new priv for uploads

v1.18.x
barisusakli 9 years ago
parent 03208807e4
commit d2cbd7e6dc

@ -48,7 +48,7 @@ module.exports = function(Categories) {
function(data, next) {
category = data.category;
var defaultPrivileges = ['find', 'read', 'topics:read', 'topics:create', 'topics:reply'];
var defaultPrivileges = ['find', 'read', 'topics:read', 'topics:create', 'topics:reply', 'upload:post:image'];
async.series([
async.apply(db.setObject, 'category:' + category.cid, category),

@ -12,17 +12,13 @@ var meta = require('../meta');
var file = require('../file');
var plugins = require('../plugins');
var image = require('../image');
var privileges = require('../privileges');
var uploadsController = {};
uploadsController.upload = function(req, res, filesIterator) {
var files = req.files.files;
if (!req.user && meta.config.allowGuestUploads !== '1') {
deleteTempFiles(files);
return res.status(403).json('[[error:guest-upload-disabled]]');
}
if (!Array.isArray(files)) {
return res.status(500).json('invalid files');
}
@ -47,35 +43,57 @@ uploadsController.upload = function(req, res, filesIterator) {
uploadsController.uploadPost = function(req, res, next) {
uploadsController.upload(req, res, function(uploadedFile, next) {
var isImage = uploadedFile.type.match(/image./);
if (isImage && plugins.hasListeners('filter:uploadImage')) {
return plugins.fireHook('filter:uploadImage', {image: uploadedFile, uid: req.uid}, next);
if (isImage) {
uploadAsImage(req, uploadedFile, next);
} else {
uploadAsFile(req, uploadedFile, next);
}
}, next);
};
async.waterfall([
function(next) {
if (isImage) {
file.isFileTypeAllowed(uploadedFile.path, next);
} else {
next();
}
},
function (next) {
if (parseInt(meta.config.allowFileUploads, 10) !== 1) {
return next(new Error('[[error:uploads-are-disabled]]'));
}
uploadFile(req.uid, uploadedFile, next);
},
function(fileObj, next) {
if (!isImage || parseInt(meta.config.maximumImageWidth, 10) === 0) {
// Not an image, or resizing disabled. No need to resize.
return next(null, fileObj);
}
function uploadAsImage(req, uploadedFile, callback) {
async.waterfall([
function(next) {
privileges.categories.can('upload:post:image', req.body.cid, req.uid, next);
},
function(canUpload, next) {
if (!canUpload) {
return next(new Error('[[error:no-privileges]]'));
}
if (plugins.hasListeners('filter:uploadImage')) {
return plugins.fireHook('filter:uploadImage', {image: uploadedFile, uid: req.uid}, callback);
}
file.isFileTypeAllowed(uploadedFile.path, next);
},
function(next) {
uploadFile(req.uid, uploadedFile, next);
},
function(fileObj, next) {
if (parseInt(meta.config.maximumImageWidth, 10) === 0) {
return next(null, fileObj);
}
resizeImage(fileObj, next);
}
], callback);
}
resizeImage(fileObj, next);
function uploadAsFile(req, uploadedFile, callback) {
async.waterfall([
function(next) {
privileges.categories.can('upload:post:file', req.body.cid, req.uid, next);
},
function(canUpload, next) {
if (!canUpload) {
return next(new Error('[[error:no-privileges]]'));
}
], next);
}, next);
};
if (parseInt(meta.config.allowFileUploads, 10) !== 1) {
return next(new Error('[[error:uploads-are-disabled]]'));
}
uploadFile(req.uid, uploadedFile, next);
}
], callback);
}
function resizeImage(fileObj, callback) {
var fullPath;

@ -2,8 +2,29 @@
var privileges = {};
privileges.userPrivilegeList = ['find', 'read', 'topics:read', 'topics:create', 'topics:reply', 'purge', 'mods'];
privileges.groupPrivilegeList = ['groups:find', 'groups:read', 'groups:topics:read', 'groups:topics:create', 'groups:topics:reply', 'groups:purge', 'groups:moderate'];
privileges.userPrivilegeList = [
'find',
'read',
'topics:read',
'topics:create',
'topics:reply',
'upload:post:image',
'upload:post:file',
'purge',
'mods'
];
privileges.groupPrivilegeList = [
'groups:find',
'groups:read',
'groups:topics:read',
'groups:topics:create',
'groups:topics:reply',
'groups:upload:post:image',
'groups:upload:post:file',
'groups:purge',
'groups:moderate'
];
privileges.privilegeList = privileges.userPrivilegeList.concat(privileges.groupPrivilegeList);

@ -23,6 +23,8 @@ module.exports = function(privileges) {
{name: 'Access Topics'},
{name: 'Create Topics'},
{name: 'Reply to Topics'},
{name: 'Upload Images'},
{name: 'Upload Files'},
{name: 'Purge'},
{name: 'Moderate'}
];

@ -1,8 +1,8 @@
"use strict";
var express = require('express'),
var express = require('express');
uploadsController = require('../controllers/uploads');
var uploadsController = require('../controllers/uploads');
module.exports = function(app, middleware, controllers) {

@ -10,7 +10,7 @@ var db = require('./database'),
schemaDate, thisSchemaDate,
// IMPORTANT: REMEMBER TO UPDATE VALUE OF latestSchema
latestSchema = Date.UTC(2016, 5, 13);
latestSchema = Date.UTC(2016, 6, 12);
Upgrade.check = function(callback) {
db.get('schemaDate', function(err, value) {
@ -617,6 +617,46 @@ Upgrade.upgrade = function(callback) {
winston.info('[2016/06/13] Store upvotes/downvotes separately skipped!');
next();
}
},
function(next) {
thisSchemaDate = Date.UTC(2016, 6, 12);
if (schemaDate < thisSchemaDate) {
updatesMade = true;
winston.info('[2016/07/12] Giving upload privileges');
var privilegesAPI = require('./privileges');
var meta = require('./meta');
db.getSortedSetRange('categories:cid', 0, -1, function(err, cids) {
async.eachSeries(cids, function(cid, next) {
privilegesAPI.categories.list(cid, function(err, data) {
if (err) {
return next(err);
}
async.eachSeries(data.groups, function(group, next) {
if (group.name === 'guests' && parseInt(meta.config.allowGuestUploads, 10) !== 1) {
return next();
}
if (group.privileges['groups:read']) {
privilegesAPI.categories.give(['upload:post:image'], cid, group.name, next);
} else {
next();
}
}, next);
});
}, function(err) {
if (err) {
return next(err);
}
winston.info('[2016/07/12] Upload privileges done');
Upgrade.update(thisSchemaDate, next);
});
});
} else {
winston.info('[2016/07/12] Upload privileges skipped!');
next();
}
}
// Add new schema updates here
// IMPORTANT: REMEMBER TO UPDATE VALUE OF latestSchema IN LINE 24!!!

@ -20,13 +20,6 @@
</label>
</div>
<div class="checkbox">
<label class="mdl-switch mdl-js-switch mdl-js-ripple-effect">
<input class="mdl-switch__input" type="checkbox" data-field="allowGuestUploads">
<span class="mdl-switch__label"><strong>Allow Guests to Upload Files</strong></span>
</label>
</div>
<div class="form-group">
<label for="maximumImageWidth">Resize images down to specified width (in pixels)</label>
<input type="text" class="form-control" value="760" data-field="maximumImageWidth" placeholder="760">
@ -52,7 +45,7 @@
<div class="form-group">
<label for="topicThumbSize">Topic Thumb Size</label>
<input type="text" class="form-control" value="120" data-field="topicThumbSize">
<input type="text" class="form-control" value="120" data-field="topicThumbSize">
</div>
<div class="form-group">

Loading…
Cancel
Save