hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add privilege for accessing user information (#7859)

Browse Source 
* Add view users info global privilege

* Show user ip only to global mods and admins

* fix missing comma

* Hide link for users without correct privilege

* move getting privilege information to getAllData

* Hide the link from Global Moderators as well

* Give Global Moderator view:users:info privilege

* Restrict ip in post menu to view:users:info

* add some trailing commas....

* Add privilege to categories test

* Add group privilege to categories test

* add upgrade script

* fix style for TravisCI

* more styling - change spaces to tabs

* some more styling fixes (hopefully final one)

* fix style for Travis CI

* hide ip in chat messages

* Don't show even hidden ips on user profile page
v1.18.x
Opliko 5 years ago committed by Barış Soner Uşaklı
parent 781b3f1a9a
commit b9583ed838
10 changed files with 69 additions and 8 deletions
Show Stats Download Patch File Download Diff File

2
public/language/en-GB/admin/manage/privileges.json
Unescape Escape View File

@ -16,7 +16,7 @@
"view-groups": "View Groups", "view-groups": "View Groups",
"allow-local-login": "Local Login", "allow-local-login": "Local Login",
"allow-group-creation": "Group Create", "allow-group-creation": "Group Create",
"view-users-info": "View Users Info",
"find-category": "Find Category", "find-category": "Find Category",
"access-category": "Access Category", "access-category": "Access Category",
"access-topics": "Access Topics", "access-topics": "Access Topics",

3
src/controllers/accounts/chats.js
Unescape Escape View File

@ -46,6 +46,9 @@ chatsController.get = async function (req, res, next) {
room.title = room.roomName || room.usernames || '[[pages:chats]]'; room.title = room.roomName || room.usernames || '[[pages:chats]]';
room.uid = uid; room.uid = uid;
room.userslug = req.params.userslug; room.userslug = req.params.userslug;
room.canViewInfo = await privileges.global.can('view:users:info', uid);
res.render('chats', room); res.render('chats', room);
}; };

13
src/controllers/accounts/helpers.js
Unescape Escape View File

@ -31,6 +31,7 @@ helpers.getUserDataByUserSlug = async function (userslug, callerUID) {
const isAdmin = results.isAdmin; const isAdmin = results.isAdmin;
const isGlobalModerator = results.isGlobalModerator; const isGlobalModerator = results.isGlobalModerator;
const isModerator = results.isModerator; const isModerator = results.isModerator;
const canViewInfo = results.canViewInfo;
const isSelf = parseInt(callerUID, 10) === parseInt(userData.uid, 10); const isSelf = parseInt(callerUID, 10) === parseInt(userData.uid, 10);
userData.age = Math.max(0, userData.birthday ? Math.floor((new Date().getTime() - new Date(userData.birthday).getTime()) / 31536000000) : 0); userData.age = Math.max(0, userData.birthday ? Math.floor((new Date().getTime() - new Date(userData.birthday).getTime()) / 31536000000) : 0);
@ -47,7 +48,7 @@ helpers.getUserDataByUserSlug = async function (userslug, callerUID) {
userData.fullname = ''; userData.fullname = '';
} }
if (isAdmin || isSelf || ((isGlobalModerator || isModerator) && !results.isTargetAdmin)) { if (isAdmin || isSelf || (canViewInfo && !results.isTargetAdmin)) {
userData.ips = results.ips; userData.ips = results.ips;
} }
@ -86,6 +87,7 @@ helpers.getUserDataByUserSlug = async function (userslug, callerUID) {
moderator: isModerator, moderator: isModerator,
globalMod: isGlobalModerator, globalMod: isGlobalModerator,
admin: isAdmin, admin: isAdmin,
canViewInfo: canViewInfo,
}); });
userData.sso = results.sso.associations; userData.sso = results.sso.associations;
@ -129,6 +131,7 @@ async function getAllData(uid, callerUID) {
canEdit: privileges.users.canEdit(callerUID, uid), canEdit: privileges.users.canEdit(callerUID, uid),
canBanUser: privileges.users.canBanUser(callerUID, uid), canBanUser: privileges.users.canBanUser(callerUID, uid),
isBlocked: user.blocks.is(uid, callerUID), isBlocked: user.blocks.is(uid, callerUID),
canViewInfo: privileges.global.can('view:users:info', callerUID),
}); });
} }
@ -140,9 +143,10 @@ async function getProfileMenu(uid, callerUID) {
visibility: { visibility: {
self: false, self: false,
other: false, other: false,
moderator: true, moderator: false,
globalMod: true, globalMod: false,
admin: true, admin: true,
canViewInfo: true,
}, },
}, { }, {
id: 'sessions', id: 'sessions',
@ -154,6 +158,7 @@ async function getProfileMenu(uid, callerUID) {
moderator: false, moderator: false,
globalMod: false, globalMod: false,
admin: false, admin: false,
canViewInfo: false,
}, },
}]; }];
@ -168,6 +173,7 @@ async function getProfileMenu(uid, callerUID) {
moderator: false, moderator: false,
globalMod: false, globalMod: false,
admin: false, admin: false,
canViewInfo: false,
}, },
}); });
} }
@ -202,6 +208,7 @@ function filterLinks(links, states) {
moderator: true, moderator: true,
globalMod: true, globalMod: true,
admin: true, admin: true,
canViewInfo: true,
...link.visibility }; ...link.visibility };
var permit = Object.keys(states).some(function (state) { var permit = Object.keys(states).some(function (state) {

2
src/install.js
Unescape Escape View File

@ -411,7 +411,7 @@ function giveGlobalPrivileges(next) {
privileges.global.give(defaultPrivileges, 'registered-users', next); privileges.global.give(defaultPrivileges, 'registered-users', next);
}, },
function (next) { function (next) {
privileges.global.give(defaultPrivileges.concat(['ban', 'upload:post:file']), 'Global Moderators', next); privileges.global.give(defaultPrivileges.concat(['ban', 'upload:post:file', 'view:users:info']), 'Global Moderators', next);
}, },
function (next) { function (next) {
privileges.global.give(['view:users', 'view:tags', 'view:groups'], 'guests', next); privileges.global.give(['view:users', 'view:tags', 'view:groups'], 'guests', next);

2
src/middleware/user.js
Unescape Escape View File

@ -132,7 +132,7 @@ module.exports = function (middleware) {
// For the account/info page only, allow plain moderators through // For the account/info page only, allow plain moderators through
if (/user\/.+\/info$/.test(req.path)) { if (/user\/.+\/info$/.test(req.path)) {
user.isModeratorOfAnyCategory(req.uid, next); privileges.global.can('view:users:info', req.uid, next);
} else { } else {
next(null, false); next(null, false);
} }

3
src/privileges/global.js
Unescape Escape View File

@ -26,6 +26,7 @@ module.exports = function (privileges) {
{ name: '[[admin/manage/privileges:view-groups]]' }, { name: '[[admin/manage/privileges:view-groups]]' },
{ name: '[[admin/manage/privileges:allow-local-login]]' }, { name: '[[admin/manage/privileges:allow-local-login]]' },
{ name: '[[admin/manage/privileges:allow-group-creation]]' }, { name: '[[admin/manage/privileges:allow-group-creation]]' },
{ name: '[[admin/manage/privileges:view-users-info]]' },
]; ];
privileges.global.userPrivilegeList = [ privileges.global.userPrivilegeList = [
@ -42,6 +43,7 @@ module.exports = function (privileges) {
'view:groups', 'view:groups',
'local:login', 'local:login',
'group:create', 'group:create',
'view:users:info',
]; ];
privileges.global.groupPrivilegeList = privileges.global.userPrivilegeList.map(privilege => 'groups:' + privilege); privileges.global.groupPrivilegeList = privileges.global.userPrivilegeList.map(privilege => 'groups:' + privilege);
@ -81,6 +83,7 @@ module.exports = function (privileges) {
'view:users': privData['view:users'] || isAdministrator, 'view:users': privData['view:users'] || isAdministrator,
'view:tags': privData['view:tags'] || isAdministrator, 'view:tags': privData['view:tags'] || isAdministrator,
'view:groups': privData['view:groups'] || isAdministrator, 'view:groups': privData['view:groups'] || isAdministrator,
'view:users:info': privData['view:users:info'] || isAdministrator,
}); });
}; };

2
src/socket.io/modules.js
Unescape Escape View File

@ -280,7 +280,7 @@ SocketModules.chats.getMessages = async function (socket, data) {
}; };
SocketModules.chats.getIP = async function (socket, mid) { SocketModules.chats.getIP = async function (socket, mid) {
const allowed = await user.isAdminOrGlobalMod(socket.uid); const allowed = await privileges.global.can('view:users:info', socket.uid);
if (!allowed) { if (!allowed) {
throw new Error('[[error:no-privilege]]'); throw new Error('[[error:no-privilege]]');
} }

3
src/socket.io/posts/tools.js
Unescape Escape View File

@ -31,6 +31,7 @@ module.exports = function (SocketPosts) {
tools: plugins.fireHook('filter:post.tools', { pid: data.pid, uid: socket.uid, tools: [] }), tools: plugins.fireHook('filter:post.tools', { pid: data.pid, uid: socket.uid, tools: [] }),
postSharing: social.getActivePostSharing(), postSharing: social.getActivePostSharing(),
history: posts.diffs.exists(data.pid), history: posts.diffs.exists(data.pid),
canViewInfo: privileges.global.can('view:users:info', socket.uid),
}); });
const postData = results.posts; const postData = results.posts;
@ -48,7 +49,7 @@ module.exports = function (SocketPosts) {
postData.display_history = results.history; postData.display_history = results.history;
postData.toolsVisible = postData.tools.length || postData.display_moderator_tools; postData.toolsVisible = postData.tools.length || postData.display_moderator_tools;
if (!results.isAdmin && !results.isGlobalMod && !results.isModerator) { if (!results.isAdmin && !results.canViewInfo) {
postData.ip = undefined; postData.ip = undefined;
} }
return results; return results;

45
src/upgrades/1.12.3/give_mod_info_privilege.js
Unescape Escape View File

@ -0,0 +1,45 @@
'use strict';
var async = require('async');
var db = require('../../database');
var privileges = require('../../privileges');
var groups = require('../../groups');
module.exports = {
name: 'give mod info privilege',
timestamp: Date.UTC(2019, 9, 8),
method: function (callback) {
async.waterfall([
function (next) {
db.getSortedSetRevRange('categories:cid', 0, -1, next);
},
function (cids, next) {
async.eachSeries(cids, function (cid, next) {
async.waterfall([
function (next) {
givePrivsToModerators(cid, '', next);
},
function (next) {
givePrivsToModerators(cid, 'groups:', next);
},
], next);
}, next);
},
function (next) {
privileges.global.give(['view:users:info'], 'Global Moderators', next);
},
], callback);
function givePrivsToModerators(cid, groupPrefix, callback) {
async.waterfall([
function (next) {
db.getSortedSetRevRange('group:cid:' + cid + ':privileges:' + groupPrefix + 'moderate:members', 0, -1, next);
},
function (members, next) {
async.eachSeries(members, function (member, next) {
groups.join(['cid:0:privileges:view:users:info'], member, next);
}, next);
},
], callback);
}
},
};

2
test/categories.js
Unescape Escape View File

@ -767,6 +767,7 @@ describe('Categories', function () {
'search:content': false, 'search:content': false,
'search:users': false, 'search:users': false,
'search:tags': false, 'search:tags': false,
'view:users:info': false,
'upload:post:image': false, 'upload:post:image': false,
'upload:post:file': false, 'upload:post:file': false,
signature: false, signature: false,
@ -816,6 +817,7 @@ describe('Categories', function () {
'groups:search:users': true, 'groups:search:users': true,
'groups:search:tags': true, 'groups:search:tags': true,
'groups:view:users': true, 'groups:view:users': true,
'groups:view:users:info': false,
'groups:view:tags': true, 'groups:view:tags': true,
'groups:view:groups': true, 'groups:view:groups': true,
'groups:upload:post:image': true, 'groups:upload:post:image': true,

Write Preview
Loading…
Cancel
Save