diff --git a/src/privileges/categories.js b/src/privileges/categories.js index d0bde8ced3..6678f5d5aa 100644 --- a/src/privileges/categories.js +++ b/src/privileges/categories.js @@ -155,34 +155,36 @@ module.exports = function (privileges) { privileges.categories.get = function (cid, uid, callback) { var privs = ['topics:create', 'topics:read', 'read']; - async.parallel({ - privileges: function (next) { - helpers.isUserAllowedTo(privs, uid, cid, next); - }, - isAdministrator: function (next) { - user.isAdministrator(uid, next); + async.waterfall([ + function (next) { + async.parallel({ + privileges: function (next) { + helpers.isUserAllowedTo(privs, uid, cid, next); + }, + isAdministrator: function (next) { + user.isAdministrator(uid, next); + }, + isModerator: function (next) { + user.isModerator(uid, cid, next); + }, + }, next); }, - isModerator: function (next) { - user.isModerator(uid, cid, next); + function (results, next) { + var privData = _.object(privs, results.privileges); + var isAdminOrMod = results.isAdministrator || results.isModerator; + + plugins.fireHook('filter:privileges.categories.get', { + 'topics:create': privData['topics:create'] || isAdminOrMod, + 'topics:read': privData['topics:read'] || isAdminOrMod, + read: privData.read || isAdminOrMod, + cid: cid, + uid: uid, + editable: isAdminOrMod, + view_deleted: isAdminOrMod, + isAdminOrMod: isAdminOrMod, + }, next); }, - }, function (err, results) { - if (err) { - return callback(err); - } - var privData = _.object(privs, results.privileges); - var isAdminOrMod = results.isAdministrator || results.isModerator; - - plugins.fireHook('filter:privileges.categories.get', { - 'topics:create': privData['topics:create'] || isAdminOrMod, - 'topics:read': privData['topics:read'] || isAdminOrMod, - read: privData.read || isAdminOrMod, - cid: cid, - uid: uid, - editable: isAdminOrMod, - view_deleted: isAdminOrMod, - isAdminOrMod: isAdminOrMod, - }, callback); - }); + ], callback); }; privileges.categories.isAdminOrMod = function (cid, uid, callback) { @@ -213,29 +215,29 @@ module.exports = function (privileges) { return callback(null, false); } - categories.getCategoryField(cid, 'disabled', function (err, disabled) { - if (err) { - return callback(err); - } - - if (parseInt(disabled, 10) === 1) { - return callback(null, false); - } - - helpers.some([ - function (next) { - helpers.isUserAllowedTo(privilege, uid, [cid], function (err, results) { - next(err, Array.isArray(results) && results.length ? results[0] : false); - }); - }, - function (next) { - user.isModerator(uid, cid, next); - }, - function (next) { - user.isAdministrator(uid, next); - }, - ], callback); - }); + async.waterfall([ + function (next) { + categories.getCategoryField(cid, 'disabled', next); + }, + function (disabled, next) { + if (parseInt(disabled, 10) === 1) { + return callback(null, false); + } + helpers.some([ + function (next) { + helpers.isUserAllowedTo(privilege, uid, [cid], function (err, results) { + next(err, Array.isArray(results) && results.length ? results[0] : false); + }); + }, + function (next) { + user.isModerator(uid, cid, next); + }, + function (next) { + user.isAdministrator(uid, next); + }, + ], next); + }, + ], callback); }; privileges.categories.filterCids = function (privilege, cids, uid, callback) { @@ -247,18 +249,19 @@ module.exports = function (privileges) { return array.indexOf(cid) === index; }); - privileges.categories.getBase(privilege, cids, uid, function (err, results) { - if (err) { - return callback(err); - } - - cids = cids.filter(function (cid, index) { - return !results.categories[index].disabled && - (results.allowedTo[index] || results.isAdmin || results.isModerators[index]); - }); + async.waterfall([ + function (next) { + privileges.categories.getBase(privilege, cids, uid, next); + }, + function (results, next) { + cids = cids.filter(function (cid, index) { + return !results.categories[index].disabled && + (results.allowedTo[index] || results.isAdmin || results.isModerators[index]); + }); - callback(null, cids.filter(Boolean)); - }); + next(null, cids.filter(Boolean)); + }, + ], callback); }; privileges.categories.getBase = function (privilege, cids, uid, callback) { @@ -287,26 +290,27 @@ module.exports = function (privileges) { return array.indexOf(uid) === index; }); - async.parallel({ - allowedTo: function (next) { - helpers.isUsersAllowedTo(privilege, uids, cid, next); - }, - isModerators: function (next) { - user.isModerator(uids, cid, next); + async.waterfall([ + function (next) { + async.parallel({ + allowedTo: function (next) { + helpers.isUsersAllowedTo(privilege, uids, cid, next); + }, + isModerators: function (next) { + user.isModerator(uids, cid, next); + }, + isAdmin: function (next) { + user.isAdministrator(uids, next); + }, + }, next); }, - isAdmin: function (next) { - user.isAdministrator(uids, next); + function (results, next) { + uids = uids.filter(function (uid, index) { + return results.allowedTo[index] || results.isModerators[index] || results.isAdmin[index]; + }); + next(null, uids); }, - }, function (err, results) { - if (err) { - return callback(err); - } - - uids = uids.filter(function (uid, index) { - return results.allowedTo[index] || results.isModerators[index] || results.isAdmin[index]; - }); - callback(null, uids); - }); + ], callback); }; privileges.categories.give = function (privileges, cid, groupName, callback) { @@ -324,23 +328,24 @@ module.exports = function (privileges) { } privileges.categories.canMoveAllTopics = function (currentCid, targetCid, uid, callback) { - async.parallel({ - isAdministrator: function (next) { - user.isAdministrator(uid, next); - }, - moderatorOfCurrent: function (next) { - user.isModerator(uid, currentCid, next); + async.waterfall([ + function (next) { + async.parallel({ + isAdministrator: function (next) { + user.isAdministrator(uid, next); + }, + moderatorOfCurrent: function (next) { + user.isModerator(uid, currentCid, next); + }, + moderatorOfTarget: function (next) { + user.isModerator(uid, targetCid, next); + }, + }, next); }, - moderatorOfTarget: function (next) { - user.isModerator(uid, targetCid, next); + function (results, next) { + next(null, results.isAdministrator || (results.moderatorOfCurrent && results.moderatorOfTarget)); }, - }, function (err, results) { - if (err) { - return callback(err); - } - - callback(null, results.isAdministrator || (results.moderatorOfCurrent && results.moderatorOfTarget)); - }); + ], callback); }; privileges.categories.userPrivileges = function (cid, uid, callback) { diff --git a/test/categories.js b/test/categories.js index bdd91602de..8ef059d8cb 100644 --- a/test/categories.js +++ b/test/categories.js @@ -390,6 +390,7 @@ describe('Categories', function () { it('should get all categories', function (done) { socketCategories.getAll({ uid: adminUid }, {}, function (err, data) { assert.ifError(err); + assert(data); done(); }); }); @@ -615,6 +616,72 @@ describe('Categories', function () { }); + describe('privileges', function () { + var privileges = require('../src/privileges'); + + it('should return empty array if uids is empty array', function (done) { + privileges.categories.filterUids('find', categoryObj.cid, [], function (err, uids) { + assert.ifError(err); + assert.equal(uids.length, 0); + done(); + }); + }); + + it('should filter uids by privilege', function (done) { + privileges.categories.filterUids('find', categoryObj.cid, [1, 2, 3, 4], function (err, uids) { + assert.ifError(err); + assert.deepEqual(uids, [1, 2]); + done(); + }); + }); + + it('should load user privileges', function (done) { + privileges.categories.userPrivileges(categoryObj.cid, 1, function (err, data) { + assert.ifError(err); + assert.deepEqual(data, { + find: false, + mods: false, + 'posts:delete': false, + read: false, + 'topics:reply': false, + 'topics:read': false, + 'topics:create': false, + 'topics:delete': false, + 'posts:edit': false, + }); + + done(); + }); + }); + + it('should load group privileges', function (done) { + privileges.categories.groupPrivileges(categoryObj.cid, 'registered-users', function (err, data) { + assert.ifError(err); + assert.deepEqual(data, { + 'groups:find': true, + 'groups:posts:edit': true, + 'groups:topics:delete': false, + 'groups:topics:create': true, + 'groups:topics:reply': true, + 'groups:posts:delete': true, + 'groups:read': true, + 'groups:topics:read': true, + }); + + done(); + }); + }); + + it('should return false if cid is falsy', function (done) { + privileges.categories.isUserAllowedTo('find', null, adminUid, function (err, isAllowed) { + assert.ifError(err); + assert.equal(isAllowed, false); + done(); + }); + }); + }); + + after(function (done) { db.emptydb(done); }); diff --git a/test/controllers-admin.js b/test/controllers-admin.js index ad59b4705d..5a17ca96a9 100644 --- a/test/controllers-admin.js +++ b/test/controllers-admin.js @@ -21,6 +21,7 @@ describe('Admin Controllers', function () { var jar; before(function (done) { + groups.resetCache(); async.series({ category: function (next) { categories.create({ @@ -43,9 +44,10 @@ describe('Admin Controllers', function () { cid = results.category.cid; topics.post({ uid: adminUid, title: 'test topic title', content: 'test topic content', cid: results.category.cid }, function (err, result) { + assert.ifError(err); tid = result.topicData.tid; pid = result.postData.pid; - done(err); + done(); }); }); });