diff --git a/public/src/ajaxify.js b/public/src/ajaxify.js index bcd518d1fa..c6b9418693 100644 --- a/public/src/ajaxify.js +++ b/public/src/ajaxify.js @@ -195,6 +195,9 @@ $(document).ready(function() { ajaxify.loadScript = function(tpl_url, callback) { var location = !app.inAdmin ? 'forum/' : ''; + if (tpl_url.startsWith('admin')) { + location = ''; + } var data = { tpl_url: tpl_url, scripts: [location + tpl_url] diff --git a/src/controllers/admin/flags.js b/src/controllers/admin/flags.js index ee153bfffb..ce71f4528b 100644 --- a/src/controllers/admin/flags.js +++ b/src/controllers/admin/flags.js @@ -1,28 +1,31 @@ "use strict"; +var async = require('async'); var posts = require('../../posts'); var flagsController = {}; flagsController.get = function(req, res, next) { - function done(err, posts) { - if (err) { - return next(err); - } - res.render('admin/manage/flags', {posts: posts, next: stop + 1, byUsername: byUsername}); - } - var sortBy = req.query.sortBy || 'count'; var byUsername = req.query.byUsername || ''; var start = 0; var stop = 19; - if (byUsername) { - posts.getUserFlags(byUsername, sortBy, req.uid, start, stop, done); - } else { - var set = sortBy === 'count' ? 'posts:flags:count' : 'posts:flagged'; - posts.getFlags(set, req.uid, start, stop, done); - } + async.waterfall([ + function (next) { + if (byUsername) { + posts.getUserFlags(byUsername, sortBy, req.uid, start, stop, next); + } else { + var set = sortBy === 'count' ? 'posts:flags:count' : 'posts:flagged'; + posts.getFlags(set, req.uid, start, stop, next); + } + } + ], function (err, posts) { + if (err) { + return next(err); + } + res.render('admin/manage/flags', {posts: posts, next: stop + 1, byUsername: byUsername}); + }); }; diff --git a/src/controllers/posts.js b/src/controllers/posts.js index 7b42ff22e3..5618069b9b 100644 --- a/src/controllers/posts.js +++ b/src/controllers/posts.js @@ -1,31 +1,18 @@ "use strict"; - - -var posts = require('../posts'); - +var user = require('../user'); +var adminFlagsController = require('./admin/flags'); var postsController = {}; postsController.flagged = function(req, res, next) { - function done(err, posts) { - if (err) { + user.isAdminOrGlobalMod(req.uid, function(err, isAdminOrGlobalMod) { + if (err || !isAdminOrGlobalMod) { return next(err); } - res.render('admin/manage/flags', {posts: posts, next: stop + 1, byUsername: byUsername}); - } - - var sortBy = req.query.sortBy || 'count'; - var byUsername = req.query.byUsername || ''; - var start = 0; - var stop = 19; - if (byUsername) { - posts.getUserFlags(byUsername, sortBy, req.uid, start, stop, done); - } else { - var set = sortBy === 'count' ? 'posts:flags:count' : 'posts:flagged'; - posts.getFlags(set, req.uid, start, stop, done); - } + adminFlagsController.get(req, res, next); + }); }; diff --git a/src/routes/index.js b/src/routes/index.js index 9afb954380..96ff880db0 100644 --- a/src/routes/index.js +++ b/src/routes/index.js @@ -37,7 +37,7 @@ function mainRoutes(app, middleware, controllers) { } function postRoutes(app, middleware, controllers) { - setupPageRoute(app, '/posts/flagged', middleware, [], controllers.posts.flagged); + setupPageRoute(app, '/posts/flags', middleware, [], controllers.posts.flagged); } function topicRoutes(app, middleware, controllers) { diff --git a/src/socket.io/admin.js b/src/socket.io/admin.js index 9652872fa5..03f971b166 100644 --- a/src/socket.io/admin.js +++ b/src/socket.io/admin.js @@ -39,12 +39,13 @@ SocketAdmin.before = function(socket, method, data, next) { if (!socket.uid) { return; } + user.isAdministrator(socket.uid, function(err, isAdmin) { - if (!err && isAdmin) { - next(); - } else { - winston.warn('[socket.io] Call to admin method ( ' + method + ' ) blocked (accessed by uid ' + socket.uid + ')'); + if (err || isAdmin) { + return next(err); } + + winston.warn('[socket.io] Call to admin method ( ' + method + ' ) blocked (accessed by uid ' + socket.uid + ')'); }); }; @@ -323,36 +324,5 @@ SocketAdmin.deleteAllEvents = function(socket, data, callback) { events.deleteAll(callback); }; -SocketAdmin.dismissFlag = function(socket, pid, callback) { - if (!pid) { - return callback('[[error:invalid-data]]'); - } - - posts.dismissFlag(pid, callback); -}; - -SocketAdmin.dismissAllFlags = function(socket, data, callback) { - posts.dismissAllFlags(callback); -}; - -SocketAdmin.getMoreFlags = function(socket, data, callback) { - if (!data || !parseInt(data.after, 10)) { - return callback('[[error:invalid-data]]'); - } - var sortBy = data.sortBy || 'count'; - var byUsername = data.byUsername || ''; - var start = parseInt(data.after, 10); - var stop = start + 19; - if (byUsername) { - posts.getUserFlags(byUsername, sortBy, socket.uid, start, stop, function(err, posts) { - callback(err, {posts: posts, next: stop + 1}); - }); - } else { - var set = sortBy === 'count' ? 'posts:flags:count' : 'posts:flagged'; - posts.getFlags(set, socket.uid, start, stop, function(err, posts) { - callback(err, {posts: posts, next: stop + 1}); - }); - } -}; module.exports = SocketAdmin; diff --git a/src/socket.io/posts/flag.js b/src/socket.io/posts/flag.js index d3f4007e01..4bb09470bf 100644 --- a/src/socket.io/posts/flag.js +++ b/src/socket.io/posts/flag.js @@ -98,4 +98,66 @@ module.exports = function(SocketPosts) { } ], callback); }; + + SocketPosts.dismissFlag = function(socket, pid, callback) { + if (!pid || !socket.uid) { + return callback('[[error:invalid-data]]'); + } + async.waterfall([ + function (next) { + user.isAdminOrGlobalModerator(socket.uid, next); + }, + function (isAdminOrGlobalModerator, next) { + if (!isAdminOrGlobalModerator) { + return next(new Error('[[no-privileges]]')); + } + posts.dismissFlag(pid, next); + } + ], callback); + }; + + SocketPosts.dismissAllFlags = function(socket, data, callback) { + async.waterfall([ + function (next) { + user.isAdminOrGlobalModerator(socket.uid, next); + }, + function (isAdminOrGlobalModerator, next) { + if (!isAdminOrGlobalModerator) { + return next(new Error('[[no-privileges]]')); + } + posts.dismissAllFlags(next); + } + ], callback); + }; + + SocketPosts.getMoreFlags = function(socket, data, callback) { + if (!data || !parseInt(data.after, 10)) { + return callback('[[error:invalid-data]]'); + } + var sortBy = data.sortBy || 'count'; + var byUsername = data.byUsername || ''; + var start = parseInt(data.after, 10); + var stop = start + 19; + + async.waterfall([ + function (next) { + user.isAdminOrGlobalModerator(socket.uid, next); + }, + function (isAdminOrGlobalModerator, next) { + if (!isAdminOrGlobalModerator) { + return next(new Error('[[no-privileges]]')); + } + + if (byUsername) { + posts.getUserFlags(byUsername, sortBy, socket.uid, start, stop, next); + } else { + var set = sortBy === 'count' ? 'posts:flags:count' : 'posts:flagged'; + posts.getFlags(set, socket.uid, start, stop, next); + } + }, + function (posts, next) { + next(null, {posts: posts, next: stop + 1}); + }, + ], callback); + }; }; \ No newline at end of file diff --git a/src/socket.io/user/ban.js b/src/socket.io/user/ban.js index 9d7a8cf72e..574490b74d 100644 --- a/src/socket.io/user/ban.js +++ b/src/socket.io/user/ban.js @@ -34,13 +34,10 @@ module.exports = function(SocketUser) { async.waterfall([ function (next) { - async.parallel({ - isAdmin: async.apply(user.isAdministrator, uid), - isGlobalMod: async.apply(user.isGlobalModerator, uid) - }, next); + user.isAdminOrGlobalMod(uid, next); }, - function (results, next) { - if (!results.isAdmin && !results.isGlobalMod) { + function (isAdminOrGlobalMod, next) { + if (!isAdminOrGlobalMod) { return next(new Error('[[error:no-privileges]]')); } async.each(uids, method, next); diff --git a/src/user.js b/src/user.js index 8bb6ff28f2..e9546b8c6e 100644 --- a/src/user.js +++ b/src/user.js @@ -234,6 +234,15 @@ var async = require('async'), privileges.users.isGlobalModerator(uid, callback); }; + User.isAdminOrGlobalMod = function(uid, callback) { + async.parallel({ + isAdmin: async.apply(User.isAdministrator, uid), + isGlobalMod: async.apply(User.isGlobalModerator, uid) + }, function(err, results) { + callback(err, results ? (results.isAdmin || results.isGlobalMod) : false); + }); + }; + User.isAdminOrSelf = function(callerUid, uid, callback) { if (parseInt(callerUid, 10) === parseInt(uid, 10)) { return callback();