diff --git a/src/categories/create.js b/src/categories/create.js index d461b28f91..83b84b023e 100644 --- a/src/categories/create.js +++ b/src/categories/create.js @@ -1,14 +1,13 @@ 'use strict'; -var async = require('async'); -var _ = require('lodash'); +const async = require('async'); +const _ = require('lodash'); -var db = require('../database'); -var groups = require('../groups'); -var plugins = require('../plugins'); -var privileges = require('../privileges'); -var utils = require('../utils'); -var cache = require('../cache'); +const db = require('../database'); +const plugins = require('../plugins'); +const privileges = require('../privileges'); +const utils = require('../utils'); +const cache = require('../cache'); module.exports = function (Categories) { Categories.create = async function (data) { @@ -48,33 +47,34 @@ module.exports = function (Categories) { const result = await plugins.fireHook('filter:category.create', { category: category, data: data }); category = result.category; - const defaultPrivileges = [ - 'find', - 'read', - 'topics:read', - 'topics:create', - 'topics:reply', - 'topics:tag', - 'posts:edit', - 'posts:history', - 'posts:delete', - 'posts:upvote', - 'posts:downvote', - 'topics:delete', - ]; - const modPrivileges = defaultPrivileges.concat([ - 'posts:view_deleted', - 'purge', - ]); await db.setObject('category:' + category.cid, category); if (!category.descriptionParsed) { await Categories.parseDescription(category.cid, category.description); } await db.sortedSetsAdd(['categories:cid', 'cid:' + parentCid + ':children'], category.order, category.cid); + + const defaultPrivileges = [ + 'groups:find', + 'groups:read', + 'groups:topics:read', + 'groups:topics:create', + 'groups:topics:reply', + 'groups:topics:tag', + 'groups:posts:edit', + 'groups:posts:history', + 'groups:posts:delete', + 'groups:posts:upvote', + 'groups:posts:downvote', + 'groups:topics:delete', + ]; + const modPrivileges = defaultPrivileges.concat([ + 'groups:posts:view_deleted', + 'groups:purge', + ]); await privileges.categories.give(defaultPrivileges, category.cid, 'registered-users'); await privileges.categories.give(modPrivileges, category.cid, ['administrators', 'Global Moderators']); - await privileges.categories.give(['find', 'read', 'topics:read'], category.cid, ['guests', 'spiders']); + await privileges.categories.give(['groups:find', 'groups:read', 'groups:topics:read'], category.cid, ['guests', 'spiders']); cache.del(['categories:cid', 'cid:' + parentCid + ':children']); if (data.cloneFromCid && parseInt(data.cloneFromCid, 10)) { @@ -110,10 +110,9 @@ module.exports = function (Categories) { } Categories.assignColours = function () { - var backgrounds = ['#AB4642', '#DC9656', '#F7CA88', '#A1B56C', '#86C1B9', '#7CAFC2', '#BA8BAF', '#A16946']; - var text = ['#fff', '#fff', '#333', '#fff', '#333', '#fff', '#fff', '#fff']; - var index = Math.floor(Math.random() * backgrounds.length); - + const backgrounds = ['#AB4642', '#DC9656', '#F7CA88', '#A1B56C', '#86C1B9', '#7CAFC2', '#BA8BAF', '#A16946']; + const text = ['#fff', '#fff', '#333', '#fff', '#333', '#fff', '#fff', '#fff']; + const index = Math.floor(Math.random() * backgrounds.length); return [backgrounds[index], text[index]]; }; @@ -192,14 +191,16 @@ module.exports = function (Categories) { }); } - async function copyPrivilegesByGroup(privileges, fromCid, toCid, group) { - const leaveGroups = privileges.map(privilege => 'cid:' + toCid + ':privileges:' + privilege); - await groups.leave(leaveGroups, group); - - const checkGroups = privileges.map(privilege => 'group:cid:' + fromCid + ':privileges:' + privilege + ':members'); - const isMembers = await db.isMemberOfSortedSets(checkGroups, group); - privileges = privileges.filter((priv, index) => isMembers[index]); - const joinGroups = privileges.map(privilege => 'cid:' + toCid + ':privileges:' + privilege); - await groups.join(joinGroups, group); + async function copyPrivilegesByGroup(privilegeList, fromCid, toCid, group) { + const fromGroups = privilegeList.map(privilege => 'group:cid:' + fromCid + ':privileges:' + privilege + ':members'); + const toGroups = privilegeList.map(privilege => 'group:cid:' + toCid + ':privileges:' + privilege + ':members'); + const [fromChecks, toChecks] = await Promise.all([ + db.isMemberOfSortedSets(fromGroups, group), + db.isMemberOfSortedSets(toGroups, group), + ]); + const givePrivs = privilegeList.filter((priv, index) => fromChecks[index] && !toChecks[index]); + const rescindPrivs = privilegeList.filter((priv, index) => !fromChecks[index] && toChecks[index]); + await privileges.categories.give(givePrivs, toCid, group); + await privileges.categories.rescind(rescindPrivs, toCid, group); } }; diff --git a/src/cli/reset.js b/src/cli/reset.js index cb1eb041f3..ad3cd1b2c3 100644 --- a/src/cli/reset.js +++ b/src/cli/reset.js @@ -93,7 +93,7 @@ exports.reset = async function (options) { }; async function resetSettings() { - await privileges.global.give(['local:login'], 'registered-users'); + await privileges.global.give(['groups:local:login'], 'registered-users'); winston.info('[reset] registered-users given login privilege'); winston.info('[reset] Settings reset to default'); } diff --git a/src/install.js b/src/install.js index 0b5dd62d39..634e932fd3 100644 --- a/src/install.js +++ b/src/install.js @@ -404,22 +404,22 @@ function createGlobalModeratorsGroup(next) { function giveGlobalPrivileges(next) { var privileges = require('./privileges'); var defaultPrivileges = [ - 'chat', 'upload:post:image', 'signature', 'search:content', - 'search:users', 'search:tags', 'view:users', 'view:tags', 'view:groups', - 'local:login', + 'groups:chat', 'groups:upload:post:image', 'groups:signature', 'groups:search:content', + 'groups:search:users', 'groups:search:tags', 'groups:view:users', 'groups:view:tags', 'groups:view:groups', + 'groups:local:login', ]; async.waterfall([ function (next) { privileges.global.give(defaultPrivileges, 'registered-users', next); }, function (next) { - privileges.global.give(defaultPrivileges.concat(['ban', 'upload:post:file', 'view:users:info']), 'Global Moderators', next); + privileges.global.give(defaultPrivileges.concat(['groups:ban', 'groups:upload:post:file', 'groups:view:users:info']), 'Global Moderators', next); }, function (next) { - privileges.global.give(['view:users', 'view:tags', 'view:groups'], 'guests', next); + privileges.global.give(['groups:view:users', 'groups:view:tags', 'groups:view:groups'], 'guests', next); }, function (next) { - privileges.global.give(['view:users', 'view:tags', 'view:groups'], 'spiders', next); + privileges.global.give(['groups:view:users', 'groups:view:tags', 'groups:view:groups'], 'spiders', next); }, ], next); } diff --git a/src/privileges/categories.js b/src/privileges/categories.js index 6f380b6563..8fa6165dac 100644 --- a/src/privileges/categories.js +++ b/src/privileges/categories.js @@ -129,12 +129,22 @@ module.exports = function (privileges) { return uids.filter((uid, index) => allowedTo[index] || isAdmins[index]); }; - privileges.categories.give = async function (privileges, cid, groupName) { - await helpers.giveOrRescind(groups.join, privileges, cid, groupName); + privileges.categories.give = async function (privileges, cid, members) { + await helpers.giveOrRescind(groups.join, privileges, cid, members); + plugins.fireHook('action:privileges.categories.give', { + privileges: privileges, + cids: Array.isArray(cid) ? cid : [cid], + members: Array.isArray(members) ? members : [members], + }); }; - privileges.categories.rescind = async function (privileges, cid, groupName) { - await helpers.giveOrRescind(groups.leave, privileges, cid, groupName); + privileges.categories.rescind = async function (privileges, cid, members) { + await helpers.giveOrRescind(groups.leave, privileges, cid, members); + plugins.fireHook('action:privileges.categories.rescind', { + privileges: privileges, + cids: Array.isArray(cid) ? cid : [cid], + members: Array.isArray(members) ? members : [members], + }); }; privileges.categories.canMoveAllTopics = async function (currentCid, targetCid, uid) { diff --git a/src/privileges/global.js b/src/privileges/global.js index 807159d135..6738ff09c3 100644 --- a/src/privileges/global.js +++ b/src/privileges/global.js @@ -101,10 +101,18 @@ module.exports = function (privileges) { privileges.global.give = async function (privileges, groupName) { await helpers.giveOrRescind(groups.join, privileges, 0, groupName); + plugins.fireHook('action:privileges.global.give', { + privileges: privileges, + groupNames: Array.isArray(groupName) ? groupName : [groupName], + }); }; privileges.global.rescind = async function (privileges, groupName) { await helpers.giveOrRescind(groups.leave, privileges, 0, groupName); + plugins.fireHook('action:privileges.global.rescind', { + privileges: privileges, + groupNames: Array.isArray(groupName) ? groupName : [groupName], + }); }; privileges.global.userPrivileges = async function (uid) { diff --git a/src/privileges/helpers.js b/src/privileges/helpers.js index 47de313b79..4c2b2289f3 100644 --- a/src/privileges/helpers.js +++ b/src/privileges/helpers.js @@ -153,18 +153,18 @@ function moveToFront(groupNames, groupToMove) { } } -helpers.giveOrRescind = async function (method, privileges, cids, groupNames) { - groupNames = Array.isArray(groupNames) ? groupNames : [groupNames]; +helpers.giveOrRescind = async function (method, privileges, cids, members) { + members = Array.isArray(members) ? members : [members]; cids = Array.isArray(cids) ? cids : [cids]; - for (const groupName of groupNames) { + for (const member of members) { const groupKeys = []; cids.forEach((cid) => { privileges.forEach((privilege) => { - groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege); + groupKeys.push('cid:' + cid + ':privileges:' + privilege); }); }); /* eslint-disable no-await-in-loop */ - await method(groupKeys, groupName); + await method(groupKeys, member); } }; diff --git a/src/socket.io/admin/categories.js b/src/socket.io/admin/categories.js index 563043ee75..c57eebc159 100644 --- a/src/socket.io/admin/categories.js +++ b/src/socket.io/admin/categories.js @@ -61,11 +61,9 @@ Categories.setPrivilege = async function (socket, data) { throw new Error('[[error:no-user-or-group]]'); } - if (Array.isArray(data.privilege)) { - await Promise.all(data.privilege.map(privilege => groups[data.set ? 'join' : 'leave']('cid:' + data.cid + ':privileges:' + privilege, data.member))); - } else { - await groups[data.set ? 'join' : 'leave']('cid:' + data.cid + ':privileges:' + data.privilege, data.member); - } + await privileges.categories[data.set ? 'give' : 'rescind']( + Array.isArray(data.privilege) ? data.privilege : [data.privilege], data.cid, data.member + ); await events.log({ uid: socket.uid, diff --git a/src/upgrades/1.10.0/post_history_privilege.js b/src/upgrades/1.10.0/post_history_privilege.js index da0511307b..917098a0af 100644 --- a/src/upgrades/1.10.0/post_history_privilege.js +++ b/src/upgrades/1.10.0/post_history_privilege.js @@ -15,7 +15,7 @@ module.exports = { return callback(err); } async.eachSeries(cids, function (cid, next) { - privileges.categories.give(['posts:history'], cid, 'registered-users', next); + privileges.categories.give(['groups:posts:history'], cid, 'registered-users', next); }, callback); }); }, diff --git a/src/upgrades/1.10.0/search_privileges.js b/src/upgrades/1.10.0/search_privileges.js index 0259da62d2..a6b4b9ceb7 100644 --- a/src/upgrades/1.10.0/search_privileges.js +++ b/src/upgrades/1.10.0/search_privileges.js @@ -12,17 +12,17 @@ module.exports = { var allowGuestUserSearching = parseInt(meta.config.allowGuestUserSearching, 10) === 1; async.waterfall([ function (next) { - privileges.global.give(['search:content', 'search:users', 'search:tags'], 'registered-users', next); + privileges.global.give(['groups:search:content', 'groups:search:users', 'groups:search:tags'], 'registered-users', next); }, function (next) { var guestPrivs = []; if (allowGuestSearching) { - guestPrivs.push('search:content'); + guestPrivs.push('groups:search:content'); } if (allowGuestUserSearching) { - guestPrivs.push('search:users'); + guestPrivs.push('groups:search:users'); } - guestPrivs.push('search:tags'); + guestPrivs.push('groups:search:tags'); privileges.global.give(guestPrivs, 'guests', next); }, ], callback); diff --git a/src/upgrades/1.10.2/local_login_privileges.js b/src/upgrades/1.10.2/local_login_privileges.js index 6b1e5cc090..7b764a1525 100644 --- a/src/upgrades/1.10.2/local_login_privileges.js +++ b/src/upgrades/1.10.2/local_login_privileges.js @@ -9,7 +9,7 @@ module.exports = { var allowLocalLogin = parseInt(meta.config.allowLocalLogin, 10) !== 0; if (allowLocalLogin) { - privileges.global.give(['local:login'], 'registered-users', callback); + privileges.global.give(['groups:local:login'], 'registered-users', callback); } else { callback(); } diff --git a/src/upgrades/1.12.0/global_view_privileges.js b/src/upgrades/1.12.0/global_view_privileges.js index d074d4b148..de39e86f3e 100644 --- a/src/upgrades/1.12.0/global_view_privileges.js +++ b/src/upgrades/1.12.0/global_view_privileges.js @@ -10,17 +10,17 @@ module.exports = { var meta = require('../../meta'); var tasks = [ - async.apply(privileges.global.give, ['view:users', 'view:tags', 'view:groups'], 'registered-users'), + async.apply(privileges.global.give, ['groups:view:users', 'groups:view:tags', 'groups:view:groups'], 'registered-users'), ]; if (parseInt(meta.config.privateUserInfo, 10) !== 1) { - tasks.push(async.apply(privileges.global.give, ['view:users', 'view:groups'], 'guests')); - tasks.push(async.apply(privileges.global.give, ['view:users', 'view:groups'], 'spiders')); + tasks.push(async.apply(privileges.global.give, ['groups:view:users', 'groups:view:groups'], 'guests')); + tasks.push(async.apply(privileges.global.give, ['groups:view:users', 'groups:view:groups'], 'spiders')); } if (parseInt(meta.config.privateTagListing, 10) !== 1) { - tasks.push(async.apply(privileges.global.give, ['view:tags'], 'guests')); - tasks.push(async.apply(privileges.global.give, ['view:tags'], 'spiders')); + tasks.push(async.apply(privileges.global.give, ['groups:view:tags'], 'guests')); + tasks.push(async.apply(privileges.global.give, ['groups:view:tags'], 'spiders')); } async.series(tasks, callback); diff --git a/src/upgrades/1.12.0/group_create_privilege.js b/src/upgrades/1.12.0/group_create_privilege.js index af2d7d2f61..35f93d0f36 100644 --- a/src/upgrades/1.12.0/group_create_privilege.js +++ b/src/upgrades/1.12.0/group_create_privilege.js @@ -8,7 +8,7 @@ module.exports = { method: function (callback) { var meta = require('../../meta'); if (parseInt(meta.config.allowGroupCreation, 10) === 1) { - privileges.global.give(['groups:create'], 'registered-users', callback); + privileges.global.give(['groups:group:create'], 'registered-users', callback); } else { setImmediate(callback); } diff --git a/src/upgrades/1.12.3/give_mod_info_privilege.js b/src/upgrades/1.12.3/give_mod_info_privilege.js index 8d8fe32e86..314268ba1d 100644 --- a/src/upgrades/1.12.3/give_mod_info_privilege.js +++ b/src/upgrades/1.12.3/give_mod_info_privilege.js @@ -26,7 +26,7 @@ module.exports = { }, next); }, function (next) { - privileges.global.give(['view:users:info'], 'Global Moderators', next); + privileges.global.give(['groups:view:users:info'], 'Global Moderators', next); }, ], callback); function givePrivsToModerators(cid, groupPrefix, callback) { diff --git a/src/upgrades/1.12.3/give_mod_privileges.js b/src/upgrades/1.12.3/give_mod_privileges.js index f80dc7e119..f692108e21 100644 --- a/src/upgrades/1.12.3/give_mod_privileges.js +++ b/src/upgrades/1.12.3/give_mod_privileges.js @@ -29,18 +29,18 @@ module.exports = { ]); const globalModPrivs = [ - 'chat', - 'upload:post:image', - 'upload:post:file', - 'signature', - 'ban', - 'search:content', - 'search:users', - 'search:tags', - 'view:users', - 'view:tags', - 'view:groups', - 'local:login', + 'groups:chat', + 'groups:upload:post:image', + 'groups:upload:post:file', + 'groups:signature', + 'groups:ban', + 'groups:search:content', + 'groups:search:users', + 'groups:search:tags', + 'groups:view:users', + 'groups:view:tags', + 'groups:view:groups', + 'groups:local:login', ]; async.waterfall([ @@ -57,7 +57,7 @@ module.exports = { givePrivsToModerators(cid, 'groups:', next); }, function (next) { - privileges.categories.give(modPrivileges, cid, ['Global Moderators'], next); + privileges.categories.give(modPrivileges.map(p => 'groups:' + p), cid, ['Global Moderators'], next); }, ], next); }, next); diff --git a/src/upgrades/1.13.4/remove_allowFileUploads_priv.js b/src/upgrades/1.13.4/remove_allowFileUploads_priv.js index f75cbd078e..894dd398af 100644 --- a/src/upgrades/1.13.4/remove_allowFileUploads_priv.js +++ b/src/upgrades/1.13.4/remove_allowFileUploads_priv.js @@ -14,7 +14,7 @@ module.exports = { } // Remove `upload:post:file` privilege for all groups - await privileges.categories.rescind(['upload:post:file'], 0, ['guests', 'registered-users', 'Global Moderators']); + await privileges.categories.rescind(['groups:upload:post:file'], 0, ['guests', 'registered-users', 'Global Moderators']); // Clean up the old option from the config hash await db.deleteObjectField('config', 'allowFileUploads'); diff --git a/src/upgrades/1.5.2/tags_privilege.js b/src/upgrades/1.5.2/tags_privilege.js index d5d703407c..12efefd6de 100644 --- a/src/upgrades/1.5.2/tags_privilege.js +++ b/src/upgrades/1.5.2/tags_privilege.js @@ -13,7 +13,7 @@ module.exports = { batch.processSortedSet('categories:cid', function (cids, next) { async.eachSeries(cids, function (cid, next) { progress.incr(); - privileges.categories.give(['topics:tag'], cid, 'registered-users', next); + privileges.categories.give(['groups:topics:tag'], cid, 'registered-users', next); }, next); }, { progress: progress, diff --git a/src/upgrades/1.7.4/global_upload_privilege.js b/src/upgrades/1.7.4/global_upload_privilege.js index 22473a9ee0..a7816c75b9 100644 --- a/src/upgrades/1.7.4/global_upload_privilege.js +++ b/src/upgrades/1.7.4/global_upload_privilege.js @@ -22,10 +22,10 @@ module.exports = { var privs = []; if (groupPrivileges['groups:upload:post:image']) { - privs.push('upload:post:image'); + privs.push('groups:upload:post:image'); } if (groupPrivileges['groups:upload:post:file']) { - privs.push('upload:post:file'); + privs.push('groups:upload:post:file'); } privileges.global.give(privs, 'registered-users', next); }); diff --git a/src/upgrades/1.7.4/vote_privilege.js b/src/upgrades/1.7.4/vote_privilege.js index 03f79280ef..2083b9721c 100644 --- a/src/upgrades/1.7.4/vote_privilege.js +++ b/src/upgrades/1.7.4/vote_privilege.js @@ -15,7 +15,7 @@ module.exports = { return callback(err); } async.eachSeries(cids, function (cid, next) { - privileges.categories.give(['posts:upvote', 'posts:downvote'], cid, 'registered-users', next); + privileges.categories.give(['groups:posts:upvote', 'groups:posts:downvote'], cid, 'registered-users', next); }, callback); }); }, diff --git a/src/upgrades/1.8.0/give_signature_privileges.js b/src/upgrades/1.8.0/give_signature_privileges.js index 87d93605f5..03b387a676 100644 --- a/src/upgrades/1.8.0/give_signature_privileges.js +++ b/src/upgrades/1.8.0/give_signature_privileges.js @@ -6,6 +6,6 @@ module.exports = { name: 'Give registered users signature privilege', timestamp: Date.UTC(2018, 1, 28), method: function (callback) { - privileges.global.give(['signature'], 'registered-users', callback); + privileges.global.give(['groups:signature'], 'registered-users', callback); }, }; diff --git a/src/upgrades/1.8.0/give_spiders_privileges.js b/src/upgrades/1.8.0/give_spiders_privileges.js index da3a3b2792..ea96b5ea02 100644 --- a/src/upgrades/1.8.0/give_spiders_privileges.js +++ b/src/upgrades/1.8.0/give_spiders_privileges.js @@ -22,13 +22,13 @@ module.exports = { var privs = []; if (groupPrivileges['groups:find']) { - privs.push('find'); + privs.push('groups:find'); } if (groupPrivileges['groups:read']) { - privs.push('read'); + privs.push('groups:read'); } if (groupPrivileges['groups:topics:read']) { - privs.push('topics:read'); + privs.push('groups:topics:read'); } privileges.categories.give(privs, cid, 'spiders', next); diff --git a/test/authentication.js b/test/authentication.js index 2920a44b20..818fc9dfe2 100644 --- a/test/authentication.js +++ b/test/authentication.js @@ -330,13 +330,13 @@ describe('authentication', function () { }); it('should fail to login if local login is disabled', function (done) { - privileges.global.rescind(['local:login'], 'registered-users', function (err) { + privileges.global.rescind(['groups:local:login'], 'registered-users', function (err) { assert.ifError(err); loginUser('regular', 'regularpwd', function (err, response, body) { assert.ifError(err); assert.equal(response.statusCode, 403); assert.equal(body, '[[error:local-login-disabled]]'); - privileges.global.give(['local:login'], 'registered-users', done); + privileges.global.give(['groups:local:login'], 'registered-users', done); }); }); }); diff --git a/test/controllers.js b/test/controllers.js index 9c14d42b72..dfb0d5384b 100644 --- a/test/controllers.js +++ b/test/controllers.js @@ -689,13 +689,13 @@ describe('Controllers', function () { }); it('should load users search page', function (done) { - privileges.global.give(['search:users'], 'guests', function (err) { + privileges.global.give(['groups:search:users'], 'guests', function (err) { assert.ifError(err); request(nconf.get('url') + '/users?term=bar§ion=sort-posts', function (err, res, body) { assert.ifError(err); assert.equal(res.statusCode, 200); assert(body); - privileges.global.rescind(['search:users'], 'guests', done); + privileges.global.rescind(['groups:search:users'], 'guests', done); }); }); }); @@ -1344,13 +1344,13 @@ describe('Controllers', function () { }); it('should return 401 if user does not have view:users privilege', function (done) { - privileges.global.rescind(['view:users'], 'guests', function (err) { + privileges.global.rescind(['groups:view:users'], 'guests', function (err) { assert.ifError(err); request(nconf.get('url') + '/api/user/foo', { json: true }, function (err, res, body) { assert.ifError(err); assert.equal(res.statusCode, 401); assert.equal(body, 'not-authorized'); - privileges.global.give(['view:users'], 'guests', done); + privileges.global.give(['groups:view:users'], 'guests', done); }); }); }); @@ -1624,12 +1624,12 @@ describe('Controllers', function () { }); it('should 403 if user does not have read privilege', function (done) { - privileges.categories.rescind(['topics:read'], category.cid, 'registered-users', function (err) { + privileges.categories.rescind(['groups:topics:read'], category.cid, 'registered-users', function (err) { assert.ifError(err); request(nconf.get('url') + '/api/post/' + pid, { jar: jar }, function (err, res) { assert.ifError(err); assert.equal(res.statusCode, 403); - privileges.categories.give(['topics:read'], category.cid, 'registered-users', done); + privileges.categories.give(['groups:topics:read'], category.cid, 'registered-users', done); }); }); }); @@ -1916,7 +1916,7 @@ describe('Controllers', function () { it('should return 401 if not allowed to read', function (done) { categories.create({ name: 'hidden' }, function (err, category) { assert.ifError(err); - privileges.categories.rescind(['read'], category.cid, 'guests', function (err) { + privileges.categories.rescind(['groups:read'], category.cid, 'guests', function (err) { assert.ifError(err); request(nconf.get('url') + '/api/category/' + category.slug, function (err, res) { assert.ifError(err); diff --git a/test/feeds.js b/test/feeds.js index 6797e705f2..34bf9d3905 100644 --- a/test/feeds.js +++ b/test/feeds.js @@ -91,14 +91,14 @@ describe('feeds', function () { }); it('should redirect if we do not have read privilege', function (done) { - privileges.categories.rescind(['topics:read'], cid, 'guests', function (err) { + privileges.categories.rescind(['groups:topics:read'], cid, 'guests', function (err) { assert.ifError(err); request(nconf.get('url') + '/topic/' + tid + '.rss', function (err, res, body) { assert.ifError(err); assert.equal(res.statusCode, 200); assert(body); assert(body.includes('Login to your account')); - privileges.categories.give(['topics:read'], cid, 'guests', done); + privileges.categories.give(['groups:topics:read'], cid, 'guests', done); }); }); }); @@ -112,14 +112,14 @@ describe('feeds', function () { }); it('should redirect if we do not have read privilege', function (done) { - privileges.categories.rescind(['read'], cid, 'guests', function (err) { + privileges.categories.rescind(['groups:read'], cid, 'guests', function (err) { assert.ifError(err); request(nconf.get('url') + '/category/' + cid + '.rss', function (err, res, body) { assert.ifError(err); assert.equal(res.statusCode, 200); assert(body); assert(body.includes('Login to your account')); - privileges.categories.give(['read'], cid, 'guests', done); + privileges.categories.give(['groups:read'], cid, 'guests', done); }); }); }); @@ -146,7 +146,7 @@ describe('feeds', function () { it('should not allow access if uid or token is missing', function (done) { - privileges.categories.rescind(['read'], cid, 'guests', function (err) { + privileges.categories.rescind(['groups:read'], cid, 'guests', function (err) { assert.ifError(err); async.parallel({ test1: function (next) { @@ -189,7 +189,7 @@ describe('feeds', function () { }); it('should not allow access if token is correct but has no privilege', function (done) { - privileges.categories.rescind(['read'], cid, 'registered-users', function (err) { + privileges.categories.rescind(['groups:read'], cid, 'registered-users', function (err) { assert.ifError(err); request(nconf.get('url') + '/category/' + cid + '.rss?uid=' + fooUid + '&token=' + rssToken, { }, function (err, res, body) { assert.ifError(err); diff --git a/test/flags.js b/test/flags.js index f4ad852697..f505b4132b 100644 --- a/test/flags.js +++ b/test/flags.js @@ -655,7 +655,7 @@ describe('Flags', function () { it('should not allow flagging post in private category', async function () { const category = await Categories.create({ name: 'private category' }); - await Privileges.categories.rescind(['topics:read'], category.cid, 'registered-users'); + await Privileges.categories.rescind(['groups:topics:read'], category.cid, 'registered-users'); const result = await Topics.post({ cid: category.cid, uid: adminUid, diff --git a/test/groups.js b/test/groups.js index 02a70913d1..1e1e794335 100644 --- a/test/groups.js +++ b/test/groups.js @@ -579,7 +579,7 @@ describe('Groups', function () { Groups.create({ name: groupName }, next); }, function (groupData, next) { - privileges.categories.give(['topics:create'], cid, groupName, next); + privileges.categories.give(['groups:topics:create'], cid, groupName, next); }, function (next) { Groups.isMember(groupName, 'cid:1:privileges:groups:topics:create', next); diff --git a/test/mocks/databasemock.js b/test/mocks/databasemock.js index f78b73477d..2a89f9772a 100644 --- a/test/mocks/databasemock.js +++ b/test/mocks/databasemock.js @@ -213,11 +213,12 @@ async function setupDefaultConfigs(meta) { async function giveDefaultGlobalPrivileges() { const privileges = require('../../src/privileges'); await privileges.global.give([ - 'chat', 'upload:post:image', 'signature', 'search:content', - 'search:users', 'search:tags', 'local:login', 'view:users', 'view:tags', 'view:groups', + 'groups:chat', 'groups:upload:post:image', 'groups:signature', 'groups:search:content', + 'groups:search:users', 'groups:search:tags', 'groups:local:login', 'groups:view:users', + 'groups:view:tags', 'groups:view:groups', ], 'registered-users'); await privileges.global.give([ - 'view:users', 'view:tags', 'view:groups', + 'groups:view:users', 'groups:view:tags', 'groups:view:groups', ], 'guests'); } diff --git a/test/posts.js b/test/posts.js index dc82563463..15a8e76f48 100644 --- a/test/posts.js +++ b/test/posts.js @@ -160,13 +160,13 @@ describe('Post\'s', function () { describe('voting', function () { it('should fail to upvote post if group does not have upvote permission', function (done) { - privileges.categories.rescind(['posts:upvote', 'posts:downvote'], cid, 'registered-users', function (err) { + privileges.categories.rescind(['groups:posts:upvote', 'groups:posts:downvote'], cid, 'registered-users', function (err) { assert.ifError(err); socketPosts.upvote({ uid: voterUid }, { pid: postData.pid, room_id: 'topic_1' }, function (err) { assert.equal(err.message, '[[error:no-privileges]]'); socketPosts.downvote({ uid: voterUid }, { pid: postData.pid, room_id: 'topic_1' }, function (err) { assert.equal(err.message, '[[error:no-privileges]]'); - privileges.categories.give(['posts:upvote', 'posts:downvote'], cid, 'registered-users', function (err) { + privileges.categories.give(['groups:posts:upvote', 'groups:posts:downvote'], cid, 'registered-users', function (err) { assert.ifError(err); done(); }); @@ -320,7 +320,7 @@ describe('Post\'s', function () { tid = topicPostData.topicData.tid; mainPid = topicPostData.postData.pid; replyPid = replyData.pid; - privileges.categories.give(['purge'], cid, 'registered-users', done); + privileges.categories.give(['groups:purge'], cid, 'registered-users', done); }); }); @@ -351,7 +351,7 @@ describe('Post\'s', function () { groups.join('Global Moderators', uid, next); }, function (next) { - privileges.categories.rescind(['posts:view_deleted'], cid, 'Global Moderators', next); + privileges.categories.rescind(['groups:posts:view_deleted'], cid, 'Global Moderators', next); }, function (next) { helpers.loginUser('global mod', '123456', function (err, _jar) { @@ -361,7 +361,7 @@ describe('Post\'s', function () { request(nconf.get('url') + '/api/topic/' + tid, { jar: jar, json: true }, function (err, res, body) { assert.ifError(err); assert.equal(body.posts[1].content, '[[topic:post_is_deleted]]'); - privileges.categories.give(['posts:view_deleted'], cid, 'Global Moderators', next); + privileges.categories.give(['groups:posts:view_deleted'], cid, 'Global Moderators', next); }); }); }, @@ -448,7 +448,7 @@ describe('Post\'s', function () { }, function (err, data) { assert.ifError(err); replyPid = data.pid; - privileges.categories.give(['posts:edit'], cid, 'registered-users', done); + privileges.categories.give(['groups:posts:edit'], cid, 'registered-users', done); }); }); }); @@ -783,7 +783,7 @@ describe('Post\'s', function () { }, function (err, postData) { assert.ifError(err); pid = postData.pid; - privileges.categories.rescind(['topics:read'], cid, 'guests', done); + privileges.categories.rescind(['groups:topics:read'], cid, 'guests', done); }); }); diff --git a/test/search.js b/test/search.js index 732050ad68..f9af50157c 100644 --- a/test/search.js +++ b/test/search.js @@ -107,7 +107,7 @@ describe('Search', function () { it('should search term in titles and posts', function (done) { var meta = require('../src/meta'); var qs = '/api/search?term=cucumber&in=titlesposts&categories[]=' + cid1 + '&by=phoebe&replies=1&repliesFilter=atleast&sortBy=timestamp&sortDirection=desc&showAs=posts'; - privileges.global.give(['search:content'], 'guests', function (err) { + privileges.global.give(['groups:search:content'], 'guests', function (err) { assert.ifError(err); request({ url: nconf.get('url') + qs, @@ -120,7 +120,7 @@ describe('Search', function () { assert.equal(body.posts[0].pid, post1Data.pid); assert.equal(body.posts[0].uid, phoebeUid); - privileges.global.rescind(['search:content'], 'guests', done); + privileges.global.rescind(['groups:search:content'], 'guests', done); }); }); }); @@ -230,7 +230,7 @@ describe('Search', function () { it('should return json search data with no categories', function (done) { var qs = '/api/search?term=cucumber&in=titlesposts&searchOnly=1'; - privileges.global.give(['search:content'], 'guests', function (err) { + privileges.global.give(['groups:search:content'], 'guests', function (err) { assert.ifError(err); request({ url: nconf.get('url') + qs, @@ -244,7 +244,7 @@ describe('Search', function () { assert(body.hasOwnProperty('posts')); assert(!body.hasOwnProperty('categories')); - privileges.global.rescind(['search:content'], 'guests', done); + privileges.global.rescind(['groups:search:content'], 'guests', done); }); }); }); diff --git a/test/topics.js b/test/topics.js index 0ef388fca4..13e43efdd2 100644 --- a/test/topics.js +++ b/test/topics.js @@ -553,12 +553,12 @@ describe('Topic\'s', function () { groups.join('Global Moderators', uid, next); }, function (next) { - privileges.categories.rescind(['purge'], categoryObj.cid, 'Global Moderators', next); + privileges.categories.rescind(['groups:purge'], categoryObj.cid, 'Global Moderators', next); }, function (next) { socketTopics.purge({ uid: globalModUid }, { tids: [tid], cid: categoryObj.cid }, function (err) { assert.equal(err.message, '[[error:no-privileges]]'); - privileges.categories.give(['purge'], categoryObj.cid, 'Global Moderators', next); + privileges.categories.give(['groups:purge'], categoryObj.cid, 'Global Moderators', next); }); }, ], done); @@ -979,13 +979,13 @@ describe('Topic\'s', function () { it('should 401 if not allowed to read as guest', function (done) { var privileges = require('../src/privileges'); - privileges.categories.rescind(['topics:read'], topicData.cid, 'guests', function (err) { + privileges.categories.rescind(['groups:topics:read'], topicData.cid, 'guests', function (err) { assert.ifError(err); request(nconf.get('url') + '/api/topic/' + topicData.slug, function (err, response, body) { assert.ifError(err); assert.equal(response.statusCode, 401); assert(body); - privileges.categories.give(['topics:read'], topicData.cid, 'guests', done); + privileges.categories.give(['groups:topics:read'], topicData.cid, 'guests', done); }); }); }); @@ -1428,7 +1428,7 @@ describe('Topic\'s', function () { }, function (category, next) { privateCid = category.cid; - privileges.categories.rescind(['topics:read'], category.cid, 'registered-users', next); + privileges.categories.rescind(['groups:topics:read'], category.cid, 'registered-users', next); }, function (next) { topics.post({ uid: adminUid, title: 'topic in private category', content: 'registered-users cant see this', cid: privateCid }, next); @@ -1457,7 +1457,7 @@ describe('Topic\'s', function () { }, function (category, next) { ignoredCid = category.cid; - privileges.categories.rescind(['topics:read'], category.cid, 'registered-users', next); + privileges.categories.rescind(['groups:topics:read'], category.cid, 'registered-users', next); }, function (next) { topics.post({ uid: adminUid, title: 'topic in private category', content: 'registered-users cant see this', cid: ignoredCid }, next); @@ -2036,7 +2036,7 @@ describe('Topic\'s', function () { }); it('should fail to post if user does not have tag privilege', function (done) { - privileges.categories.rescind(['topics:tag'], cid, 'registered-users', function (err) { + privileges.categories.rescind(['groups:topics:tag'], cid, 'registered-users', function (err) { assert.ifError(err); topics.post({ uid: uid, cid: cid, tags: ['tag1'], title: 'topic with tags', content: 'some content here' }, function (err) { assert.equal(err.message, '[[error:no-privileges]]'); @@ -2057,7 +2057,7 @@ describe('Topic\'s', function () { }); it('should be able to edit topic and add tags if allowed', function (done) { - privileges.categories.give(['topics:tag'], cid, 'registered-users', function (err) { + privileges.categories.give(['groups:topics:tag'], cid, 'registered-users', function (err) { assert.ifError(err); topics.post({ uid: uid, cid: cid, tags: ['tag1'], title: 'topic with tags', content: 'some content here' }, function (err, result) { assert.ifError(err); diff --git a/test/uploads.js b/test/uploads.js index 30eaa1e1e5..1fdef50ca4 100644 --- a/test/uploads.js +++ b/test/uploads.js @@ -67,7 +67,7 @@ describe('Upload Controllers', function () { assert.ifError(err); jar = _jar; csrf_token = _csrf_token; - privileges.global.give(['upload:post:file'], 'registered-users', done); + privileges.global.give(['groups:upload:post:file'], 'registered-users', done); }); });