hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: use view_deleted when filtering, closes #8137

Browse Source
v1.18.x
Barış Soner Uşaklı 5 years ago
parent d927b763c1
commit 9969dd6335
4 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File

1
src/privileges/categories.js
Unescape Escape View File

@ -110,6 +110,7 @@ module.exports = function (privileges) {
return await utils.promiseParallel({
categories: categories.getCategoriesFields(cids, ['disabled']),
allowedTo: helpers.isUserAllowedTo(privilege, uid, cids),
view_deleted: helpers.isUserAllowedTo('posts:view_deleted', uid, cids),
isAdmin: user.isAdministrator(uid),
});
};

7
src/privileges/posts.js
Unescape Escape View File

@ -88,16 +88,17 @@ module.exports = function (privileges) {
cids = _.uniq(cids);
const results = await privileges.categories.getBase(privilege, cids, uid);
cids = cids.filter(function (cid, index) {
const allowedCids = cids.filter(function (cid, index) {
return !results.categories[index].disabled &&
(results.allowedTo[index] || results.isAdmin);
});
const cidsSet = new Set(cids);
const cidsSet = new Set(allowedCids);
const canViewDeleted = _.zipObject(cids, results.view_deleted);
pids = postData.filter(function (post) {
return post.topic && cidsSet.has(post.topic.cid) &&
((!post.topic.deleted && !post.deleted) || results.isAdmin);
((!post.topic.deleted && !post.deleted) || canViewDeleted[post.topic.cid] || results.isAdmin);
}).map(post => post.pid);
const data = await plugins.fireHook('filter:privileges.posts.filter', {

9
src/privileges/topics.js
Unescape Escape View File

@ -68,14 +68,15 @@ module.exports = function (privileges) {
}
const topicsData = await topics.getTopicsFields(tids, ['tid', 'cid', 'deleted']);
let cids = _.uniq(topicsData.map(topic => topic.cid));
const cids = _.uniq(topicsData.map(topic => topic.cid));
const results = await privileges.categories.getBase(privilege, cids, uid);
cids = cids.filter((cid, index) => !results.categories[index].disabled && (results.allowedTo[index] || results.isAdmin));
const allowedCids = cids.filter((cid, index) => !results.categories[index].disabled && (results.allowedTo[index] || results.isAdmin));
const cidsSet = new Set(cids);
const cidsSet = new Set(allowedCids);
const canViewDeleted = _.zipObject(cids, results.view_deleted);
tids = topicsData.filter(t => cidsSet.has(t.cid) && (!t.deleted || results.isAdmin)).map(t => t.tid);
tids = topicsData.filter(t => cidsSet.has(t.cid) && (!t.deleted || canViewDeleted[t.cid] || results.isAdmin)).map(t => t.tid);
const data = await plugins.fireHook('filter:privileges.topics.filter', {
privilege: privilege,

3
src/topics/index.js
Unescape Escape View File

@ -50,8 +50,7 @@ Topics.getTopics = async function (tids, options) {
}
tids = await privileges.topics.filterTids('topics:read', tids, uid);
const topics = await Topics.getTopicsByTids(tids, options);
return topics;
return await Topics.getTopicsByTids(tids, options);
};
Topics.getTopicsByTids = async function (tids, options) {

Write Preview
Loading…
Cancel
Save