From cfc67d4e901058ca6794f6a414a6bfe5d379d49e Mon Sep 17 00:00:00 2001
From: barisusakli <barisusakli@gmail.com>
Date: Wed, 30 Jul 2014 15:14:04 -0400
Subject: [PATCH] closes #1924

---
 src/controllers/categories.js | 16 +++++++---------
 src/controllers/groups.js     |  2 +-
 src/controllers/index.js      |  2 +-
 src/controllers/topics.js     |  8 ++------
 src/middleware/middleware.js  | 12 ++----------
 src/privileges/topics.js      |  9 +++++++--
 src/routes/feeds.js           |  6 +++---
 src/routes/index.js           |  2 +-
 8 files changed, 24 insertions(+), 33 deletions(-)

diff --git a/src/controllers/categories.js b/src/controllers/categories.js
index 19e5165c3f..dffe49bcbc 100644
--- a/src/controllers/categories.js
+++ b/src/controllers/categories.js
@@ -70,11 +70,13 @@ categoriesController.get = function(req, res, next) {
 
 	async.waterfall([
 		function(next) {
-			categories.getCategoryField(cid, 'disabled', function(err, disabled) {
-				next(disabled === '1' ? new Error('category-disabled') : undefined);
-			});
+			categories.getCategoryField(cid, 'disabled', next);
 		},
-		function(next) {
+		function(disabled, next) {
+			if (parseInt(disabled, 10) === 1) {
+				return next(new Error('category-disabled'));
+			}
+
 			privileges.categories.get(cid, uid, function(err, categoryPrivileges) {
 				if (err) {
 					return next(err);
@@ -163,11 +165,7 @@ categoriesController.get = function(req, res, next) {
 		}
 	], function (err, data) {
 		if (err) {
-			if (err.message === '[[error:no-privileges]]') {
-				return res.locals.isAPI ? res.json(403, err.message) : res.redirect('403');
-			} else {
-				return res.locals.isAPI ? res.json(404, 'not-found') : res.redirect('404');
-			}
+			return res.locals.isAPI ? res.json(404, 'not-found') : res.redirect(nconf.get('relative_path') + '/404');
 		}
 
 		if (data.link) {
diff --git a/src/controllers/groups.js b/src/controllers/groups.js
index 8a27e10041..f96f460eaf 100644
--- a/src/controllers/groups.js
+++ b/src/controllers/groups.js
@@ -30,7 +30,7 @@ groupsController.details = function(req, res) {
 		if (!err) {
 			res.render('groups/details', results);
 		} else {
-			res.redirect('404');
+			res.redirect(nconf.get('relative_path') + '/404')
 		}
 	});
 };
diff --git a/src/controllers/index.js b/src/controllers/index.js
index fedb988a8d..ccea529f5b 100644
--- a/src/controllers/index.js
+++ b/src/controllers/index.js
@@ -188,7 +188,7 @@ Controllers.confirmEmail = function(req, res, next) {
 
 Controllers.sitemap = function(req, res, next) {
 	if (meta.config['feeds:disableSitemap'] === '1') {
-		return res.redirect('404');
+		return res.redirect(nconf.get('relative_path') + '/404')
 	}
 
 	var sitemap = require('../sitemap.js');
diff --git a/src/controllers/topics.js b/src/controllers/topics.js
index 3850f071d9..0b20eb7af6 100644
--- a/src/controllers/topics.js
+++ b/src/controllers/topics.js
@@ -24,7 +24,7 @@ topicsController.get = function(req, res, next) {
 			privileges.topics.get(tid, uid, next);
 		},
 		function (privileges, next) {
-			if (!privileges.read) {
+			if (!privileges.read || privileges.disabled) {
 				return next(new Error('[[error:no-privileges]]'));
 			}
 
@@ -164,11 +164,7 @@ topicsController.get = function(req, res, next) {
 		}
 	], function (err, data) {
 		if (err) {
-			if (err.message === '[[error:no-privileges]]') {
-				return res.locals.isAPI ? res.json(403, err.message) : res.redirect('403');
-			} else {
-				return res.locals.isAPI ? res.json(404, 'not-found') : res.redirect('404');
-			}
+			return res.locals.isAPI ? res.json(404, 'not-found') : res.redirect(nconf.get('relative_path') + '/404');
 		}
 
 		data.privileges = userPrivileges;
diff --git a/src/middleware/middleware.js b/src/middleware/middleware.js
index 470b85fed8..831b506f5e 100644
--- a/src/middleware/middleware.js
+++ b/src/middleware/middleware.js
@@ -161,11 +161,7 @@ middleware.checkAccountPermissions = function(req, res, next) {
 		}
 
 		if (!uid) {
-			if (res.locals.isAPI) {
-				return res.json(404, 'not-found');
-			} else {
-				return res.redirect('404');
-			}
+			return res.locals.isAPI ? res.json(404, 'not-found') : res.redirect(nconf.get('relative_path') + '/404');
 		}
 
 		if (parseInt(uid, 10) === callerUID) {
@@ -181,11 +177,7 @@ middleware.checkAccountPermissions = function(req, res, next) {
 				return next();
 			}
 
-			if (res.locals.isAPI) {
-				return res.json(403, 'not-allowed');
-			} else {
-				return res.redirect('403');
-			}
+			res.locals.isAPI ? res.json(403, 'not-allowed') : res.redirect(nconf.get('relative_path') + '/403');
 		});
 	});
 };
diff --git a/src/privileges/topics.js b/src/privileges/topics.js
index f263f3823b..900aa0782d 100644
--- a/src/privileges/topics.js
+++ b/src/privileges/topics.js
@@ -39,13 +39,17 @@ module.exports = function(privileges) {
 				},
 				isModerator: function(next) {
 					user.isModerator(uid, cid, next);
+				},
+				disabled: function(next) {
+					categories.getCategoryField(cid, 'disabled', next);
 				}
 			}, function(err, results) {
 				if(err) {
 					return callback(err);
 				}
+				var disabled = parseInt(results.disabled, 10) === 1;
 				var	isAdminOrMod = results.isAdministrator || results.isModerator;
-				var editable =  isAdminOrMod || results.manage_topic;
+				var editable = isAdminOrMod || results.manage_topic;
 				var deletable = isAdminOrMod || results.isOwner;
 
 				callback(null, {
@@ -54,7 +58,8 @@ module.exports = function(privileges) {
 					view_thread_tools: editable || deletable,
 					editable: editable,
 					deletable: deletable,
-					view_deleted: isAdminOrMod || results.manage_topic || results.isOwner
+					view_deleted: isAdminOrMod || results.manage_topic || results.isOwner,
+					disabled: disabled
 				});
 			});
 		});
diff --git a/src/routes/feeds.js b/src/routes/feeds.js
index d52df93716..3f6cc0cca1 100644
--- a/src/routes/feeds.js
+++ b/src/routes/feeds.js
@@ -31,7 +31,7 @@ function hasPrivileges(method, id, req, res, next) {
 		}
 
 		if (!canRead) {
-			return res.redirect('403');
+			return res.redirect(nconf.get('relative_path') + '/403')
 		}
 
 		return next();
@@ -53,7 +53,7 @@ function generateForTopic(req, res, next) {
 			}
 
 			if (topicData.deleted && !userPrivileges.view_deleted) {
-				return res.redirect('404');
+				return res.redirect(nconf.get('relative_path') + '/404')
 			}
 
 			var description = topicData.posts.length ? topicData.posts[0].content : '';
@@ -133,7 +133,7 @@ function generateForPopular(req, res, next) {
 
 function disabledRSS(req, res, next) {
 	if (meta.config['feeds:disableRSS'] === '1') {
-		return res.redirect('404');
+		return res.redirect(nconf.get('relative_path') + '/404')
 	}
 
 	next();
diff --git a/src/routes/index.js b/src/routes/index.js
index 4838621e76..9fe56381f4 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -216,7 +216,7 @@ function handleErrors(err, req, res, next) {
 
 	req.flash('errorMessage', err.message);
 
-	res.redirect('500');
+	res.redirect(nconf.get('relative_path') + '/500')
 }
 
 function catch404(req, res, next) {