diff --git a/src/categories/index.js b/src/categories/index.js index 81f98e2009..b5ae7cf056 100644 --- a/src/categories/index.js +++ b/src/categories/index.js @@ -9,6 +9,7 @@ const groups = require('../groups'); const plugins = require('../plugins'); const privileges = require('../privileges'); const cache = require('../cache'); +const meta = require('../meta'); const Categories = module.exports; @@ -175,6 +176,15 @@ Categories.getTagWhitelist = async function (cids) { return cids.map(cid => cachedData[cid]); }; +// remove system tags from tag whitelist for non privileged user +Categories.filterTagWhitelist = function (tagWhitelist, isAdminOrMod) { + const systemTags = (meta.config.systemTags || '').split(','); + if (!isAdminOrMod && systemTags.length) { + return tagWhitelist.filter(tag => !systemTags.includes(tag)); + } + return tagWhitelist; +}; + function calculateTopicPostCount(category) { if (!category) { return; diff --git a/src/controllers/category.js b/src/controllers/category.js index a2449957b1..d233dbb369 100644 --- a/src/controllers/category.js +++ b/src/controllers/category.js @@ -95,6 +95,7 @@ categoryController.get = async function (req, res, next) { } categories.modifyTopicsByPrivilege(categoryData.topics, userPrivileges); + categoryData.tagWhitelist = categories.filterTagWhitelist(categoryData.tagWhitelist, userPrivileges.isAdminOrMod); await buildBreadcrumbs(req, categoryData); if (categoryData.children.length) { diff --git a/src/controllers/topics.js b/src/controllers/topics.js index 5e034b9d3e..a407e089f1 100644 --- a/src/controllers/topics.js +++ b/src/controllers/topics.js @@ -80,6 +80,7 @@ topicsController.get = async function getTopic(req, res, callback) { await topics.getTopicWithPosts(topicData, set, req.uid, start, stop, reverse); topics.modifyPostsByPrivilege(topicData, userPrivileges); + topicData.tagWhitelist = categories.filterTagWhitelist(topicData.tagWhitelist, userPrivileges.isAdminOrMod); topicData.privileges = userPrivileges; topicData.topicStaleDays = meta.config.topicStaleDays;