hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/NodeBB/NodeBB

Browse Source
v1.18.x
Barış Soner Uşaklı 4 years ago
parent 081c4fa6d4 960e925e40
commit bbbd9fee85
5 changed files with 104 additions and 132 deletions
Show Stats Download Patch File Download Diff File

92
src/api/users.js
Unescape Escape View File

@ -1,8 +1,12 @@
'use strict';
const user = require('../user');
const groups = require('../groups');
const meta = require('../meta');
const flags = require('../flags');
const privileges = require('../privileges');
const notifications = require('../notifications');
const plugins = require('../plugins');
const events = require('../events');
const usersAPI = module.exports;
@ -60,3 +64,91 @@ usersAPI.update = async function (caller, data) {
await log('username-change', { oldUsername: oldUserData.username, newUsername: userData.username });
}
};
usersAPI.delete = async function (caller, data) {
processDeletion(data.uid, caller);
};
usersAPI.deleteMany = async function (caller, data) {
console.log(data.uids);
if (await canDeleteUids(data.uids)) {
await Promise.all(data.uids.map(uid => processDeletion(uid, caller)));
}
};
usersAPI.changePassword = async function (caller, data) {
await user.changePassword(caller.uid, Object.assign(data, { ip: caller.ip }));
await events.log({
type: 'password-change',
uid: caller.uid,
targetUid: data.uid,
ip: caller.ip,
});
};
usersAPI.follow = async function (caller, data) {
await user.follow(caller.uid, data.uid);
plugins.fireHook('action:user.follow', {
fromUid: caller.uid,
toUid: data.uid,
});
const userData = await user.getUserFields(caller.uid, ['username', 'userslug']);
const notifObj = await notifications.create({
type: 'follow',
bodyShort: '[[notifications:user_started_following_you, ' + userData.username + ']]',
nid: 'follow:' + data.uid + ':uid:' + caller.uid,
from: caller.uid,
path: '/uid/' + data.uid + '/followers',
mergeId: 'notifications:user_started_following_you',
});
if (!notifObj) {
return;
}
notifObj.user = userData;
await notifications.push(notifObj, [data.uid]);
};
usersAPI.unfollow = async function (caller, data) {
await user.unfollow(caller.uid, data.uid);
plugins.fireHook('action:user.unfollow', {
fromUid: caller.uid,
toUid: data.uid,
});
};
async function processDeletion(uid, caller) {
const isTargetAdmin = await user.isAdministrator(uid);
const isSelf = parseInt(uid, 10) === caller.uid;
const isAdmin = await user.isAdministrator(caller.uid);
if (!isSelf && !isAdmin) {
throw new Error('[[error:no-privileges]]');
} else if (!isSelf && isTargetAdmin) {
throw new Error('[[error:cant-delete-other-admins]]');
}
// TODO: clear user tokens for this uid
await flags.resolveFlag('user', uid, caller.uid);
const userData = await user.delete(caller.uid, uid);
await events.log({
type: 'user-delete',
uid: caller.uid,
targetUid: uid,
ip: caller.ip,
username: userData.username,
email: userData.email,
});
}
async function canDeleteUids(uids) {
if (!Array.isArray(uids)) {
throw new Error('[[error:invalid-data]]');
}
const isMembers = await groups.isMembers(uids, 'administrators');
if (isMembers.includes(true)) {
throw new Error('[[error:cant-delete-other-admins]]');
}
return true;
}

85
src/controllers/write/users.js
Unescape Escape View File

@ -2,10 +2,8 @@
const api = require('../../api');
const user = require('../../user');
const groups = require('../../groups');
const plugins = require('../../plugins');
const privileges = require('../../privileges');
const notifications = require('../../notifications');
const flags = require('../../flags');
const meta = require('../../meta');
const events = require('../../events');
@ -24,101 +22,32 @@ Users.create = async (req, res) => {
};
Users.update = async (req, res) => {
const userObj = await api.users.update(req, { ...req.body, ...req.params });
const userObj = await api.users.update(req, { ...req.body, uid: req.params.uid });
helpers.formatApiResponse(200, res, userObj);
};
Users.delete = async (req, res) => {
processDeletion(req.params.uid, req, res);
await api.users.delete(req, req.params);
helpers.formatApiResponse(200, res);
};
Users.deleteMany = async (req, res) => {
if (await canDeleteUids(req.body.uids, res)) {
await Promise.all(req.body.uids.map(uid => processDeletion(uid, req, res)));
helpers.formatApiResponse(200, res);
}
await api.users.deleteMany(req, req.body);
helpers.formatApiResponse(200, res);
};
async function canDeleteUids(uids, res) {
if (!Array.isArray(uids)) {
helpers.formatApiResponse(400, res, new Error('[[error:invalid-data]]'));
return false;
}
const isMembers = await groups.isMembers(uids, 'administrators');
if (isMembers.includes(true)) {
helpers.formatApiResponse(403, res, new Error('[[error:cant-delete-other-admins]]'));
return false;
}
return true;
}
async function processDeletion(uid, req, res) {
const isTargetAdmin = await user.isAdministrator(uid);
if (!res.locals.privileges.isSelf && !res.locals.privileges.isAdmin) {
return helpers.formatApiResponse(403, res);
} else if (!res.locals.privileges.isSelf && isTargetAdmin) {
return helpers.formatApiResponse(403, res, new Error('[[error:cant-delete-other-admins]]'));
}
// TODO: clear user tokens for this uid
await flags.resolveFlag('user', uid, req.user.uid);
const userData = await user.delete(req.user.uid, uid);
await events.log({
type: 'user-delete',
uid: req.user.uid,
targetUid: uid,
ip: req.ip,
username: userData.username,
email: userData.email,
});
}
Users.changePassword = async (req, res) => {
req.body.uid = req.params.uid;
await user.changePassword(req.user.uid, Object.assign(req.body, { ip: req.ip }));
await events.log({
type: 'password-change',
uid: req.user.uid,
targetUid: req.params.uid,
ip: req.ip,
});
await api.users.changePassword(req, { ...req.body, uid: req.params.uid });
helpers.formatApiResponse(200, res);
};
Users.follow = async (req, res) => {
await user.follow(req.user.uid, req.params.uid);
plugins.fireHook('action:user.follow', {
fromUid: req.user.uid,
toUid: req.params.uid,
});
const userData = await user.getUserFields(req.user.uid, ['username', 'userslug']);
const notifObj = await notifications.create({
type: 'follow',
bodyShort: '[[notifications:user_started_following_you, ' + userData.username + ']]',
nid: 'follow:' + req.params.uid + ':uid:' + req.user.uid,
from: req.user.uid,
path: '/uid/' + req.params.uid + '/followers',
mergeId: 'notifications:user_started_following_you',
});
if (!notifObj) {
return;
}
notifObj.user = userData;
await notifications.push(notifObj, [req.params.uid]);
await api.users.follow(req, req.params);
helpers.formatApiResponse(200, res);
};
Users.unfollow = async (req, res) => {
await user.unfollow(req.user.uid, req.params.uid);
plugins.fireHook('action:user.unfollow', {
fromUid: req.user.uid,
toUid: req.params.uid,
});
await api.users.unfollow(req, req.params);
helpers.formatApiResponse(200, res);
};

6
src/socket.io/admin/user.js
Unescape Escape View File

@ -140,11 +140,7 @@ User.deleteUsersContent = async function (socket, uids) {
User.deleteUsersAndContent = async function (socket, uids) {
sockets.warnDeprecated(socket, 'DELETE /api/v3/users or DELETE /api/v3/users/:uid');
await canDeleteUids(uids);
deleteUsers(socket, uids, async function (uid) {
return await user.delete(socket.uid, uid);
});
await api.users.deleteMany(socket, { uids });
};
async function canDeleteUids(uids) {

37
src/socket.io/user.js
Unescape Escape View File

@ -5,9 +5,9 @@ const async = require('async');
const util = require('util');
const sleep = util.promisify(setTimeout);
const api = require('../api');
const user = require('../user');
const topics = require('../topics');
const notifications = require('../notifications');
const messaging = require('../messaging');
const plugins = require('../plugins');
const meta = require('../meta');
@ -159,45 +159,14 @@ SocketUser.isFollowing = async function (socket, data) {
SocketUser.follow = async function (socket, data) {
sockets.warnDeprecated(socket, 'POST /api/v3/users/follow');
if (!socket.uid || !data) {
throw new Error('[[error:invalid-data]]');
}
await toggleFollow('follow', socket.uid, data.uid);
const userData = await user.getUserFields(socket.uid, ['username', 'userslug']);
const notifObj = await notifications.create({
type: 'follow',
bodyShort: '[[notifications:user_started_following_you, ' + userData.username + ']]',
nid: 'follow:' + data.uid + ':uid:' + socket.uid,
from: socket.uid,
path: '/uid/' + data.uid + '/followers',
mergeId: 'notifications:user_started_following_you',
});
if (!notifObj) {
return;
}
notifObj.user = userData;
await notifications.push(notifObj, [data.uid]);
await api.users.follow(socket, data);
};
SocketUser.unfollow = async function (socket, data) {
sockets.warnDeprecated(socket, 'DELETE /api/v3/users/unfollow');
if (!socket.uid || !data) {
throw new Error('[[error:invalid-data]]');
}
await toggleFollow('unfollow', socket.uid, data.uid);
await api.users.unfollow(socket, data);
};
async function toggleFollow(method, uid, theiruid) {
await user[method](uid, theiruid);
plugins.fireHook('action:user.' + method, {
fromUid: uid,
toUid: theiruid,
});
}
SocketUser.saveSettings = async function (socket, data) {
if (!socket.uid || !data || !data.settings) {
throw new Error('[[error:invalid-data]]');

16
src/socket.io/user/profile.js
Unescape Escape View File

@ -78,21 +78,7 @@ module.exports = function (SocketUser) {
SocketUser.changePassword = async function (socket, data) {
sockets.warnDeprecated(socket, 'PUT /api/v3/users/:uid/password');
if (!socket.uid) {
throw new Error('[[error:invalid-uid]]');
}
if (!data || !data.uid) {
throw new Error('[[error:invalid-data]]');
}
await user.changePassword(socket.uid, Object.assign(data, { ip: socket.ip }));
await events.log({
type: 'password-change',
uid: socket.uid,
targetUid: data.uid,
ip: socket.ip,
});
await api.users.changePassword(socket, data);
};
SocketUser.updateProfile = async function (socket, data) {

Write Preview
Loading…
Cancel
Save