hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

closes #721, admins can edit other users from their edit page

Browse Source
v1.18.x
Baris Soner Usakli 11 years ago
parent 1861273d45
commit bb59158bbc
7 changed files with 217 additions and 143 deletions
Show Stats Download Patch File Download Diff File

12
public/src/forum/accountedit.js
Unescape Escape View File

@ -25,7 +25,14 @@ define(['forum/accountheader', 'uploader'], function(header, uploader) {
}; };
socket.emit('user.updateProfile', userData, function(err, data) { socket.emit('user.updateProfile', userData, function(err, data) {
if (data.success) { if(err) {
return app.alertError(err.message);
}
if (!data || !data.success) {
return app.alertError('There was an error updating your profile! ' + err.message);
}
app.alertSuccess('Your profile has been updated successfully!'); app.alertSuccess('Your profile has been updated successfully!');
if (data.picture) { if (data.picture) {
$('#user-current-picture').attr('src', data.picture); $('#user-current-picture').attr('src', data.picture);
@ -48,9 +55,6 @@ define(['forum/accountheader', 'uploader'], function(header, uploader) {
$('#user-profile-link').attr('href', config.relative_path + '/user/' + data.userslug); $('#user-profile-link').attr('href', config.relative_path + '/user/' + data.userslug);
$('#user-profile-link span').html(' ' + userData.username); $('#user-profile-link span').html(' ' + userData.username);
} }
} else {
app.alertError('There was an error updating your profile! ' + err.message);
}
}); });
return false; return false;
}); });

4
public/src/forum/accountheader.js
Unescape Escape View File

@ -45,6 +45,10 @@ define(function() {
settingsLink.hide(); settingsLink.hide();
favouritesLink.hide(); favouritesLink.hide();
} }
if(app.isAdmin) {
editLink.show();
}
} }
function selectActivePill() { function selectActivePill() {

143
src/routes/user.js
Unescape Escape View File

@ -77,23 +77,41 @@ var fs = require('fs'),
createRoute('/:userslug/favourites', '/favourites', 'favourites'); createRoute('/:userslug/favourites', '/favourites', 'favourites');
createRoute('/:userslug/posts', '/posts', 'accountposts'); createRoute('/:userslug/posts', '/posts', 'accountposts');
app.get('/:userslug/edit', function (req, res) { app.get('/:userslug/edit', function (req, res, next) {
if (!req.user) { if (!req.user) {
return res.redirect('/403'); return res.redirect('/403');
} }
console.log('epic fail', req.user);
user.getUserField(req.user.uid, 'userslug', function (err, userslug) { user.getUserField(req.user.uid, 'userslug', function (err, userslug) {
if (req.params.userslug && userslug === req.params.userslug) { function done() {
app.build_header({ app.build_header({
req: req, req: req,
res: res res: res
}, function (err, header) { }, function (err, header) {
res.send(header + app.create_route('user/' + req.params.userslug + '/edit', 'accountedit') + templates['footer']); res.send(header + app.create_route('user/' + req.params.userslug + '/edit', 'accountedit') + templates['footer']);
}); });
} else {
return res.redirect('/404');
} }
if(err || !userslug) {
return next(err);
}
if (userslug === req.params.userslug) {
return done();
}
user.isAdministrator(req.user.uid, function(err, isAdmin) {
if(err) {
return next(err);
}
if(!isAdmin) {
return res.redirect('/403');
}
done();
});
}); });
}); });
@ -221,10 +239,14 @@ var fs = require('fs'),
} }
app.get('/api/user/:userslug/following', function (req, res) { app.get('/api/user/:userslug/following', function (req, res, next) {
var callerUID = req.user ? req.user.uid : '0'; var callerUID = req.user ? req.user.uid : '0';
getUserDataByUserSlug(req.params.userslug, callerUID, function (userData) { getUserDataByUserSlug(req.params.userslug, callerUID, function (err, userData) {
if(err) {
return next(err);
}
if (userData) { if (userData) {
user.getFollowing(userData.uid, function (followingData) { user.getFollowing(userData.uid, function (followingData) {
userData.following = followingData; userData.following = followingData;
@ -240,10 +262,14 @@ var fs = require('fs'),
}); });
}); });
app.get('/api/user/:userslug/followers', function (req, res) { app.get('/api/user/:userslug/followers', function (req, res, next) {
var callerUID = req.user ? req.user.uid : '0'; var callerUID = req.user ? req.user.uid : '0';
getUserDataByUserSlug(req.params.userslug, callerUID, function (userData) { getUserDataByUserSlug(req.params.userslug, callerUID, function (err, userData) {
if(err) {
return next(err);
}
if (userData) { if (userData) {
user.getFollowers(userData.uid, function (followersData) { user.getFollowers(userData.uid, function (followersData) {
userData.followers = followersData; userData.followers = followersData;
@ -258,10 +284,19 @@ var fs = require('fs'),
}); });
}); });
app.get('/api/user/:userslug/edit', function (req, res) { app.get('/api/user/:userslug/edit', function (req, res, next) {
var callerUID = req.user ? req.user.uid : '0'; var callerUID = req.user ? req.user.uid : '0';
getUserDataByUserSlug(req.params.userslug, callerUID, function (userData) { if(!parseInt(callerUID, 10)) {
return res.json(403, {
error: 'Not allowed!'
});
}
getUserDataByUserSlug(req.params.userslug, callerUID, function (err, userData) {
if(err) {
return next(err);
}
res.json(userData); res.json(userData);
}); });
}); });
@ -393,7 +428,11 @@ var fs = require('fs'),
app.get('/api/user/:userslug', function (req, res, next) { app.get('/api/user/:userslug', function (req, res, next) {
var callerUID = req.user ? req.user.uid : '0'; var callerUID = req.user ? req.user.uid : '0';
getUserDataByUserSlug(req.params.userslug, callerUID, function (userData) { getUserDataByUserSlug(req.params.userslug, callerUID, function (err, userData) {
if(err) {
return next(err);
}
if(!userData) { if(!userData) {
return res.json(404, { return res.json(404, {
error: 'User not found!' error: 'User not found!'
@ -534,62 +573,74 @@ var fs = require('fs'),
} }
function getUserDataByUserSlug(userslug, callerUID, callback) { function getUserDataByUserSlug(userslug, callerUID, callback) {
user.getUidByUserslug(userslug, function (err, uid) { var userData;
if (uid === null) { async.waterfall([
callback(null); function(next) {
return; user.getUidByUserslug(userslug, next);
},
function(uid, next) {
if (!uid) {
return next(new Error('invalid-user'));
}
user.getUserData(uid, next);
},
function(data, next) {
userData = data;
if (!userData) {
return callback(new Error('invalid-user'));
}
user.isAdministrator(callerUID, next);
}
], function(err, isAdmin) {
if(err) {
return callback(err);
} }
user.getUserData(uid, function (err, data) { userData.joindate = utils.toISOString(userData.joindate);
if (data) { if(userData.lastonline) {
data.joindate = utils.toISOString(data.joindate); userData.lastonline = utils.toISOString(userData.lastonline);
if(data.lastonline) {
data.lastonline = utils.toISOString(data.lastonline);
} else { } else {
data.lastonline = data.joindate; userData.lastonline = userData.joindate;
} }
if (!data.birthday) { if (!userData.birthday) {
data.age = ''; userData.age = '';
} else { } else {
data.age = Math.floor((new Date().getTime() - new Date(data.birthday).getTime()) / 31536000000); userData.age = Math.floor((new Date().getTime() - new Date(userData.birthday).getTime()) / 31536000000);
} }
function canSeeEmail() { function canSeeEmail() {
return callerUID == uid || (data.email && (data.showemail && parseInt(data.showemail, 10) === 1)); return isAdmin || callerUID == userData.uid || (userData.email && (userData.showemail && parseInt(userData.showemail, 10) === 1));
} }
if (!canSeeEmail()) { if (!canSeeEmail()) {
data.email = ""; userData.email = "";
} }
if (callerUID == uid && (!data.showemail || parseInt(data.showemail, 10) === 0)) { if (callerUID == userData.uid && (!userData.showemail || parseInt(userData.showemail, 10) === 0)) {
data.emailClass = ""; userData.emailClass = "";
} else { } else {
data.emailClass = "hide"; userData.emailClass = "hide";
} }
data.websiteName = data.website.replace('http://', '').replace('https://', ''); userData.websiteName = userData.website.replace('http://', '').replace('https://', '');
data.banned = parseInt(data.banned, 10) === 1; userData.banned = parseInt(userData.banned, 10) === 1;
data.uid = uid; userData.uid = userData.uid;
data.yourid = callerUID; userData.yourid = callerUID;
data.theirid = uid; userData.theirid = userData.uid;
data.disableSignatures = meta.config.disableSignatures !== undefined && parseInt(meta.config.disableSignatures, 10) === 1; userData.disableSignatures = meta.config.disableSignatures !== undefined && parseInt(meta.config.disableSignatures, 10) === 1;
user.getFollowingCount(uid, function (followingCount) { user.getFollowingCount(userData.uid, function (followingCount) {
user.getFollowerCount(uid, function (followerCount) { user.getFollowerCount(userData.uid, function (followerCount) {
data.followingCount = followingCount; userData.followingCount = followingCount;
data.followerCount = followerCount; userData.followerCount = followerCount;
callback(data); callback(null, userData);
}); });
}); });
} else {
callback(null);
}
});
}); });
} }

16
src/socket.io/index.js
Unescape Escape View File

@ -84,14 +84,10 @@ Sockets.init = function(server) {
async.parallel({ async.parallel({
username: function(next) { username: function(next) {
user.getUserField(uid, 'username', function(err, username) { user.getUserField(uid, 'username', next);
next(err, username);
});
}, },
isAdmin: function(next) { isAdmin: function(next) {
user.isAdministrator(uid, function(err, isAdmin) { user.isAdministrator(uid, next);
next(err, isAdmin);
});
} }
}, function(err, userData) { }, function(err, userData) {
socket.emit('event:connect', { socket.emit('event:connect', {
@ -108,9 +104,13 @@ Sockets.init = function(server) {
}); });
} else { } else {
socket.broadcast.emit('user.anonConnect'); socket.broadcast.emit('user.anonConnect');
socket.emit('event:connect', {
status: 1,
username: 'Anonymous',
isAdmin: false,
uid: 0
});
} }
}); });
}); });

19
src/socket.io/user.js
Unescape Escape View File

@ -80,9 +80,24 @@ SocketUser.changePassword = function(socket, data, callback) {
}; };
SocketUser.updateProfile = function(socket, data, callback) { SocketUser.updateProfile = function(socket, data, callback) {
if(data) { if(!data || !data.uid) {
user.updateProfile(socket.uid, data, callback); return callback(new Error('invalid-data'));
}
if(socket.uid === parseInt(data.uid, 10)) {
return user.updateProfile(socket.uid, data, callback);
} }
user.isAdministrator(socket.uid, function(err, isAdmin) {
if(err) {
return callback(err);
}
if(!isAdmin) {
return callback(new Error('not allowed!'))
}
user.updateProfile(data.uid, data, callback);
});
}; };
SocketUser.changePicture = function(socket, data, callback) { SocketUser.changePicture = function(socket, data, callback) {

8
src/user.js
Unescape Escape View File

@ -301,7 +301,10 @@ var bcrypt = require('bcryptjs'),
}); });
function updateField(field, next) { function updateField(field, next) {
if (data[field] !== undefined && typeof data[field] === 'string') { if (!(data[field] !== undefined && typeof data[field] === 'string')) {
return next();
}
data[field] = data[field].trim(); data[field] = data[field].trim();
data[field] = sanitize(data[field]).escape(); data[field] = sanitize(data[field]).escape();
@ -365,9 +368,6 @@ var bcrypt = require('bcryptjs'),
User.setUserField(uid, field, data[field]); User.setUserField(uid, field, data[field]);
next(); next();
} else {
next();
}
} }
}; };

Write Preview
Loading…
Cancel
Save