From 6a3a3669d2dd2aa9182125526f9469821423f3fb Mon Sep 17 00:00:00 2001 From: barisusakli Date: Fri, 14 Nov 2014 16:20:36 -0500 Subject: [PATCH] check privs on getRecentReplies and getRecentTopicReplies --- src/categories/recentreplies.js | 55 +++++++++++++++++---------------- src/socket.io/categories.js | 12 +------ 2 files changed, 30 insertions(+), 37 deletions(-) diff --git a/src/categories/recentreplies.js b/src/categories/recentreplies.js index 9c076fbcfc..2254e78957 100644 --- a/src/categories/recentreplies.js +++ b/src/categories/recentreplies.js @@ -7,20 +7,23 @@ var async = require('async'), db = require('../database'), posts = require('../posts'), - topics = require('../topics'); + topics = require('../topics'), + privileges = require('../privileges'); module.exports = function(Categories) { Categories.getRecentReplies = function(cid, uid, count, callback) { - if (!parseInt(count, 10)) { - return callback(null, []); - } - - db.getSortedSetRevRange('cid:' + cid + ':pids', 0, count - 1, function(err, pids) { - if (err || !pids || !pids.length) { + privileges.categories.can('read', cid, uid, function(err, canRead) { + if (err || !canRead || !parseInt(count, 10)) { return callback(err, []); } - posts.getPostSummaryByPids(pids, uid, {stripTags: true}, callback); + db.getSortedSetRevRange('cid:' + cid + ':pids', 0, count - 1, function(err, pids) { + if (err || !Array.isArray(pids) || !pids.length) { + return callback(err, []); + } + + posts.getPostSummaryByPids(pids, uid, {stripTags: true}, callback); + }); }); }; @@ -28,29 +31,29 @@ module.exports = function(Categories) { if (!Array.isArray(categoryData) || !categoryData.length) { return callback(null, []); } - async.map(categoryData, getRecentTopicPids, function(err, results) { - if (err) { - return callback(err); - } - var pids = _.flatten(results); - - pids = pids.filter(function(pid, index, array) { - return !!pid && array.indexOf(pid) === index; - }); - - posts.getPostSummaryByPids(pids, uid, {stripTags: true}, function(err, posts) { - if (err) { - return callback(err); - } + async.waterfall([ + function(next) { + async.map(categoryData, getRecentTopicPids, next); + }, + function(results, next) { + var pids = _.flatten(results); + pids = pids.filter(function(pid, index, array) { + return !!pid && array.indexOf(pid) === index; + }); + privileges.posts.filter('read', pids, uid, next); + }, + function(pids, next) { + posts.getPostSummaryByPids(pids, uid, {stripTags: true}, next); + }, + function(posts, next) { categoryData.forEach(function(category) { assignPostsToCategory(category, posts); }); - - callback(); - }); - }); + next(); + } + ], callback); }; function assignPostsToCategory(category, posts) { diff --git a/src/socket.io/categories.js b/src/socket.io/categories.js index 57a13d0a58..0aeee0482a 100644 --- a/src/socket.io/categories.js +++ b/src/socket.io/categories.js @@ -11,17 +11,7 @@ var async = require('async'), SocketCategories = {}; SocketCategories.getRecentReplies = function(socket, cid, callback) { - privileges.categories.can('read', cid, socket.uid, function(err, canRead) { - if (err) { - return callback(err); - } - - if (!canRead) { - return callback(null, []); - } - - categories.getRecentReplies(cid, socket.uid, 4, callback); - }); + categories.getRecentReplies(cid, socket.uid, 4, callback); }; SocketCategories.get = function(socket, data, callback) {