hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

privileges tests

Browse Source
v1.18.x
barisusakli 8 years ago
parent a3b4c83e8b
commit 324e5be7bd
3 changed files with 168 additions and 94 deletions
Show Stats Download Patch File Download Diff File

191
src/privileges/categories.js
Unescape Escape View File

@ -155,34 +155,36 @@ module.exports = function (privileges) {
privileges.categories.get = function (cid, uid, callback) { privileges.categories.get = function (cid, uid, callback) {
var privs = ['topics:create', 'topics:read', 'read']; var privs = ['topics:create', 'topics:read', 'read'];
async.parallel({ async.waterfall([
privileges: function (next) { function (next) {
helpers.isUserAllowedTo(privs, uid, cid, next); async.parallel({
}, privileges: function (next) {
isAdministrator: function (next) { helpers.isUserAllowedTo(privs, uid, cid, next);
user.isAdministrator(uid, next); },
isAdministrator: function (next) {
user.isAdministrator(uid, next);
},
isModerator: function (next) {
user.isModerator(uid, cid, next);
},
}, next);
}, },
isModerator: function (next) { function (results, next) {
user.isModerator(uid, cid, next); var privData = _.object(privs, results.privileges);
var isAdminOrMod = results.isAdministrator || results.isModerator;
plugins.fireHook('filter:privileges.categories.get', {
'topics:create': privData['topics:create'] || isAdminOrMod,
'topics:read': privData['topics:read'] || isAdminOrMod,
read: privData.read || isAdminOrMod,
cid: cid,
uid: uid,
editable: isAdminOrMod,
view_deleted: isAdminOrMod,
isAdminOrMod: isAdminOrMod,
}, next);
}, },
}, function (err, results) { ], callback);
if (err) {
return callback(err);
}
var privData = _.object(privs, results.privileges);
var isAdminOrMod = results.isAdministrator || results.isModerator;
plugins.fireHook('filter:privileges.categories.get', {
'topics:create': privData['topics:create'] || isAdminOrMod,
'topics:read': privData['topics:read'] || isAdminOrMod,
read: privData.read || isAdminOrMod,
cid: cid,
uid: uid,
editable: isAdminOrMod,
view_deleted: isAdminOrMod,
isAdminOrMod: isAdminOrMod,
}, callback);
});
}; };
privileges.categories.isAdminOrMod = function (cid, uid, callback) { privileges.categories.isAdminOrMod = function (cid, uid, callback) {
@ -213,29 +215,29 @@ module.exports = function (privileges) {
return callback(null, false); return callback(null, false);
} }
categories.getCategoryField(cid, 'disabled', function (err, disabled) { async.waterfall([
if (err) { function (next) {
return callback(err); categories.getCategoryField(cid, 'disabled', next);
} },
function (disabled, next) {
if (parseInt(disabled, 10) === 1) { if (parseInt(disabled, 10) === 1) {
return callback(null, false); return callback(null, false);
} }
helpers.some([
helpers.some([ function (next) {
function (next) { helpers.isUserAllowedTo(privilege, uid, [cid], function (err, results) {
helpers.isUserAllowedTo(privilege, uid, [cid], function (err, results) { next(err, Array.isArray(results) && results.length ? results[0] : false);
next(err, Array.isArray(results) && results.length ? results[0] : false); });
}); },
}, function (next) {
function (next) { user.isModerator(uid, cid, next);
user.isModerator(uid, cid, next); },
}, function (next) {
function (next) { user.isAdministrator(uid, next);
user.isAdministrator(uid, next); },
}, ], next);
], callback); },
}); ], callback);
}; };
privileges.categories.filterCids = function (privilege, cids, uid, callback) { privileges.categories.filterCids = function (privilege, cids, uid, callback) {
@ -247,18 +249,19 @@ module.exports = function (privileges) {
return array.indexOf(cid) === index; return array.indexOf(cid) === index;
}); });
privileges.categories.getBase(privilege, cids, uid, function (err, results) { async.waterfall([
if (err) { function (next) {
return callback(err); privileges.categories.getBase(privilege, cids, uid, next);
} },
function (results, next) {
cids = cids.filter(function (cid, index) { cids = cids.filter(function (cid, index) {
return !results.categories[index].disabled && return !results.categories[index].disabled &&
(results.allowedTo[index] || results.isAdmin || results.isModerators[index]); (results.allowedTo[index] || results.isAdmin || results.isModerators[index]);
}); });
callback(null, cids.filter(Boolean)); next(null, cids.filter(Boolean));
}); },
], callback);
}; };
privileges.categories.getBase = function (privilege, cids, uid, callback) { privileges.categories.getBase = function (privilege, cids, uid, callback) {
@ -287,26 +290,27 @@ module.exports = function (privileges) {
return array.indexOf(uid) === index; return array.indexOf(uid) === index;
}); });
async.parallel({ async.waterfall([
allowedTo: function (next) { function (next) {
helpers.isUsersAllowedTo(privilege, uids, cid, next); async.parallel({
}, allowedTo: function (next) {
isModerators: function (next) { helpers.isUsersAllowedTo(privilege, uids, cid, next);
user.isModerator(uids, cid, next); },
isModerators: function (next) {
user.isModerator(uids, cid, next);
},
isAdmin: function (next) {
user.isAdministrator(uids, next);
},
}, next);
}, },
isAdmin: function (next) { function (results, next) {
user.isAdministrator(uids, next); uids = uids.filter(function (uid, index) {
return results.allowedTo[index] || results.isModerators[index] || results.isAdmin[index];
});
next(null, uids);
}, },
}, function (err, results) { ], callback);
if (err) {
return callback(err);
}
uids = uids.filter(function (uid, index) {
return results.allowedTo[index] || results.isModerators[index] || results.isAdmin[index];
});
callback(null, uids);
});
}; };
privileges.categories.give = function (privileges, cid, groupName, callback) { privileges.categories.give = function (privileges, cid, groupName, callback) {
@ -324,23 +328,24 @@ module.exports = function (privileges) {
} }
privileges.categories.canMoveAllTopics = function (currentCid, targetCid, uid, callback) { privileges.categories.canMoveAllTopics = function (currentCid, targetCid, uid, callback) {
async.parallel({ async.waterfall([
isAdministrator: function (next) { function (next) {
user.isAdministrator(uid, next); async.parallel({
}, isAdministrator: function (next) {
moderatorOfCurrent: function (next) { user.isAdministrator(uid, next);
user.isModerator(uid, currentCid, next); },
moderatorOfCurrent: function (next) {
user.isModerator(uid, currentCid, next);
},
moderatorOfTarget: function (next) {
user.isModerator(uid, targetCid, next);
},
}, next);
}, },
moderatorOfTarget: function (next) { function (results, next) {
user.isModerator(uid, targetCid, next); next(null, results.isAdministrator || (results.moderatorOfCurrent && results.moderatorOfTarget));
}, },
}, function (err, results) { ], callback);
if (err) {
return callback(err);
}
callback(null, results.isAdministrator || (results.moderatorOfCurrent && results.moderatorOfTarget));
});
}; };
privileges.categories.userPrivileges = function (cid, uid, callback) { privileges.categories.userPrivileges = function (cid, uid, callback) {

67
test/categories.js
Unescape Escape View File

@ -390,6 +390,7 @@ describe('Categories', function () {
it('should get all categories', function (done) { it('should get all categories', function (done) {
socketCategories.getAll({ uid: adminUid }, {}, function (err, data) { socketCategories.getAll({ uid: adminUid }, {}, function (err, data) {
assert.ifError(err); assert.ifError(err);
assert(data);
done(); done();
}); });
}); });
@ -615,6 +616,72 @@ describe('Categories', function () {
}); });
describe('privileges', function () {
var privileges = require('../src/privileges');
it('should return empty array if uids is empty array', function (done) {
privileges.categories.filterUids('find', categoryObj.cid, [], function (err, uids) {
assert.ifError(err);
assert.equal(uids.length, 0);
done();
});
});
it('should filter uids by privilege', function (done) {
privileges.categories.filterUids('find', categoryObj.cid, [1, 2, 3, 4], function (err, uids) {
assert.ifError(err);
assert.deepEqual(uids, [1, 2]);
done();
});
});
it('should load user privileges', function (done) {
privileges.categories.userPrivileges(categoryObj.cid, 1, function (err, data) {
assert.ifError(err);
assert.deepEqual(data, {
find: false,
mods: false,
'posts:delete': false,
read: false,
'topics:reply': false,
'topics:read': false,
'topics:create': false,
'topics:delete': false,
'posts:edit': false,
});
done();
});
});
it('should load group privileges', function (done) {
privileges.categories.groupPrivileges(categoryObj.cid, 'registered-users', function (err, data) {
assert.ifError(err);
assert.deepEqual(data, {
'groups:find': true,
'groups:posts:edit': true,
'groups:topics:delete': false,
'groups:topics:create': true,
'groups:topics:reply': true,
'groups:posts:delete': true,
'groups:read': true,
'groups:topics:read': true,
});
done();
});
});
it('should return false if cid is falsy', function (done) {
privileges.categories.isUserAllowedTo('find', null, adminUid, function (err, isAllowed) {
assert.ifError(err);
assert.equal(isAllowed, false);
done();
});
});
});
after(function (done) { after(function (done) {
db.emptydb(done); db.emptydb(done);
}); });

4
test/controllers-admin.js
Unescape Escape View File

@ -21,6 +21,7 @@ describe('Admin Controllers', function () {
var jar; var jar;
before(function (done) { before(function (done) {
groups.resetCache();
async.series({ async.series({
category: function (next) { category: function (next) {
categories.create({ categories.create({
@ -43,9 +44,10 @@ describe('Admin Controllers', function () {
cid = results.category.cid; cid = results.category.cid;
topics.post({ uid: adminUid, title: 'test topic title', content: 'test topic content', cid: results.category.cid }, function (err, result) { topics.post({ uid: adminUid, title: 'test topic title', content: 'test topic content', cid: results.category.cid }, function (err, result) {
assert.ifError(err);
tid = result.topicData.tid; tid = result.topicData.tid;
pid = result.postData.pid; pid = result.postData.pid;
done(err); done();
}); });
}); });
}); });

Write Preview
Loading…
Cancel
Save