From 59d081507345566fd43aed9029955f0e6fa56215 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Fri, 28 Apr 2017 18:48:32 -0400 Subject: [PATCH] closes #5637 --- src/controllers/accounts/helpers.js | 10 ++++--- src/privileges/users.js | 46 +++++++++++++++++++++++++++++ src/socket.io/user/ban.js | 9 +++--- 3 files changed, 57 insertions(+), 8 deletions(-) diff --git a/src/controllers/accounts/helpers.js b/src/controllers/accounts/helpers.js index 339b3a2c2f..619c22cfcc 100644 --- a/src/controllers/accounts/helpers.js +++ b/src/controllers/accounts/helpers.js @@ -10,8 +10,9 @@ var groups = require('../../groups'); var plugins = require('../../plugins'); var meta = require('../../meta'); var utils = require('../../utils'); +var privileges = require('../../privileges'); -var helpers = {}; +var helpers = module.exports; helpers.getUserDataByUserSlug = function (userslug, callerUID, callback) { async.waterfall([ @@ -60,6 +61,9 @@ helpers.getUserDataByUserSlug = function (userslug, callerUID, callback) { sso: function (next) { plugins.fireHook('filter:auth.list', { uid: uid, associations: [] }, next); }, + canBanUser: function (next) { + privileges.users.canBanUser(callerUID, uid, next); + }, }, next); }, function (results, next) { @@ -109,7 +113,7 @@ helpers.getUserDataByUserSlug = function (userslug, callerUID, callback) { userData.isAdminOrGlobalModeratorOrModerator = isAdmin || isGlobalModerator || isModerator; userData.isSelfOrAdminOrGlobalModerator = isSelf || isAdmin || isGlobalModerator; userData.canEdit = isAdmin || (isGlobalModerator && !results.isTargetAdmin); - userData.canBan = isAdmin || (isGlobalModerator && !results.isTargetAdmin); + userData.canBan = results.canBanUser; userData.canChangePassword = isAdmin || (isSelf && parseInt(meta.config['password:disableEdit'], 10) !== 1); userData.isSelf = isSelf; userData.isFollowing = results.isFollowing; @@ -186,5 +190,3 @@ function filterLinks(links, states) { return permit; }); } - -module.exports = helpers; diff --git a/src/privileges/users.js b/src/privileges/users.js index ed72efb147..26557a1798 100644 --- a/src/privileges/users.js +++ b/src/privileges/users.js @@ -3,6 +3,7 @@ var async = require('async'); +var user = require('../user'); var groups = require('../groups'); var plugins = require('../plugins'); @@ -157,4 +158,49 @@ module.exports = function (privileges) { callback(null, canEdit); }); }; + + privileges.users.canBanUser = function (callerUid, uid, callback) { + async.waterfall([ + function (next) { + async.parallel({ + isAdmin: function (next) { + privileges.users.isAdministrator(callerUid, next); + }, + isGlobalMod: function (next) { + privileges.users.isGlobalModerator(callerUid, next); + }, + isTargetAdmin: function (next) { + privileges.users.isAdministrator(uid, next); + }, + }, next); + }, + function (results, next) { + results.canBan = !results.isTargetAdmin && (results.isAdmin || results.isGlobalMod); + results.callerUid = callerUid; + results.uid = uid; + plugins.fireHook('filter:user.canBanUser', results, next); + }, + function (data, next) { + next(null, data.canBan); + }, + ], callback); + }; + + privileges.users.hasBanPrivilege = function (uid, callback) { + async.waterfall([ + function (next) { + user.isAdminOrGlobalMod(uid, next); + }, + function (isAdminOrGlobalMod, next) { + plugins.fireHook('filter:user.hasBanPrivilege', { + uid: uid, + isAdminOrGlobalMod: isAdminOrGlobalMod, + canBan: isAdminOrGlobalMod, + }, next); + }, + function (data, next) { + next(null, data.canBan); + }, + ], callback); + }; }; diff --git a/src/socket.io/user/ban.js b/src/socket.io/user/ban.js index 54ce94fd24..084307c017 100644 --- a/src/socket.io/user/ban.js +++ b/src/socket.io/user/ban.js @@ -1,10 +1,11 @@ 'use strict'; var async = require('async'); + var user = require('../../user'); var websockets = require('../index'); var events = require('../../events'); - +var privileges = require('../../privileges'); var plugins = require('../../plugins'); module.exports = function (SocketUser) { @@ -72,10 +73,10 @@ module.exports = function (SocketUser) { async.waterfall([ function (next) { - user.isAdminOrGlobalMod(uid, next); + privileges.users.hasBanPrivilege(uid, next); }, - function (isAdminOrGlobalMod, next) { - if (!isAdminOrGlobalMod) { + function (hasBanPrivilege, next) { + if (!hasBanPrivilege) { return next(new Error('[[error:no-privileges]]')); } async.each(uids, method, next);