From 56d325bd869a07a0c95ec9a7cffd3658a9718b68 Mon Sep 17 00:00:00 2001 From: barisusakli Date: Wed, 10 Aug 2016 23:55:49 +0300 Subject: [PATCH] privilege fixes --- public/src/client/topic/posts.js | 4 ++-- src/posts/edit.js | 4 ++-- src/posts/tools.js | 4 ++-- src/privileges/posts.js | 34 +++++++++++++++++--------------- src/privileges/topics.js | 4 ++-- src/socket.io/posts/tools.js | 5 +++-- src/topics/create.js | 11 +++++------ src/topics/fork.js | 4 ++-- 8 files changed, 36 insertions(+), 34 deletions(-) diff --git a/public/src/client/topic/posts.js b/public/src/client/topic/posts.js index 33be04f993..b31b5fc0ed 100644 --- a/public/src/client/topic/posts.js +++ b/public/src/client/topic/posts.js @@ -27,8 +27,8 @@ define('forum/topic/posts', [ data.privileges = ajaxify.data.privileges; data.posts.forEach(function(post) { post.selfPost = !!app.user.uid && parseInt(post.uid, 10) === parseInt(app.user.uid, 10); - post.display_edit_tools = (ajaxify.data.privileges.editOwnPosts && post.selfPost) || ajaxify.data.privileges.isAdminOrMod; - post.display_delete_tools = (ajaxify.data.privileges.deleteOwnPosts && post.selfPost) || ajaxify.data.privileges.isAdminOrMod; + post.display_edit_tools = (ajaxify.data.privileges['posts:edit'] && post.selfPost) || ajaxify.data.privileges.isAdminOrMod; + post.display_delete_tools = (ajaxify.data.privileges['posts:delete'] && post.selfPost) || ajaxify.data.privileges.isAdminOrMod; post.display_moderator_tools = post.display_edit_tools || post.display_delete_tools; post.display_move_tools = ajaxify.data.privileges.isAdminOrMod; post.display_post_menu = ajaxify.data.privileges.isAdminOrMod || post.selfPost || ((app.user.uid || ajaxify.data.postSharing.length) && !post.deleted); diff --git a/src/posts/edit.js b/src/posts/edit.js index e8af9ae2d4..e1df94aa9f 100644 --- a/src/posts/edit.js +++ b/src/posts/edit.js @@ -28,8 +28,8 @@ module.exports = function(Posts) { privileges.posts.canEdit(data.pid, data.uid, next); }, function (canEdit, next) { - if (!canEdit) { - return next(new Error('[[error:no-privileges]]')); + if (!canEdit.flag) { + return next(new Error(canEdit.message)); } Posts.getPostData(data.pid, next); }, diff --git a/src/posts/tools.js b/src/posts/tools.js index 40d150d049..e2573554e8 100644 --- a/src/posts/tools.js +++ b/src/posts/tools.js @@ -37,8 +37,8 @@ module.exports = function(Posts) { privileges.posts.canDelete(pid, uid, next); }, function (canDelete, next) { - if (!canDelete) { - return next(new Error('[[error:no-privileges]]')); + if (!canDelete.flag) { + return next(new Error(canDelete.message)); } if (isDelete) { diff --git a/src/privileges/posts.js b/src/privileges/posts.js index fe43a631c6..8ebf9e4bcb 100644 --- a/src/privileges/posts.js +++ b/src/privileges/posts.js @@ -147,15 +147,10 @@ module.exports = function(privileges) { return callback(err); } if (results.isAdminOrMod) { - return callback(null, true); + return callback(null, {flag: true}); } - if (results.isEditable.isLocked) { - return callback(new Error('[[error:topic-locked]]')); - } - if (results.isEditable.isEditExpired) { - return callback(new Error('[[error:post-edit-duration-expired, ' + meta.config.postEditDuration + ']]')); - } - callback(null, results.isEditable.editable); + + callback(null, results.isEditable); }); }; @@ -178,20 +173,25 @@ module.exports = function(privileges) { if (err) { return callback(err); } + if (results.isAdminOrMod) { - return callback(null, true); + return callback(null, {flag: true}); } + if (results.isLocked) { - return callback(new Error('[[error:topic-locked]]')); + return callback(null, {flag: false, message: '[[error:topic-locked]]'}); } + if (!results['posts:delete']) { - return callback(null, false); + return callback(null, {flag: false, message: '[[error:no-privileges]]'}); } + var postDeleteDuration = parseInt(meta.config.postDeleteDuration, 10); if (postDeleteDuration && (Date.now() - parseInt(postData.timestamp, 10) > postDeleteDuration * 1000)) { - return callback(new Error('[[error:post-delete-duration-expired, ' + meta.config.postDeleteDuration + ']]')); + return callback(null, {flag: false, message: '[[error:post-delete-duration-expired, ' + meta.config.postDeleteDuration + ']]'}); } - callback(null, results.isOwner); + + callback(null, {flag: results.isOwner, message: '[[error:no-privileges]]'}); }); }; @@ -223,20 +223,22 @@ module.exports = function(privileges) { }; function isPostEditable(pid, uid, callback) { + var tid; async.waterfall([ function(next) { posts.getPostFields(pid, ['tid', 'timestamp'], next); }, function(postData, next) { + tid = postData.tid; var postEditDuration = parseInt(meta.config.postEditDuration, 10); if (postEditDuration && Date.now() - parseInt(postData.timestamp, 10) > postEditDuration * 1000) { - return callback(null, {isEditExpired: true}); + return callback(null, {flag: false, message: '[[error:post-edit-duration-expired, ' + meta.config.postEditDuration + ']]'}); } topics.isLocked(postData.tid, next); }, function(isLocked, next) { if (isLocked) { - return callback(null, {isLocked: true}); + return callback(null, {flag: false, message: '[[error:topic-locked]]'}); } async.parallel({ @@ -245,7 +247,7 @@ module.exports = function(privileges) { }, next); }, function(result, next) { - next(null, {editable: result.owner && result.edit}); + next(null, {flag: result.owner && result.edit, message: '[[error:no-privileges]]'}); } ], callback); } diff --git a/src/privileges/topics.js b/src/privileges/topics.js index 7caffc06c3..27a9243222 100644 --- a/src/privileges/topics.js +++ b/src/privileges/topics.js @@ -58,8 +58,8 @@ module.exports = function(privileges) { disabled: disabled, tid: tid, uid: uid, - editOwnPosts: results['posts:edit'][0], - deleteOwnPosts: results['posts:delete'][0] + 'posts:edit': (results['posts:edit'][0] && !locked) || isAdminOrMod, + 'posts:delete': (results['posts:delete'][0] && !locked) || isAdminOrMod }, callback); }); }; diff --git a/src/socket.io/posts/tools.js b/src/socket.io/posts/tools.js index dfc99ac2dc..91e8dca241 100644 --- a/src/socket.io/posts/tools.js +++ b/src/socket.io/posts/tools.js @@ -47,12 +47,13 @@ module.exports = function(SocketPosts) { if (err) { return callback(err); } + results.posts.tools = results.tools.tools; results.posts.deleted = parseInt(results.posts.deleted, 10) === 1; results.posts.favourited = results.favourited[0]; results.posts.selfPost = socket.uid && socket.uid === parseInt(results.posts.uid, 10); - results.posts.display_edit_tools = results.canEdit; - results.posts.display_delete_tools = results.canDelete; + results.posts.display_edit_tools = results.canEdit.flag; + results.posts.display_delete_tools = results.canDelete.flag; results.posts.display_moderator_tools = results.posts.display_edit_tools || results.posts.display_delete_tools; results.posts.display_move_tools = results.isAdminOrMod; callback(null, results); diff --git a/src/topics/create.js b/src/topics/create.js index 1b561cdcaa..c79e0758f4 100644 --- a/src/topics/create.js +++ b/src/topics/create.js @@ -191,25 +191,24 @@ module.exports = function(Topics) { function(_cid, next) { cid = _cid; async.parallel({ - exists: async.apply(Topics.exists, tid), - locked: async.apply(Topics.isLocked, tid), + topicData: async.apply(Topics.getTopicData, tid), canReply: async.apply(privileges.topics.can, 'topics:reply', tid, uid), - isAdmin: async.apply(user.isAdministrator, uid), - isModerator: async.apply(user.isModerator, uid, cid) + isAdminOrMod: async.apply(privileges.categories.isAdminOrMod, cid, uid), }, next); }, function(results, next) { - if (!results.exists) { + if (!results.topicData) { return next(new Error('[[error:no-topic]]')); } - if (results.locked && !results.isAdmin && !results.isModerator) { + if (parseInt(results.topicData.locked, 10) === 1 && !results.isAdminOrMod) { return next(new Error('[[error:topic-locked]]')); } if (!results.canReply) { return next(new Error('[[error:no-privileges]]')); } + guestHandleValid(data, next); }, function(next) { diff --git a/src/topics/fork.js b/src/topics/fork.js index b2e16f069d..fbc9cdb54c 100644 --- a/src/topics/fork.js +++ b/src/topics/fork.js @@ -61,8 +61,8 @@ module.exports = function(Topics) { function(_tid, next) { function move(pid, next) { privileges.posts.canEdit(pid, uid, function(err, canEdit) { - if(err || !canEdit) { - return next(err); + if (err || !canEdit.flag) { + return next(err || new Error(canEdit.message)); } Topics.movePostToTopic(pid, tid, next);