From 3aa5beb8326ffa96c3ad4cbc151f5e6cfc65f592 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Wed, 23 Dec 2020 13:07:41 -0500
Subject: [PATCH] feat: allow multiple privileges to be defined for a given
 admin socket call

---
 src/socket.io/admin.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/socket.io/admin.js b/src/socket.io/admin.js
index 631914f05d..bec2f0fae9 100644
--- a/src/socket.io/admin.js
+++ b/src/socket.io/admin.js
@@ -41,8 +41,9 @@ SocketAdmin.before = async function (socket, method) {
 	}
 
 	// Check admin privileges mapping (if not in mapping, deny access)
-	const privilege = privileges.admin.socketMap[method];
-	if (privilege && await privileges.admin.can(privilege, socket.uid)) {
+	const privilegeSet = privileges.admin.socketMap[method].split(';');
+	const hasPrivilege = (await Promise.all(privilegeSet.map(async privilege => privileges.admin.can(privilege, socket.uid)))).some(Boolean);
+	if (privilegeSet.length && hasPrivilege) {
 		return;
 	}