hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

closes #6557

Browse Source
v1.18.x
Julian Lam 7 years ago
parent 4293403451
commit 9e90d1ea5d
2 changed files with 25 additions and 9 deletions
Show Stats Download Patch File Download Diff File

5
src/privileges/posts.js
Unescape Escape View File

@ -32,6 +32,7 @@ module.exports = function (privileges) {
'topics:read': async.apply(helpers.isUserAllowedTo, 'topics:read', uid, cids),
read: async.apply(helpers.isUserAllowedTo, 'read', uid, cids),
'posts:edit': async.apply(helpers.isUserAllowedTo, 'posts:edit', uid, cids),
'posts:history': async.apply(helpers.isUserAllowedTo, 'posts:history', uid, cids),
'posts:view_deleted': async.apply(helpers.isUserAllowedTo, 'posts:view_deleted', uid, cids),
}, next);
},
@ -39,7 +40,8 @@ module.exports = function (privileges) {
var privileges = pids.map(function (pid, i) {
var isAdminOrMod = results.isAdmin || results.isModerator[i];
var editable = isAdminOrMod || (results.isOwner[i] && results['posts:edit'][i]);
var viewDeletedPosts = isAdminOrMod || (results.isOwner[i] && results['posts:view_deleted'][i]);
var viewDeletedPosts = isAdminOrMod || results.isOwner[i] || results['posts:view_deleted'][i];
var viewHistory = isAdminOrMod || results.isOwner[i] || results['posts:history'][i];
return {
editable: editable,
@ -48,6 +50,7 @@ module.exports = function (privileges) {
isAdminOrMod: isAdminOrMod,
'topics:read': results['topics:read'][i] || isAdminOrMod,
read: results.read[i] || isAdminOrMod,
'posts:history': viewHistory,
'posts:view_deleted': viewDeletedPosts,
};
});

29
src/socket.io/posts/diffs.js
Unescape Escape View File

@ -7,11 +7,7 @@ var privileges = require('../../privileges');
module.exports = function (SocketPosts) {
SocketPosts.getDiffs = function (socket, data, callback) {
async.waterfall([
function (next) {
privileges.posts.can('posts:history', data.pid, socket.uid, function (err, allowed) {
next(err || allowed ? null : new Error('[[error:no-privileges]]'));
});
},
async.apply(privilegeCheck, data.pid, socket.uid),
function (next) {
posts.diffs.list(data.pid, next);
},
@ -23,12 +19,29 @@ module.exports = function (SocketPosts) {
};
SocketPosts.showPostAt = function (socket, data, callback) {
privileges.posts.can('posts:history', data.pid, socket.uid, function (err, allowed) {
if (err || !allowed) {
return callback(err || new Error('[[error:no-privileges]]'));
privilegeCheck(data.pid, socket.uid, function (err) {
if (err) {
return callback(err);
}
posts.diffs.load(data.pid, data.since, socket.uid, callback);
});
};
function privilegeCheck(pid, uid, callback) {
async.parallel({
deleted: async.apply(posts.getPostField, pid, 'deleted'),
privileges: async.apply(privileges.posts.get, [pid], uid),
}, function (err, payload) {
if (err) {
return callback(err);
}
payload.deleted = parseInt(payload.deleted, 10);
payload.privileges = payload.privileges[0];
const allowed = payload.privileges['posts:history'] && (payload.deleted ? payload.privileges['posts:view_deleted'] : true);
callback(!allowed ? new Error('[[error:no-privileges]]') : null);
});
}
};

Write Preview
Loading…
Cancel
Save