From b7b44e13b167386ec0c705d571f92d05c7ec91ef Mon Sep 17 00:00:00 2001 From: barisusakli Date: Sat, 18 Apr 2015 16:34:32 -0400 Subject: [PATCH] added privileges.topics.filterUids if a topic is deleted and user doesn't have permissions/admin/mod dont send notifs --- src/privileges/topics.js | 47 ++++++++++++++++++++++++++++++++++++++-- src/sitemap.js | 2 +- src/topics.js | 2 +- src/topics/follow.js | 2 +- src/topics/popular.js | 2 +- src/topics/unread.js | 2 +- 6 files changed, 50 insertions(+), 7 deletions(-) diff --git a/src/privileges/topics.js b/src/privileges/topics.js index 174c078efc..c61764fe8e 100644 --- a/src/privileges/topics.js +++ b/src/privileges/topics.js @@ -67,7 +67,7 @@ module.exports = function(privileges) { }); }; - privileges.topics.filter = function(privilege, tids, uid, callback) { + privileges.topics.filterTids = function(privilege, tids, uid, callback) { if (!Array.isArray(tids) || !tids.length) { return callback(null, []); } @@ -98,7 +98,7 @@ module.exports = function(privileges) { } }, function(err, results) { if (err) { - return callback(err); + return next(err); } var isModOf = {}; cids = cids.filter(function(cid, index) { @@ -126,6 +126,49 @@ module.exports = function(privileges) { ], callback); }; + privileges.topics.filterUids = function(privilege, tid, uids, callback) { + if (!Array.isArray(uids) || !uids.length) { + return callback(null, []); + } + + uids = uids.filter(function(uid, index, array) { + return array.indexOf(uid) === index; + }); + + async.waterfall([ + function(next) { + topics.getTopicFields(tid, ['tid', 'cid', 'deleted'], next); + }, + function(topicData, next) { + async.parallel({ + disabled: function(next) { + categories.getCategoryField(topicData.cid, 'disabled', next); + }, + allowedTo: function(next) { + helpers.isUsersAllowedTo(privilege, uids, topicData.cid, next); + }, + isModerators: function(next) { + user.isModerator(uids, topicData.cid, next); + }, + isAdmins: function(next) { + user.isAdministrator(uids, next); + } + }, function(err, results) { + if (err) { + return next(err); + } + + uids = uids.filter(function(uid, index) { + return parseInt(results.disabled, 10) !== 1 && + ((results.allowedTo[index] && parseInt(topicData.deleted, 10) !== 1) || results.isAdmins[index] || results.isModerators[index]); + }); + + next(null, uids); + }); + } + ], callback); + }; + privileges.topics.canEdit = function(tid, uid, callback) { helpers.some([ function(next) { diff --git a/src/sitemap.js b/src/sitemap.js index aab7451a61..0c6d016e36 100644 --- a/src/sitemap.js +++ b/src/sitemap.js @@ -87,7 +87,7 @@ sitemap.getDynamicUrls = function(callback) { db.getSortedSetRevRange('topics:recent', 0, parseInt(meta.config.sitemapTopics, 10) || -1, next); }, function(tids, next) { - privileges.topics.filter('read', tids, 0, next); + privileges.topics.filterTids('read', tids, 0, next); }, function(tids, next) { topics.getTopicsFields(tids, ['tid', 'title', 'lastposttime'], next); diff --git a/src/topics.js b/src/topics.js index f4a1918397..c47b43bc45 100644 --- a/src/topics.js +++ b/src/topics.js @@ -129,7 +129,7 @@ var async = require('async'), Topics.getTopics = function(tids, uid, callback) { async.waterfall([ function(next) { - privileges.topics.filter('read', tids, uid, next); + privileges.topics.filterTids('read', tids, uid, next); }, function(tids, next) { Topics.getTopicsByTids(tids, uid, next); diff --git a/src/topics/follow.js b/src/topics/follow.js index 082a49f024..961873ea10 100644 --- a/src/topics/follow.js +++ b/src/topics/follow.js @@ -117,7 +117,7 @@ module.exports = function(Topics) { return callback(); } - privileges.categories.filterUids('read', postData.topic.cid, followers, next); + privileges.topics.filterUids('read', postData.topic.tid, followers, next); }, function(_followers, next) { followers = _followers; diff --git a/src/topics/popular.js b/src/topics/popular.js index a1149914fc..88d5a6819a 100644 --- a/src/topics/popular.js +++ b/src/topics/popular.js @@ -44,7 +44,7 @@ module.exports = function(Topics) { }).slice(0, count).map(function(topic) { return topic.tid; }); - privileges.topics.filter('read', tids, uid, next); + privileges.topics.filterTids('read', tids, uid, next); }, function(tids, next) { Topics.getTopicsByTids(tids, uid, next); diff --git a/src/topics/unread.js b/src/topics/unread.js index b9392d3eda..53f804f9fc 100644 --- a/src/topics/unread.js +++ b/src/topics/unread.js @@ -114,7 +114,7 @@ module.exports = function(Topics) { async.waterfall([ function(next) { - privileges.topics.filter('read', tids, uid, next); + privileges.topics.filterTids('read', tids, uid, next); }, function(tids, next) { Topics.getTopicsFields(tids, ['tid', 'cid'], next);