From 127261100ea263626261f96844032e0e968da274 Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Wed, 8 Jan 2014 14:53:32 -0500 Subject: [PATCH 1/2] fixed #698 - ajaxify.go will now cancel any active API requests when it is called --- public/src/ajaxify.js | 4 ++-- public/src/templates.js | 17 ++++++++++++----- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/public/src/ajaxify.js b/public/src/ajaxify.js index b3a8959006..478797733f 100644 --- a/public/src/ajaxify.js +++ b/public/src/ajaxify.js @@ -49,9 +49,9 @@ var ajaxify = {}; // end if ($('#content').hasClass('ajaxifying')) { - return true; + templates.cancelRequest(); } - + // Remove trailing slash url = url.replace(/\/$/, ""); diff --git a/public/src/templates.js b/public/src/templates.js index 23687bc515..627aa50d51 100644 --- a/public/src/templates.js +++ b/public/src/templates.js @@ -4,7 +4,8 @@ templates, fs = null, available_templates = [], - parsed_variables = {}; + parsed_variables = {}, + apiXHR; module.exports = templates = { "globals": {} @@ -174,7 +175,7 @@ parse_template(); } - jQuery.get(RELATIVE_PATH + '/api/' + api_url, function (data) { + apiXHR = jQuery.get(RELATIVE_PATH + '/api/' + api_url, function (data) { if (!data) { ajaxify.go('404'); @@ -183,12 +184,12 @@ template_data = data; parse_template(); - }).fail(function (data) { + }).fail(function (data, textStatus) { if (data && data.status == 404) { return ajaxify.go('404'); } else if (data && data.status === 403) { return ajaxify.go('403'); - } else { + } else if (textStatus !== "abort") { app.alertError(data.responseJSON.error); } }); @@ -232,6 +233,12 @@ } + templates.cancelRequest = function() { + if (apiXHR) { + apiXHR.abort(); + } + } + templates.flush = function () { parsed_variables = {}; } @@ -294,7 +301,7 @@ data[g] = data[g] || templates.globals[g]; } } - + return (function parse(data, namespace, template, blockInfo) { if (!data || data.length == 0) { template = ''; From ab16b1184d1b3094e54539c2961a5a54b74577d9 Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Wed, 8 Jan 2014 15:09:24 -0500 Subject: [PATCH 2/2] fixing issue where nojs mode of a private category would show the category topics, even if the requesting user was not allowed inside --- src/webserver.js | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/src/webserver.js b/src/webserver.js index 7bcad13469..b8cef57a10 100644 --- a/src/webserver.js +++ b/src/webserver.js @@ -16,6 +16,7 @@ var path = require('path'), db = require('./database'), user = require('./user'), categories = require('./categories'), + CategoryTools = require('./categoryTools'), posts = require('./posts'), topics = require('./topics'), ThreadTools = require('./threadTools'), @@ -511,7 +512,7 @@ if(nconf.get('ssl')) { async.waterfall([ function(next) { // Check whether this user is allowed to access this topic - ThreadTools.privileges(tid, ((req.user) ? req.user.uid : 0), function(err, privileges) { + ThreadTools.privileges(tid, ((req.user) ? req.user.uid || 0 : 0), function(err, privileges) { if (!err) { if (!privileges.read) { next(new Error('not-enough-privileges')); @@ -671,6 +672,20 @@ if(nconf.get('ssl')) { } async.waterfall([ + function(next) { + // Check whether this user is allowed to access this category + CategoryTools.privileges(cid, ((req.user) ? req.user.uid || 0 : 0), function(err, privileges) { + if (!err) { + if (!privileges.read) { + next(new Error('not-enough-privileges')); + } else { + next(); + } + } else { + next(err); + } + }); + }, function (next) { categories.getCategoryById(cid, 0, function (err, categoryData) { @@ -717,7 +732,11 @@ if(nconf.get('ssl')) { } ], function (err, data) { if (err) { - return res.redirect('404'); + if (err.message === 'not-enough-privileges') { + return res.redirect('403'); + } else { + return res.redirect('404'); + } } if(data.categories.link) {