filter:privileges.admin.list_human', privilegeLabels.slice()),
groups: plugins.fireHook('filter:privileges.admin.groups.list_human', privileges.admin.privilegeLabels.slice()), groups: plugins.fireHook('filter:privileges.admin.groups.list_human', privilegeLabels.slice()),
}); });
} }
const keys = await utils.promiseParallel({ const keys = await utils.promiseParallel({
users: plugins.fireHook('filter:privileges.admin.list', privileges.admin.userPrivilegeList.slice()), users: plugins.fireHook('filter:privileges.admin.list', userPrivilegeList.slice()),
groups: plugins.fireHook('filter:privileges.admin.groups.list', privileges.admin.groupPrivilegeList.slice()), groups: plugins.fireHook('filter:privileges.admin.groups.list', groupPrivilegeList.slice()),
}); });
const payload = await utils.promiseParallel({ const payload = await utils.promiseParallel({

2
src/socket.io/admin/categories.js
Unescape Escape View File

@ -85,7 +85,7 @@ Categories.setPrivilege = async function (socket, data) {
Categories.getPrivilegeSettings = async function (socket, cid) { Categories.getPrivilegeSettings = async function (socket, cid) {
if (cid === 'admin') { if (cid === 'admin') {
return await privileges.admin.list(); return await privileges.admin.list(socket.uid);
} else if (!parseInt(cid, 10)) { } else if (!parseInt(cid, 10)) {
return await privileges.global.list(); return await privileges.global.list();
} }

Write Preview
Loading…
Cancel
Save