diff --git a/src/categories/create.js b/src/categories/create.js
index dfa722c4f0..f80e78f24e 100644
--- a/src/categories/create.js
+++ b/src/categories/create.js
@@ -48,7 +48,7 @@ module.exports = function(Categories) {
function(data, next) {
category = data.category;
- var defaultPrivileges = ['find', 'read', 'topics:read', 'topics:create', 'topics:reply'];
+ var defaultPrivileges = ['find', 'read', 'topics:read', 'topics:create', 'topics:reply', 'upload:post:image'];
async.series([
async.apply(db.setObject, 'category:' + category.cid, category),
diff --git a/src/controllers/uploads.js b/src/controllers/uploads.js
index 16bc3b7c31..374152e388 100644
--- a/src/controllers/uploads.js
+++ b/src/controllers/uploads.js
@@ -12,17 +12,13 @@ var meta = require('../meta');
var file = require('../file');
var plugins = require('../plugins');
var image = require('../image');
+var privileges = require('../privileges');
var uploadsController = {};
uploadsController.upload = function(req, res, filesIterator) {
var files = req.files.files;
- if (!req.user && meta.config.allowGuestUploads !== '1') {
- deleteTempFiles(files);
- return res.status(403).json('[[error:guest-upload-disabled]]');
- }
-
if (!Array.isArray(files)) {
return res.status(500).json('invalid files');
}
@@ -47,35 +43,57 @@ uploadsController.upload = function(req, res, filesIterator) {
uploadsController.uploadPost = function(req, res, next) {
uploadsController.upload(req, res, function(uploadedFile, next) {
var isImage = uploadedFile.type.match(/image./);
- if (isImage && plugins.hasListeners('filter:uploadImage')) {
- return plugins.fireHook('filter:uploadImage', {image: uploadedFile, uid: req.uid}, next);
+ if (isImage) {
+ uploadAsImage(req, uploadedFile, next);
+ } else {
+ uploadAsFile(req, uploadedFile, next);
}
+ }, next);
+};
- async.waterfall([
- function(next) {
- if (isImage) {
- file.isFileTypeAllowed(uploadedFile.path, next);
- } else {
- next();
- }
- },
- function (next) {
- if (parseInt(meta.config.allowFileUploads, 10) !== 1) {
- return next(new Error('[[error:uploads-are-disabled]]'));
- }
- uploadFile(req.uid, uploadedFile, next);
- },
- function(fileObj, next) {
- if (!isImage || parseInt(meta.config.maximumImageWidth, 10) === 0) {
- // Not an image, or resizing disabled. No need to resize.
- return next(null, fileObj);
- }
+function uploadAsImage(req, uploadedFile, callback) {
+ async.waterfall([
+ function(next) {
+ privileges.categories.can('upload:post:image', req.body.cid, req.uid, next);
+ },
+ function(canUpload, next) {
+ if (!canUpload) {
+ return next(new Error('[[error:no-privileges]]'));
+ }
+ if (plugins.hasListeners('filter:uploadImage')) {
+ return plugins.fireHook('filter:uploadImage', {image: uploadedFile, uid: req.uid}, callback);
+ }
+ file.isFileTypeAllowed(uploadedFile.path, next);
+ },
+ function(next) {
+ uploadFile(req.uid, uploadedFile, next);
+ },
+ function(fileObj, next) {
+ if (parseInt(meta.config.maximumImageWidth, 10) === 0) {
+ return next(null, fileObj);
+ }
+
+ resizeImage(fileObj, next);
+ }
+ ], callback);
+}
- resizeImage(fileObj, next);
+function uploadAsFile(req, uploadedFile, callback) {
+ async.waterfall([
+ function(next) {
+ privileges.categories.can('upload:post:file', req.body.cid, req.uid, next);
+ },
+ function(canUpload, next) {
+ if (!canUpload) {
+ return next(new Error('[[error:no-privileges]]'));
}
- ], next);
- }, next);
-};
+ if (parseInt(meta.config.allowFileUploads, 10) !== 1) {
+ return next(new Error('[[error:uploads-are-disabled]]'));
+ }
+ uploadFile(req.uid, uploadedFile, next);
+ }
+ ], callback);
+}
function resizeImage(fileObj, callback) {
var fullPath;
diff --git a/src/privileges.js b/src/privileges.js
index 49bb370b0b..1f28a7cb91 100644
--- a/src/privileges.js
+++ b/src/privileges.js
@@ -2,8 +2,29 @@
var privileges = {};
-privileges.userPrivilegeList = ['find', 'read', 'topics:read', 'topics:create', 'topics:reply', 'purge', 'mods'];
-privileges.groupPrivilegeList = ['groups:find', 'groups:read', 'groups:topics:read', 'groups:topics:create', 'groups:topics:reply', 'groups:purge', 'groups:moderate'];
+privileges.userPrivilegeList = [
+ 'find',
+ 'read',
+ 'topics:read',
+ 'topics:create',
+ 'topics:reply',
+ 'upload:post:image',
+ 'upload:post:file',
+ 'purge',
+ 'mods'
+];
+
+privileges.groupPrivilegeList = [
+ 'groups:find',
+ 'groups:read',
+ 'groups:topics:read',
+ 'groups:topics:create',
+ 'groups:topics:reply',
+ 'groups:upload:post:image',
+ 'groups:upload:post:file',
+ 'groups:purge',
+ 'groups:moderate'
+];
privileges.privilegeList = privileges.userPrivilegeList.concat(privileges.groupPrivilegeList);
diff --git a/src/privileges/categories.js b/src/privileges/categories.js
index 382d89e4e4..ce2c30506e 100644
--- a/src/privileges/categories.js
+++ b/src/privileges/categories.js
@@ -23,6 +23,8 @@ module.exports = function(privileges) {
{name: 'Access Topics'},
{name: 'Create Topics'},
{name: 'Reply to Topics'},
+ {name: 'Upload Images'},
+ {name: 'Upload Files'},
{name: 'Purge'},
{name: 'Moderate'}
];
diff --git a/src/routes/api.js b/src/routes/api.js
index ee983f1cd5..3313edbe57 100644
--- a/src/routes/api.js
+++ b/src/routes/api.js
@@ -1,8 +1,8 @@
"use strict";
-var express = require('express'),
+var express = require('express');
- uploadsController = require('../controllers/uploads');
+var uploadsController = require('../controllers/uploads');
module.exports = function(app, middleware, controllers) {
diff --git a/src/upgrade.js b/src/upgrade.js
index 895520d193..16362883d2 100644
--- a/src/upgrade.js
+++ b/src/upgrade.js
@@ -10,7 +10,7 @@ var db = require('./database'),
schemaDate, thisSchemaDate,
// IMPORTANT: REMEMBER TO UPDATE VALUE OF latestSchema
- latestSchema = Date.UTC(2016, 5, 13);
+ latestSchema = Date.UTC(2016, 6, 12);
Upgrade.check = function(callback) {
db.get('schemaDate', function(err, value) {
@@ -617,6 +617,46 @@ Upgrade.upgrade = function(callback) {
winston.info('[2016/06/13] Store upvotes/downvotes separately skipped!');
next();
}
+ },
+ function(next) {
+ thisSchemaDate = Date.UTC(2016, 6, 12);
+
+ if (schemaDate < thisSchemaDate) {
+ updatesMade = true;
+ winston.info('[2016/07/12] Giving upload privileges');
+ var privilegesAPI = require('./privileges');
+ var meta = require('./meta');
+
+ db.getSortedSetRange('categories:cid', 0, -1, function(err, cids) {
+ async.eachSeries(cids, function(cid, next) {
+ privilegesAPI.categories.list(cid, function(err, data) {
+ if (err) {
+ return next(err);
+ }
+ async.eachSeries(data.groups, function(group, next) {
+ if (group.name === 'guests' && parseInt(meta.config.allowGuestUploads, 10) !== 1) {
+ return next();
+ }
+ if (group.privileges['groups:read']) {
+ privilegesAPI.categories.give(['upload:post:image'], cid, group.name, next);
+ } else {
+ next();
+ }
+ }, next);
+ });
+ }, function(err) {
+ if (err) {
+ return next(err);
+ }
+
+ winston.info('[2016/07/12] Upload privileges done');
+ Upgrade.update(thisSchemaDate, next);
+ });
+ });
+ } else {
+ winston.info('[2016/07/12] Upload privileges skipped!');
+ next();
+ }
}
// Add new schema updates here
// IMPORTANT: REMEMBER TO UPDATE VALUE OF latestSchema IN LINE 24!!!
diff --git a/src/views/admin/settings/uploads.tpl b/src/views/admin/settings/uploads.tpl
index 4358dee47e..f5b2e3c5a5 100644
--- a/src/views/admin/settings/uploads.tpl
+++ b/src/views/admin/settings/uploads.tpl
@@ -20,13 +20,6 @@
-
-
-
-