hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

closes #721, admins can edit other users from their edit page

Browse Source
v1.18.x
Baris Soner Usakli 11 years ago
parent 1861273d45
commit bb59158bbc
7 changed files with 217 additions and 143 deletions
Show Stats Download Patch File Download Diff File

12
public/src/forum/accountedit.js
Unescape Escape View File

@ -25,7 +25,14 @@ define(['forum/accountheader', 'uploader'], function(header, uploader) {
};
socket.emit('user.updateProfile', userData, function(err, data) {
if (data.success) {
if(err) {
return app.alertError(err.message);
}
if (!data || !data.success) {
return app.alertError('There was an error updating your profile! ' + err.message);
}
app.alertSuccess('Your profile has been updated successfully!');
if (data.picture) {
$('#user-current-picture').attr('src', data.picture);
@ -48,9 +55,6 @@ define(['forum/accountheader', 'uploader'], function(header, uploader) {
$('#user-profile-link').attr('href', config.relative_path + '/user/' + data.userslug);
$('#user-profile-link span').html(' ' + userData.username);
}
} else {
app.alertError('There was an error updating your profile! ' + err.message);
}
});
return false;
});

4
public/src/forum/accountheader.js
Unescape Escape View File

@ -45,6 +45,10 @@ define(function() {
settingsLink.hide();
favouritesLink.hide();
}
if(app.isAdmin) {
editLink.show();
}
}
function selectActivePill() {

143
src/routes/user.js
Unescape Escape View File

@ -77,23 +77,41 @@ var fs = require('fs'),
createRoute('/:userslug/favourites', '/favourites', 'favourites');
createRoute('/:userslug/posts', '/posts', 'accountposts');
app.get('/:userslug/edit', function (req, res) {
app.get('/:userslug/edit', function (req, res, next) {
if (!req.user) {
return res.redirect('/403');
}
console.log('epic fail', req.user);
user.getUserField(req.user.uid, 'userslug', function (err, userslug) {
if (req.params.userslug && userslug === req.params.userslug) {
function done() {
app.build_header({
req: req,
res: res
}, function (err, header) {
res.send(header + app.create_route('user/' + req.params.userslug + '/edit', 'accountedit') + templates['footer']);
});
} else {
return res.redirect('/404');
}
if(err || !userslug) {
return next(err);
}
if (userslug === req.params.userslug) {
return done();
}
user.isAdministrator(req.user.uid, function(err, isAdmin) {
if(err) {
return next(err);
}
if(!isAdmin) {
return res.redirect('/403');
}
done();
});
});
});
@ -221,10 +239,14 @@ var fs = require('fs'),
}
app.get('/api/user/:userslug/following', function (req, res) {
app.get('/api/user/:userslug/following', function (req, res, next) {
var callerUID = req.user ? req.user.uid : '0';
getUserDataByUserSlug(req.params.userslug, callerUID, function (userData) {
getUserDataByUserSlug(req.params.userslug, callerUID, function (err, userData) {
if(err) {
return next(err);
}
if (userData) {
user.getFollowing(userData.uid, function (followingData) {
userData.following = followingData;
@ -240,10 +262,14 @@ var fs = require('fs'),
});
});
app.get('/api/user/:userslug/followers', function (req, res) {
app.get('/api/user/:userslug/followers', function (req, res, next) {
var callerUID = req.user ? req.user.uid : '0';
getUserDataByUserSlug(req.params.userslug, callerUID, function (userData) {
getUserDataByUserSlug(req.params.userslug, callerUID, function (err, userData) {
if(err) {
return next(err);
}
if (userData) {
user.getFollowers(userData.uid, function (followersData) {
userData.followers = followersData;
@ -258,10 +284,19 @@ var fs = require('fs'),
});
});
app.get('/api/user/:userslug/edit', function (req, res) {
app.get('/api/user/:userslug/edit', function (req, res, next) {
var callerUID = req.user ? req.user.uid : '0';
getUserDataByUserSlug(req.params.userslug, callerUID, function (userData) {
if(!parseInt(callerUID, 10)) {
return res.json(403, {
error: 'Not allowed!'
});
}
getUserDataByUserSlug(req.params.userslug, callerUID, function (err, userData) {
if(err) {
return next(err);
}
res.json(userData);
});
});
@ -393,7 +428,11 @@ var fs = require('fs'),
app.get('/api/user/:userslug', function (req, res, next) {
var callerUID = req.user ? req.user.uid : '0';
getUserDataByUserSlug(req.params.userslug, callerUID, function (userData) {
getUserDataByUserSlug(req.params.userslug, callerUID, function (err, userData) {
if(err) {
return next(err);
}
if(!userData) {
return res.json(404, {
error: 'User not found!'
@ -534,62 +573,74 @@ var fs = require('fs'),
}
function getUserDataByUserSlug(userslug, callerUID, callback) {
user.getUidByUserslug(userslug, function (err, uid) {
var userData;
if (uid === null) {
callback(null);
return;
async.waterfall([
function(next) {
user.getUidByUserslug(userslug, next);
},
function(uid, next) {
if (!uid) {
return next(new Error('invalid-user'));
}
user.getUserData(uid, next);
},
function(data, next) {
userData = data;
if (!userData) {
return callback(new Error('invalid-user'));
}
user.isAdministrator(callerUID, next);
}
], function(err, isAdmin) {
if(err) {
return callback(err);
}
user.getUserData(uid, function (err, data) {
if (data) {
data.joindate = utils.toISOString(data.joindate);
if(data.lastonline) {
data.lastonline = utils.toISOString(data.lastonline);
userData.joindate = utils.toISOString(userData.joindate);
if(userData.lastonline) {
userData.lastonline = utils.toISOString(userData.lastonline);
} else {
data.lastonline = data.joindate;
userData.lastonline = userData.joindate;
}
if (!data.birthday) {
data.age = '';
if (!userData.birthday) {
userData.age = '';
} else {
data.age = Math.floor((new Date().getTime() - new Date(data.birthday).getTime()) / 31536000000);
userData.age = Math.floor((new Date().getTime() - new Date(userData.birthday).getTime()) / 31536000000);
}
function canSeeEmail() {
return callerUID == uid || (data.email && (data.showemail && parseInt(data.showemail, 10) === 1));
return isAdmin || callerUID == userData.uid || (userData.email && (userData.showemail && parseInt(userData.showemail, 10) === 1));
}
if (!canSeeEmail()) {
data.email = "";
userData.email = "";
}
if (callerUID == uid && (!data.showemail || parseInt(data.showemail, 10) === 0)) {
data.emailClass = "";
if (callerUID == userData.uid && (!userData.showemail || parseInt(userData.showemail, 10) === 0)) {
userData.emailClass = "";
} else {
data.emailClass = "hide";
userData.emailClass = "hide";
}
data.websiteName = data.website.replace('http://', '').replace('https://', '');
data.banned = parseInt(data.banned, 10) === 1;
data.uid = uid;
data.yourid = callerUID;
data.theirid = uid;
userData.websiteName = userData.website.replace('http://', '').replace('https://', '');
userData.banned = parseInt(userData.banned, 10) === 1;
userData.uid = userData.uid;
userData.yourid = callerUID;
userData.theirid = userData.uid;
data.disableSignatures = meta.config.disableSignatures !== undefined && parseInt(meta.config.disableSignatures, 10) === 1;
userData.disableSignatures = meta.config.disableSignatures !== undefined && parseInt(meta.config.disableSignatures, 10) === 1;
user.getFollowingCount(uid, function (followingCount) {
user.getFollowerCount(uid, function (followerCount) {
data.followingCount = followingCount;
data.followerCount = followerCount;
callback(data);
user.getFollowingCount(userData.uid, function (followingCount) {
user.getFollowerCount(userData.uid, function (followerCount) {
userData.followingCount = followingCount;
userData.followerCount = followerCount;
callback(null, userData);
});
});
} else {
callback(null);
}
});
});
}

16
src/socket.io/index.js
Unescape Escape View File

@ -84,14 +84,10 @@ Sockets.init = function(server) {
async.parallel({
username: function(next) {
user.getUserField(uid, 'username', function(err, username) {
next(err, username);
});
user.getUserField(uid, 'username', next);
},
isAdmin: function(next) {
user.isAdministrator(uid, function(err, isAdmin) {
next(err, isAdmin);
});
user.isAdministrator(uid, next);
}
}, function(err, userData) {
socket.emit('event:connect', {
@ -108,9 +104,13 @@ Sockets.init = function(server) {
});
} else {
socket.broadcast.emit('user.anonConnect');
socket.emit('event:connect', {
status: 1,
username: 'Anonymous',
isAdmin: false,
uid: 0
});
}
});
});

19
src/socket.io/user.js
Unescape Escape View File

@ -80,9 +80,24 @@ SocketUser.changePassword = function(socket, data, callback) {
};
SocketUser.updateProfile = function(socket, data, callback) {
if(data) {
user.updateProfile(socket.uid, data, callback);
if(!data || !data.uid) {
return callback(new Error('invalid-data'));
}
if(socket.uid === parseInt(data.uid, 10)) {
return user.updateProfile(socket.uid, data, callback);
}
user.isAdministrator(socket.uid, function(err, isAdmin) {
if(err) {
return callback(err);
}
if(!isAdmin) {
return callback(new Error('not allowed!'))
}
user.updateProfile(data.uid, data, callback);
});
};
SocketUser.changePicture = function(socket, data, callback) {

8
src/user.js
Unescape Escape View File

@ -301,7 +301,10 @@ var bcrypt = require('bcryptjs'),
});
function updateField(field, next) {
if (data[field] !== undefined && typeof data[field] === 'string') {
if (!(data[field] !== undefined && typeof data[field] === 'string')) {
return next();
}
data[field] = data[field].trim();
data[field] = sanitize(data[field]).escape();
@ -365,9 +368,6 @@ var bcrypt = require('bcryptjs'),
User.setUserField(uid, field, data[field]);
next();
} else {
next();
}
}
};

Write Preview
Loading…
Cancel
Save