hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: #7494

Browse Source
v1.18.x
Baris Usakli 6 years ago
parent 63e16ec0a2
commit 8f55ab1340
3 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File

3
src/middleware/user.js
Unescape Escape View File

@ -93,6 +93,9 @@ module.exports = function (middleware) {
};
middleware.canViewUsers = function canViewUsers(req, res, next) {
if (parseInt(res.locals.uid, 10) === req.uid) {
return next();
}
privileges.global.can('view:users', req.uid, function (err, canView) {
if (err || canView) {
return next(err);

4
src/routes/accounts.js
Unescape Escape View File

@ -4,8 +4,8 @@ var helpers = require('./helpers');
var setupPageRoute = helpers.setupPageRoute;
module.exports = function (app, middleware, controllers) {
var middlewares = [middleware.canViewUsers, middleware.exposeUid];
var accountMiddlewares = [middleware.canViewUsers, middleware.checkAccountPermissions, middleware.exposeUid];
var middlewares = [middleware.exposeUid, middleware.canViewUsers];
var accountMiddlewares = [middleware.exposeUid, middleware.canViewUsers, middleware.checkAccountPermissions];
setupPageRoute(app, '/me/*', middleware, [], middleware.redirectMeToUserslug);
setupPageRoute(app, '/uid/:uid*', middleware, [], middleware.redirectUidToUserslug);

6
src/routes/api.js
Unescape Escape View File

@ -16,7 +16,7 @@ module.exports = function (app, middleware, controllers) {
}
}, controllers.api.getConfig);
router.get('/me', middleware.canViewUsers, controllers.user.getCurrentUser);
router.get('/me', controllers.user.getCurrentUser);
router.get('/user/uid/:uid', middleware.canViewUsers, controllers.user.getUserByUID);
router.get('/user/username/:username', middleware.canViewUsers, controllers.user.getUserByUsername);
router.get('/user/email/:email', middleware.canViewUsers, controllers.user.getUserByEmail);
@ -40,8 +40,8 @@ module.exports = function (app, middleware, controllers) {
var middlewares = [middleware.maintenanceMode, multipartMiddleware, middleware.validateFiles, middleware.applyCSRF];
router.post('/post/upload', middlewares, uploadsController.uploadPost);
router.post('/topic/thumb/upload', middlewares, uploadsController.uploadThumb);
router.post('/user/:userslug/uploadpicture', middlewares.concat([middleware.authenticate, middleware.canViewUsers, middleware.checkAccountPermissions]), controllers.accounts.edit.uploadPicture);
router.post('/user/:userslug/uploadpicture', middlewares.concat([middleware.exposeUid, middleware.authenticate, middleware.canViewUsers, middleware.checkAccountPermissions]), controllers.accounts.edit.uploadPicture);
router.post('/user/:userslug/uploadcover', middlewares.concat([middleware.authenticate, middleware.canViewUsers, middleware.checkAccountPermissions]), controllers.accounts.edit.uploadCoverPicture);
router.post('/user/:userslug/uploadcover', middlewares.concat([middleware.exposeUid, middleware.authenticate, middleware.canViewUsers, middleware.checkAccountPermissions]), controllers.accounts.edit.uploadCoverPicture);
router.post('/groups/uploadpicture', middlewares.concat([middleware.authenticate]), controllers.groups.uploadCover);
};

Write Preview
Loading…
Cancel
Save