From 7d04e95226bf22f8db415be24ebf8f9352bd29c8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Mon, 23 Jan 2023 11:09:19 -0500
Subject: [PATCH 1/6] fix: #11194, allow access to sub dashboard pages

---
 src/privileges/admin.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/privileges/admin.js b/src/privileges/admin.js
index 5a733d30f4..166236ac76 100644
--- a/src/privileges/admin.js
+++ b/src/privileges/admin.js
@@ -66,6 +66,7 @@ privsAdmin.routeMap = {
 	uploadDefaultAvatar: 'admin:settings',
 };
 privsAdmin.routePrefixMap = {
+	'dashboard/': 'admin:dashboard',
 	'manage/categories/': 'admin:categories',
 	'manage/privileges/': 'admin:privileges',
 	'manage/groups/': 'admin:groups',

From 9c250b78b05ca2abf31a79971ed0c60ca07664ec Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Mon, 23 Jan 2023 11:27:57 -0500
Subject: [PATCH 2/6] fix(deps): pinning sub dependency json-schema-ref-parser
 to 9.0.9

ref: https://github.com/APIDevTools/json-schema-ref-parser/issues/298
---
 install/package.json | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/install/package.json b/install/package.json
index 1af9a00cf6..7dc6237452 100644
--- a/install/package.json
+++ b/install/package.json
@@ -167,7 +167,8 @@
         "smtp-server": "3.11.0"
     },
     "resolutions": {
-        "*/jquery": "3.6.3"
+        "*/jquery": "3.6.3",
+        "@apidevtools/json-schema-ref-parser": "9.0.9"
     },
     "bugs": {
         "url": "https://github.com/NodeBB/NodeBB/issues"

From 0bffd3d93cd8a6f286d3a796ec0448c38d57b526 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Mon, 23 Jan 2023 11:40:17 -0500
Subject: [PATCH 3/6] fix: #11195, allow users with admin:users privilege to
 delete users in acp

---
 src/api/users.js | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/api/users.js b/src/api/users.js
index c23f2c04d6..e0382c95cd 100644
--- a/src/api/users.js
+++ b/src/api/users.js
@@ -307,18 +307,17 @@ async function isPrivilegedOrSelfAndPasswordMatch(caller, data) {
 async function processDeletion({ uid, method, password, caller }) {
 	const isTargetAdmin = await user.isAdministrator(uid);
 	const isSelf = parseInt(uid, 10) === parseInt(caller.uid, 10);
-	const isAdmin = await user.isAdministrator(caller.uid);
+	const hasAdminPrivilege = await privileges.admin.can('admin:users', caller.uid);
 
 	if (isSelf && meta.config.allowAccountDelete !== 1) {
 		throw new Error('[[error:account-deletion-disabled]]');
-	} else if (!isSelf && !isAdmin) {
+	} else if (!isSelf && !hasAdminPrivilege) {
 		throw new Error('[[error:no-privileges]]');
 	} else if (isTargetAdmin) {
 		throw new Error('[[error:cant-delete-admin]');
 	}
 
 	// Privilege checks -- only deleteAccount is available for non-admins
-	const hasAdminPrivilege = await privileges.admin.can('admin:users', caller.uid);
 	if (!hasAdminPrivilege && ['delete', 'deleteContent'].includes(method)) {
 		throw new Error('[[error:no-privileges]]');
 	}

From a788bd1344825ad4759e39d6e98d8bf3695bd639 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Mon, 23 Jan 2023 12:31:43 -0500
Subject: [PATCH 4/6] revert: 9c250b78b05ca2abf31a79971ed0c60ca07664ec, fix:
 comment out broken test for now

---
 install/package.json | 3 +--
 test/api.js          | 5 +++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/install/package.json b/install/package.json
index 7dc6237452..1af9a00cf6 100644
--- a/install/package.json
+++ b/install/package.json
@@ -167,8 +167,7 @@
         "smtp-server": "3.11.0"
     },
     "resolutions": {
-        "*/jquery": "3.6.3",
-        "@apidevtools/json-schema-ref-parser": "9.0.9"
+        "*/jquery": "3.6.3"
     },
     "bugs": {
         "url": "https://github.com/NodeBB/NodeBB/issues"
diff --git a/test/api.js b/test/api.js
index cc13650770..53774304cf 100644
--- a/test/api.js
+++ b/test/api.js
@@ -228,14 +228,15 @@ describe('API', async () => {
 		setup = true;
 	}
 
-	it('should pass OpenAPI v3 validation', async () => {
+	// Test failing due to https://github.com/APIDevTools/json-schema-ref-parser/issues/298
+	/* it('should pass OpenAPI v3 validation', async () => {
 		try {
 			await SwaggerParser.validate(readApiPath);
 			await SwaggerParser.validate(writeApiPath);
 		} catch (e) {
 			assert.ifError(e);
 		}
-	});
+	}); */
 
 	readApi = await SwaggerParser.dereference(readApiPath);
 	writeApi = await SwaggerParser.dereference(writeApiPath);

From 00e48803a6f0f589621a37b228b139b7e3cec498 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Mon, 23 Jan 2023 15:11:08 -0500
Subject: [PATCH 5/6] fix(deps): downgrade swagger-parser to v9

---
 install/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install/package.json b/install/package.json
index 1af9a00cf6..c2c63ced4b 100644
--- a/install/package.json
+++ b/install/package.json
@@ -148,7 +148,7 @@
         "zxcvbn": "4.4.2"
     },
     "devDependencies": {
-        "@apidevtools/swagger-parser": "10.0.3",
+        "@apidevtools/swagger-parser": "9.0.0",
         "@commitlint/cli": "17.3.0",
         "@commitlint/config-angular": "17.3.0",
         "coveralls": "3.1.1",

From fecd84d1a01bf1d448128725c8980ce190d127eb Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Mon, 23 Jan 2023 15:19:24 -0500
Subject: [PATCH 6/6] revert: a788bd1344825ad4759e39d6e98d8bf3695bd639

---
 test/api.js | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/test/api.js b/test/api.js
index 53774304cf..cc13650770 100644
--- a/test/api.js
+++ b/test/api.js
@@ -228,15 +228,14 @@ describe('API', async () => {
 		setup = true;
 	}
 
-	// Test failing due to https://github.com/APIDevTools/json-schema-ref-parser/issues/298
-	/* it('should pass OpenAPI v3 validation', async () => {
+	it('should pass OpenAPI v3 validation', async () => {
 		try {
 			await SwaggerParser.validate(readApiPath);
 			await SwaggerParser.validate(writeApiPath);
 		} catch (e) {
 			assert.ifError(e);
 		}
-	}); */
+	});
 
 	readApi = await SwaggerParser.dereference(readApiPath);
 	writeApi = await SwaggerParser.dereference(writeApiPath);