diff --git a/src/groups.js b/src/groups.js index fde915f448..e1df370074 100644 --- a/src/groups.js +++ b/src/groups.js @@ -65,6 +65,15 @@ isMember: function (uid, gid, callback) { RDB.sismember('gid:' + gid + ':members', uid, callback); }, + isMemberByGroupName: function(uid, groupName, callback) { + this.getGidFromName(groupName, function(err, gid) { + if (err || !gid) { + callback(null, false); + } else { + Groups.isMember(uid, gid, callback); + } + }); + }, exists: function (name, callback) { RDB.hexists('group:gid', name, callback); }, diff --git a/src/routes/api.js b/src/routes/api.js index 5b4e1c5f10..4600e39ab9 100644 --- a/src/routes/api.js +++ b/src/routes/api.js @@ -3,6 +3,7 @@ var user = require('./../user.js'), topics = require('./../topics.js'), posts = require('./../posts.js'), categories = require('./../categories.js'), + Groups = require('../groups'), utils = require('./../../public/src/utils.js'), pkg = require('../../package.json'), meta = require('./../meta.js'), @@ -127,12 +128,26 @@ var user = require('./../user.js'), app.get('/category/:id/:slug?', function (req, res, next) { var uid = (req.user) ? req.user.uid : 0; - categories.getCategoryById(req.params.id, uid, function (err, data) { - if (!err && data && data.disabled === "0") - res.json(data); - else - next(); - }, req.params.id, uid); + + // Category Whitelisting + Groups.exists('category:' + req.params.id + ':whitelist', function(err, exists) { + if (!err && exists) { + Groups.isMember(uid, gid, function(err, isMember) { + if (!err && isMember) { + categories.getCategoryById(req.params.id, uid, function (err, data) { + if (!err && data && data.disabled === "0") + res.json(data); + else + next(); + }, req.params.id, uid); + } else { + res.send(403); + } + }); + } else { + res.send(403); + } + }); }); app.get('/recent/:term?', function (req, res) {