closes #2382, closes #2130

src/install.js

@@ -398,6 +398,34 @@ function createCategories(next) {
 	});
 }
 
+function setupPrivileges(next) {
+	function givePrivileges(privileges, cid, groupName, next) {
+		async.each(privileges, function(privilege, next) {
+			Groups.join('cid:' + cid + ':privileges:groups:' + privilege, groupName, next);
+		}, next);
+	}
+
+	var Groups = require('./groups');
+	var db = require('./database');
+
+	db.getSortedSetRange('categories:cid', 0, -1, function(err, cids) {
+		if (err) {
+			return next(err);
+		}
+
+		async.each(cids, function(cid, next) {
+			async.parallel([
+				function(next) {
+					givePrivileges(['find', 'read', 'topics:create', 'topics:reply'], cid, 'administrators', next);
+				},
+				function(next) {
+					givePrivileges(['find', 'read', 'topics:create', 'topics:reply'], cid, 'registered-users', next);
+				}
+			], next);
+		}, next);
+	});
+}
+
 function createWelcomePost(next) {
 	var db = require('./database'),
 		Topics = require('./topics');
@@ -442,7 +470,18 @@ function setCopyrightWidget(next) {
 }
 
 install.setup = function (callback) {
-	async.series([checkSetupFlag, checkCIFlag, setupConfig, setupDefaultConfigs, enableDefaultTheme, createAdministrator, createCategories, createWelcomePost, enableDefaultPlugins, setCopyrightWidget,
+	async.series([
+		checkSetupFlag,
+		checkCIFlag,
+		setupConfig,
+		setupDefaultConfigs,
+		enableDefaultTheme,
+		createAdministrator,
+		createCategories,
+		setupPrivileges,
+		createWelcomePost,
+		enableDefaultPlugins,
+		setCopyrightWidget,
 		function (next) {
 			require('./upgrade').upgrade(next);
 		}

src/privileges/helpers.js

@@ -32,12 +32,6 @@ helpers.isUserAllowedTo = function(privilege, uid, cids, callback) {
 	}
 
 	async.parallel({
-		userPrivilegeExists: function(next) {
-			groups.exists(userKeys, next);
-		},
-		groupPrivilegeExists: function(next) {
-			groups.exists(groupKeys, next);
-		},
 		hasUserPrivilege: function(next) {
 			groups.isMemberOfGroups(uid, userKeys, next);
 		},
@@ -51,7 +45,7 @@ helpers.isUserAllowedTo = function(privilege, uid, cids, callback) {
 
 		var result = [];
 		for (var i=0; i<cids.length; ++i) {
-			result.push((!results.userPrivilegeExists[i] && !results.groupPrivilegeExists[i]) || results.hasUserPrivilege[i] || results.hasGroupPrivilege[i]);
+			result.push(results.hasUserPrivilege[i] || results.hasGroupPrivilege[i]);
 		}
 
 		callback(null, result);
@@ -60,12 +54,6 @@ helpers.isUserAllowedTo = function(privilege, uid, cids, callback) {
 
 helpers.isUsersAllowedTo = function(privilege, uids, cid, callback) {
 	async.parallel({
-		userPrivilegeExists: function(next) {
-			groups.exists('cid:' + cid + ':privileges:' + privilege, next);
-		},
-		groupPrivilegeExists: function(next) {
-			groups.exists('cid:' + cid + ':privileges:groups:' + privilege, next);
-		},
 		hasUserPrivilege: function(next) {
 			groups.isMembers(uids, 'cid:' + cid + ':privileges:' + privilege, next);
 		},
@@ -78,9 +66,8 @@ helpers.isUsersAllowedTo = function(privilege, uids, cid, callback) {
 		}
 
 		var result = [];
-
 		for(var i=0; i<uids.length; ++i) {
-			result.push((!results.userPrivilegeExists && !results.groupPrivilegeExists) || results.hasUserPrivilege[i] || results.hasGroupPrivilege[i]);
+			result.push(results.hasUserPrivilege[i] || results.hasGroupPrivilege[i]);
 		}
 
 		callback(null, result);
@@ -88,38 +75,12 @@ helpers.isUsersAllowedTo = function(privilege, uids, cid, callback) {
 };
 
 function isGuestAllowedTo(privilege, cids, callback) {
-	var userKeys = [], groupKeys = [];
+	var groupKeys = [];
 	for (var i=0; i<cids.length; ++i) {
-		userKeys.push('cid:' + cids[i] + ':privileges:' + privilege);
 		groupKeys.push('cid:' + cids[i] + ':privileges:groups:' + privilege);
 	}
 
-	async.parallel({
+	groups.isMemberOfGroups('guests', groupKeys, callback);
-		userPrivilegeExists: function(next) {
-			groups.exists(userKeys, next);
-		},
-		groupPrivilegeExists: function(next) {
-			groups.exists(groupKeys, next);
-		},
-		hasGroupPrivilege: function(next) {
-			groups.isMemberOfGroups('guests', groupKeys, next);
-		}
-	}, function(err, results) {
-		if (err) {
-			return callback(err);
-		}
-
-		var result = [];
-		for (var i = 0; i<cids.length; ++i) {
-			var groupPriv = (privilege === 'find' || privilege === 'read') ?
-				(!results.groupPrivilegeExists[i] || results.hasGroupPrivilege[i] !== false) :
-				(results.groupPrivilegeExists[i] && results.hasGroupPrivilege[i] === true);
-
-			result.push((!results.userPrivilegeExists[i] && !results.groupPrivilegeExists[i]) || groupPriv);
-		}
-
-		callback(null, result);
-	});
 }
 
 helpers.hasEnoughReputationFor = function(privilege, uid, callback) {

src/upgrade.js

@@ -19,7 +19,7 @@ var db = require('./database'),
 	schemaDate, thisSchemaDate,
 
 	// IMPORTANT: REMEMBER TO UPDATE VALUE OF latestSchema
-	latestSchema = Date.UTC(2014, 10, 7);
+	latestSchema = Date.UTC(2014, 10, 11);
 
 Upgrade.check = function(callback) {
 	db.get('schemaDate', function(err, value) {
@@ -1272,6 +1272,69 @@ Upgrade.upgrade = function(callback) {
 				winston.info('[2014/11/7] Renaming sorted sets skipped');
 				next();
 			}
+		},
+		function(next) {
+			thisSchemaDate = Date.UTC(2014, 10, 11);
+			if (schemaDate < thisSchemaDate) {
+				winston.info('[2014/11/11] Upgrading permissions');
+
+				async.waterfall([
+					function(next) {
+						db.getSortedSetRange('categories:cid', 0, -1, next);
+					},
+					function(cids, next) {
+						function upgradePrivilege(cid, privilege, groupName, next) {
+							async.parallel({
+								userPrivExists: function(next) {
+									Groups.exists('cid:' + cid + ':privileges:' + privilege, next);
+								},
+								groupPrivExists: function(next) {
+									Groups.exists('cid:' + cid + ':privileges:groups:' + privilege, next);
+								}
+							}, function(err, results) {
+								if (err || results.userPrivExists || results.groupPrivExists) {
+									return next(err);
+								}
+
+								Groups.join('cid:' + cid + ':privileges:groups:' + privilege, groupName, next);
+							});
+						}
+
+						function upgradePrivileges(cid, groupName, next) {
+							var privs = ['find', 'read', 'topics:reply', 'topics:post'];
+							async.each(privs, function(priv, next) {
+								upgradePrivilege(cid, priv, groupName, next);
+							}, next);
+						}
+
+						Groups.list({}, function(err, groups) {
+							if (err) {
+								return next(err);
+							}
+
+							async.eachLimit(cids, 50, function(cid, next) {
+								async.eachLimit(groups, 50, function(group, next) {
+									if (group && !group.hidden) {
+										upgradePrivileges(cid, group.name, next);
+									} else {
+										next();
+									}
+								}, next);
+							}, next);
+						});
+					}
+				], function(err) {
+					if (err) {
+						winston.error('[2014/11/11] Error encountered while upgrading permissions');
+						return next(err);
+					}
+					winston.info('[2014/11/11] Upgrading permissions done');
+					Upgrade.update(thisSchemaDate, next);
+				});
+			} else {
+				winston.info('[2014/11/11] Upgrading permissions skipped');
+				next();
+			}
 		}
 
 		// Add new schema updates here