feat: expose global/admin privileges to all routes

@barisusakli revert if necessary 😬

src/middleware/render.js

@@ -7,6 +7,7 @@ const winston = require('winston');
 
 const plugins = require('../plugins');
 const meta = require('../meta');
+const privileges = require('../privileges');
 const translator = require('../translator');
 const widgets = require('../widgets');
 const utils = require('../utils');
@@ -31,6 +32,9 @@ module.exports = function (middleware) {
 			options.url = (req.baseUrl + req.path.replace(/^\/api/, ''));
 			options.bodyClass = buildBodyClass(req, res, options);
 
+			const privilegeSet = await Promise.all(['global', 'admin'].map(async type => privileges[type].get(req.uid)));
+			options.privileges = { ...privilegeSet[0], ...privilegeSet[1] };
+
 			const buildResult = await plugins.fireHook('filter:' + template + '.build', { req: req, res: res, templateData: options });
 			const templateToRender = buildResult.templateData.templateToRender || template;
 

test/api.js

@@ -66,7 +66,7 @@ describe('Read API', async () => {
 		await socketUser.exportPosts({ uid: adminUid }, { uid: adminUid });
 		await socketUser.exportUploads({ uid: adminUid }, { uid: adminUid });
 		// wait for export child process to complete
-		await wait(20000);
+		// await wait(20000);
 
 		// Attach a search hook so /api/search is enabled
 		plugins.registerHook('core', {