hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: #7743, privileges

Browse Source
v1.18.x
Barış Soner Uşaklı 6 years ago
parent 627ecaf6bb
commit faccb191ec
7 changed files with 654 additions and 1059 deletions
Show Stats Download Patch File Download Diff File

288
src/privileges/categories.js
Unescape Escape View File

@ -1,232 +1,164 @@
'use strict'; 'use strict';
var async = require('async'); const _ = require('lodash');
var _ = require('lodash');
var categories = require('../categories'); const categories = require('../categories');
var user = require('../user'); const user = require('../user');
var groups = require('../groups'); const groups = require('../groups');
var helpers = require('./helpers'); const helpers = require('./helpers');
var plugins = require('../plugins'); const plugins = require('../plugins');
const utils = require('../utils');
module.exports = function (privileges) { module.exports = function (privileges) {
privileges.categories = {}; privileges.categories = {};
privileges.categories.list = function (cid, callback) { // Method used in admin/category controller to show all users/groups with privs in that given cid
// Method used in admin/category controller to show all users/groups with privs in that given cid privileges.categories.list = async function (cid) {
async.waterfall([ async function getLabels() {
function (next) { return await utils.promiseParallel({
async.parallel({ users: plugins.fireHook('filter:privileges.list_human', privileges.privilegeLabels.slice()),
labels: function (next) { groups: plugins.fireHook('filter:privileges.groups.list_human', privileges.privilegeLabels.slice()),
async.parallel({ });
users: async.apply(plugins.fireHook, 'filter:privileges.list_human', privileges.privilegeLabels.slice()), }
groups: async.apply(plugins.fireHook, 'filter:privileges.groups.list_human', privileges.privilegeLabels.slice()),
}, next); const payload = await utils.promiseParallel({
}, labels: getLabels(),
users: function (next) { users: helpers.getUserPrivileges(cid, 'filter:privileges.list', privileges.userPrivilegeList),
helpers.getUserPrivileges(cid, 'filter:privileges.list', privileges.userPrivilegeList, next); groups: helpers.getGroupPrivileges(cid, 'filter:privileges.groups.list', privileges.groupPrivilegeList),
}, });
groups: function (next) {
helpers.getGroupPrivileges(cid, 'filter:privileges.groups.list', privileges.groupPrivilegeList, next); // This is a hack because I can't do {labels.users.length} to echo the count in templates.js
}, payload.columnCountUser = payload.labels.users.length + 2;
}, next); payload.columnCountUserOther = payload.labels.users.length - privileges.privilegeLabels.length;
}, payload.columnCountGroup = payload.labels.groups.length + 2;
function (payload, next) { payload.columnCountGroupOther = payload.labels.groups.length - privileges.privilegeLabels.length;
// This is a hack because I can't do {labels.users.length} to echo the count in templates.js return payload;
payload.columnCountUser = payload.labels.users.length + 2;
payload.columnCountUserOther = payload.labels.users.length - privileges.privilegeLabels.length;
payload.columnCountGroup = payload.labels.groups.length + 2;
payload.columnCountGroupOther = payload.labels.groups.length - privileges.privilegeLabels.length;
next(null, payload);
},
], callback);
}; };
privileges.categories.get = function (cid, uid, callback) { privileges.categories.get = async function (cid, uid) {
var privs = ['topics:create', 'topics:read', 'topics:tag', 'read']; const privs = ['topics:create', 'topics:read', 'topics:tag', 'read'];
async.waterfall([
function (next) { const [userPrivileges, isAdministrator, isModerator] = await Promise.all([
async.parallel({ helpers.isUserAllowedTo(privs, uid, cid),
privileges: function (next) { user.isAdministrator(uid),
helpers.isUserAllowedTo(privs, uid, cid, next); user.isModerator(uid, cid),
}, ]);
isAdministrator: function (next) {
user.isAdministrator(uid, next); const privData = _.zipObject(privs, userPrivileges);
}, const isAdminOrMod = isAdministrator || isModerator;
isModerator: function (next) {
user.isModerator(uid, cid, next); return await plugins.fireHook('filter:privileges.categories.get', {
}, 'topics:create': privData['topics:create'] || isAdministrator,
}, next); 'topics:read': privData['topics:read'] || isAdministrator,
}, 'topics:tag': privData['topics:tag'] || isAdministrator,
function (results, next) { read: privData.read || isAdministrator,
var privData = _.zipObject(privs, results.privileges); cid: cid,
var isAdminOrMod = results.isAdministrator || results.isModerator; uid: uid,
editable: isAdminOrMod,
plugins.fireHook('filter:privileges.categories.get', { view_deleted: isAdminOrMod,
'topics:create': privData['topics:create'] || results.isAdministrator, isAdminOrMod: isAdminOrMod,
'topics:read': privData['topics:read'] || results.isAdministrator, });
'topics:tag': privData['topics:tag'] || results.isAdministrator,
read: privData.read || results.isAdministrator,
cid: cid,
uid: uid,
editable: isAdminOrMod,
view_deleted: isAdminOrMod,
isAdminOrMod: isAdminOrMod,
}, next);
},
], callback);
}; };
privileges.categories.isAdminOrMod = function (cid, uid, callback) { privileges.categories.isAdminOrMod = async function (cid, uid) {
if (parseInt(uid, 10) <= 0) { if (parseInt(uid, 10) <= 0) {
return setImmediate(callback, null, false); return false;
} }
helpers.some([ const [isAdmin, isMod] = await Promise.all([
function (next) { user.isAdministrator(uid),
user.isModerator(uid, cid, next); user.isModerator(uid, cid),
}, ]);
function (next) { return isAdmin || isMod;
user.isAdministrator(uid, next);
},
], callback);
}; };
privileges.categories.isUserAllowedTo = function (privilege, cid, uid, callback) { privileges.categories.isUserAllowedTo = async function (privilege, cid, uid) {
if (!cid) { if (!cid) {
return setImmediate(callback, null, false); return false;
} }
if (Array.isArray(cid)) { const results = await helpers.isUserAllowedTo(privilege, uid, Array.isArray(cid) ? cid : [cid]);
helpers.isUserAllowedTo(privilege, uid, cid, function (err, results) {
callback(err, Array.isArray(results) && results.length ? results : false); if (Array.isArray(results) && results.length) {
}); return Array.isArray(cid) ? results : results[0];
} else {
helpers.isUserAllowedTo(privilege, uid, [cid], function (err, results) {
callback(err, Array.isArray(results) && results.length ? results[0] : false);
});
} }
return false;
}; };
privileges.categories.can = function (privilege, cid, uid, callback) { privileges.categories.can = async function (privilege, cid, uid) {
if (!cid) { if (!cid) {
return setImmediate(callback, null, false); return false;
} }
async.waterfall([ const [disabled, isAdmin, isAllowed] = await Promise.all([
function (next) { categories.getCategoryField(cid, 'disabled'),
async.parallel({ user.isAdministrator(uid),
disabled: async.apply(categories.getCategoryField, cid, 'disabled'), privileges.categories.isUserAllowedTo(privilege, cid, uid),
isAdmin: async.apply(user.isAdministrator, uid), ]);
isAllowed: async.apply(privileges.categories.isUserAllowedTo, privilege, cid, uid), return !disabled && (isAllowed || isAdmin);
}, next);
},
function (results, next) {
next(null, !results.disabled && (results.isAllowed || results.isAdmin));
},
], callback);
}; };
privileges.categories.filterCids = function (privilege, cids, uid, callback) { privileges.categories.filterCids = async function (privilege, cids, uid) {
if (!Array.isArray(cids) || !cids.length) { if (!Array.isArray(cids) || !cids.length) {
return callback(null, []); return [];
} }
cids = _.uniq(cids); cids = _.uniq(cids);
const results = await privileges.categories.getBase(privilege, cids, uid);
async.waterfall([ return cids.filter(function (cid, index) {
function (next) { return !!cid && !results.categories[index].disabled && (results.allowedTo[index] || results.isAdmin);
privileges.categories.getBase(privilege, cids, uid, next); });
},
function (results, next) {
cids = cids.filter(function (cid, index) {
return !results.categories[index].disabled &&
(results.allowedTo[index] || results.isAdmin);
});
next(null, cids.filter(Boolean));
},
], callback);
}; };
privileges.categories.getBase = function (privilege, cids, uid, callback) { privileges.categories.getBase = async function (privilege, cids, uid) {
async.parallel({ return await utils.promiseParallel({
categories: function (next) { categories: categories.getCategoriesFields(cids, ['disabled']),
categories.getCategoriesFields(cids, ['disabled'], next); allowedTo: helpers.isUserAllowedTo(privilege, uid, cids),
}, isAdmin: user.isAdministrator(uid),
allowedTo: function (next) { });
helpers.isUserAllowedTo(privilege, uid, cids, next);
},
isAdmin: function (next) {
user.isAdministrator(uid, next);
},
}, callback);
}; };
privileges.categories.filterUids = function (privilege, cid, uids, callback) { privileges.categories.filterUids = async function (privilege, cid, uids) {
if (!uids.length) { if (!uids.length) {
return setImmediate(callback, null, []); return [];
} }
uids = _.uniq(uids); uids = _.uniq(uids);
async.waterfall([ const [allowedTo, isAdmins] = await Promise.all([
function (next) { helpers.isUsersAllowedTo(privilege, uids, cid),
async.parallel({ user.isAdministrator(uids),
allowedTo: function (next) { ]);
helpers.isUsersAllowedTo(privilege, uids, cid, next); return uids.filter((uid, index) => allowedTo[index] || isAdmins[index]);
},
isAdmins: function (next) {
user.isAdministrator(uids, next);
},
}, next);
},
function (results, next) {
uids = uids.filter(function (uid, index) {
return results.allowedTo[index] || results.isAdmins[index];
});
next(null, uids);
},
], callback);
}; };
privileges.categories.give = function (privileges, cid, groupName, callback) { privileges.categories.give = async function (privileges, cid, groupName) {
helpers.giveOrRescind(groups.join, privileges, cid, groupName, callback); await helpers.giveOrRescind(groups.join, privileges, cid, groupName);
}; };
privileges.categories.rescind = function (privileges, cid, groupName, callback) { privileges.categories.rescind = async function (privileges, cid, groupName) {
helpers.giveOrRescind(groups.leave, privileges, cid, groupName, callback); await helpers.giveOrRescind(groups.leave, privileges, cid, groupName);
}; };
privileges.categories.canMoveAllTopics = function (currentCid, targetCid, uid, callback) { privileges.categories.canMoveAllTopics = async function (currentCid, targetCid, uid) {
async.waterfall([ const [isAdmin, isModerators] = await Promise.all([
function (next) { user.isAdministrator(uid),
async.parallel({ user.isModerator(uid, [currentCid, targetCid]),
isAdmin: async.apply(user.isAdministrator, uid), ]);
isModerators: async.apply(user.isModerator, uid, [currentCid, targetCid]), return isAdmin || !isModerators.includes(false);
}, next);
},
function (results, next) {
next(null, results.isAdmin || !results.isModerators.includes(false));
},
], callback);
}; };
privileges.categories.userPrivileges = function (cid, uid, callback) { privileges.categories.userPrivileges = async function (cid, uid) {
var tasks = {}; const tasks = {};
privileges.userPrivilegeList.forEach(function (privilege) { privileges.userPrivilegeList.forEach(function (privilege) {
tasks[privilege] = async.apply(groups.isMember, uid, 'cid:' + cid + ':privileges:' + privilege); tasks[privilege] = groups.isMember(uid, 'cid:' + cid + ':privileges:' + privilege);
}); });
return await utils.promiseParallel(tasks);
async.parallel(tasks, callback);
}; };
privileges.categories.groupPrivileges = function (cid, groupName, callback) { privileges.categories.groupPrivileges = async function (cid, groupName) {
var tasks = {}; const tasks = {};
privileges.groupPrivilegeList.forEach(function (privilege) { privileges.groupPrivilegeList.forEach(function (privilege) {
tasks[privilege] = async.apply(groups.isMember, groupName, 'cid:' + cid + ':privileges:' + privilege); tasks[privilege] = groups.isMember(groupName, 'cid:' + cid + ':privileges:' + privilege);
}); });
return await utils.promiseParallel(tasks);
async.parallel(tasks, callback);
}; };
}; };

153
src/privileges/global.js
Unescape Escape View File

@ -1,13 +1,13 @@
'use strict'; 'use strict';
var async = require('async'); const _ = require('lodash');
var _ = require('lodash');
var user = require('../user'); const user = require('../user');
var groups = require('../groups'); const groups = require('../groups');
var helpers = require('./helpers'); const helpers = require('./helpers');
var plugins = require('../plugins'); const plugins = require('../plugins');
const utils = require('../utils');
module.exports = function (privileges) { module.exports = function (privileges) {
privileges.global = {}; privileges.global = {};
@ -44,108 +44,79 @@ module.exports = function (privileges) {
'group:create', 'group:create',
]; ];
privileges.global.groupPrivilegeList = privileges.global.userPrivilegeList.map(function (privilege) { privileges.global.groupPrivilegeList = privileges.global.userPrivilegeList.map(privilege => 'groups:' + privilege);
return 'groups:' + privilege;
}); privileges.global.list = async function () {
async function getLabels() {
privileges.global.list = function (callback) { return await utils.promiseParallel({
async.waterfall([ users: plugins.fireHook('filter:privileges.global.list_human', privileges.global.privilegeLabels.slice()),
function (next) { groups: plugins.fireHook('filter:privileges.global.groups.list_human', privileges.global.privilegeLabels.slice()),
async.parallel({ });
labels: function (next) { }
async.parallel({ const payload = await utils.promiseParallel({
users: async.apply(plugins.fireHook, 'filter:privileges.global.list_human', privileges.global.privilegeLabels.slice()), labels: getLabels(),
groups: async.apply(plugins.fireHook, 'filter:privileges.global.groups.list_human', privileges.global.privilegeLabels.slice()), users: helpers.getUserPrivileges(0, 'filter:privileges.global.list', privileges.global.userPrivilegeList),
}, next); groups: helpers.getGroupPrivileges(0, 'filter:privileges.global.groups.list', privileges.global.groupPrivilegeList),
}, });
users: function (next) { // This is a hack because I can't do {labels.users.length} to echo the count in templates.js
helpers.getUserPrivileges(0, 'filter:privileges.global.list', privileges.global.userPrivilegeList, next); payload.columnCount = payload.labels.users.length + 2;
}, return payload;
groups: function (next) {
helpers.getGroupPrivileges(0, 'filter:privileges.global.groups.list', privileges.global.groupPrivilegeList, next);
},
}, next);
},
function (payload, next) {
// This is a hack because I can't do {labels.users.length} to echo the count in templates.js
payload.columnCount = payload.labels.users.length + 2;
next(null, payload);
},
], callback);
}; };
privileges.global.get = function (uid, callback) { privileges.global.get = async function (uid) {
async.waterfall([ const [userPrivileges, isAdministrator] = await Promise.all([
function (next) { helpers.isUserAllowedTo(privileges.global.userPrivilegeList, uid, 0),
async.parallel({ user.isAdministrator(uid),
privileges: function (next) { ]);
helpers.isUserAllowedTo(privileges.global.userPrivilegeList, uid, 0, next);
}, const privData = _.zipObject(privileges.global.userPrivilegeList, userPrivileges);
isAdministrator: function (next) {
user.isAdministrator(uid, next); return await plugins.fireHook('filter:privileges.global.get', {
}, chat: privData.chat || isAdministrator,
}, next); 'upload:post:image': privData['upload:post:image'] || isAdministrator,
}, 'upload:post:file': privData['upload:post:file'] || isAdministrator,
function (results, next) { 'search:content': privData['search:content'] || isAdministrator,
var privData = _.zipObject(privileges.global.userPrivilegeList, results.privileges); 'search:users': privData['search:users'] || isAdministrator,
'search:tags': privData['search:tags'] || isAdministrator,
plugins.fireHook('filter:privileges.global.get', { 'view:users': privData['view:users'] || isAdministrator,
chat: privData.chat || results.isAdministrator, 'view:tags': privData['view:tags'] || isAdministrator,
'upload:post:image': privData['upload:post:image'] || results.isAdministrator, 'view:groups': privData['view:groups'] || isAdministrator,
'upload:post:file': privData['upload:post:file'] || results.isAdministrator, });
'search:content': privData['search:content'] || results.isAdministrator,
'search:users': privData['search:users'] || results.isAdministrator,
'search:tags': privData['search:tags'] || results.isAdministrator,
'view:users': privData['view:users'] || results.isAdministrator,
'view:tags': privData['view:tags'] || results.isAdministrator,
'view:groups': privData['view:groups'] || results.isAdministrator,
}, next);
},
], callback);
}; };
privileges.global.can = function (privilege, uid, callback) { privileges.global.can = async function (privilege, uid) {
helpers.some([ const [isAdministrator, isUserAllowedTo] = await Promise.all([
function (next) { user.isAdministrator(uid),
helpers.isUserAllowedTo(privilege, uid, [0], function (err, results) { helpers.isUserAllowedTo(privilege, uid, [0]),
next(err, Array.isArray(results) && results.length ? results[0] : false); ]);
}); return isAdministrator || isUserAllowedTo[0];
},
function (next) {
user.isAdministrator(uid, next);
},
], callback);
}; };
privileges.global.canGroup = function (privilege, groupName, callback) { privileges.global.canGroup = async function (privilege, groupName) {
groups.isMember(groupName, 'cid:0:privileges:groups:' + privilege, callback); return await groups.isMember(groupName, 'cid:0:privileges:groups:' + privilege);
}; };
privileges.global.give = function (privileges, groupName, callback) { privileges.global.give = async function (privileges, groupName) {
helpers.giveOrRescind(groups.join, privileges, 0, groupName, callback); await helpers.giveOrRescind(groups.join, privileges, 0, groupName);
}; };
privileges.global.rescind = function (privileges, groupName, callback) { privileges.global.rescind = async function (privileges, groupName) {
helpers.giveOrRescind(groups.leave, privileges, 0, groupName, callback); await helpers.giveOrRescind(groups.leave, privileges, 0, groupName);
}; };
privileges.global.userPrivileges = function (uid, callback) { privileges.global.userPrivileges = async function (uid) {
var tasks = {}; const tasks = {};
privileges.global.userPrivilegeList.forEach(function (privilege) { privileges.global.userPrivilegeList.forEach(function (privilege) {
tasks[privilege] = async.apply(groups.isMember, uid, 'cid:0:privileges:' + privilege); tasks[privilege] = groups.isMember(uid, 'cid:0:privileges:' + privilege);
}); });
return await utils.promiseParallel(tasks);
async.parallel(tasks, callback);
}; };
privileges.global.groupPrivileges = function (groupName, callback) { privileges.global.groupPrivileges = async function (groupName) {
var tasks = {}; const tasks = {};
privileges.global.groupPrivilegeList.forEach(function (privilege) { privileges.global.groupPrivilegeList.forEach(function (privilege) {
tasks[privilege] = async.apply(groups.isMember, groupName, 'cid:0:privileges:' + privilege); tasks[privilege] = groups.isMember(groupName, 'cid:0:privileges:' + privilege);
}); });
return await utils.promiseParallel(tasks);
async.parallel(tasks, callback);
}; };
}; };

254
src/privileges/helpers.js
Unescape Escape View File

@ -1,212 +1,137 @@
'use strict'; 'use strict';
var async = require('async'); const _ = require('lodash');
var _ = require('lodash');
var groups = require('../groups'); const groups = require('../groups');
var user = require('../user'); const user = require('../user');
var plugins = require('../plugins'); const plugins = require('../plugins');
var helpers = module.exports; const helpers = module.exports;
var uidToSystemGroup = { const uidToSystemGroup = {
0: 'guests', 0: 'guests',
'-1': 'spiders', '-1': 'spiders',
}; };
helpers.some = function (tasks, callback) { helpers.isUserAllowedTo = async function (privilege, uid, cid) {
async.some(tasks, function (task, next) {
task(next);
}, callback);
};
helpers.isUserAllowedTo = function (privilege, uid, cid, callback) {
if (Array.isArray(privilege) && !Array.isArray(cid)) { if (Array.isArray(privilege) && !Array.isArray(cid)) {
isUserAllowedToPrivileges(privilege, uid, cid, callback); return await isUserAllowedToPrivileges(privilege, uid, cid);
} else if (Array.isArray(cid) && !Array.isArray(privilege)) { } else if (Array.isArray(cid) && !Array.isArray(privilege)) {
isUserAllowedToCids(privilege, uid, cid, callback); return await isUserAllowedToCids(privilege, uid, cid);
} else {
return callback(new Error('[[error:invalid-data]]'));
} }
throw new Error('[[error:invalid-data]]');
}; };
function isUserAllowedToCids(privilege, uid, cids, callback) { async function isUserAllowedToCids(privilege, uid, cids) {
if (parseInt(uid, 10) <= 0) { if (parseInt(uid, 10) <= 0) {
return isSystemGroupAllowedToCids(privilege, uid, cids, callback); return await isSystemGroupAllowedToCids(privilege, uid, cids);
} }
var userKeys = []; const userKeys = [];
var groupKeys = []; const groupKeys = [];
cids.forEach(function (cid) { cids.forEach(function (cid) {
userKeys.push('cid:' + cid + ':privileges:' + privilege); userKeys.push('cid:' + cid + ':privileges:' + privilege);
groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege); groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege);
}); });
checkIfAllowed(uid, userKeys, groupKeys, callback); return await checkIfAllowed(uid, userKeys, groupKeys);
} }
function isUserAllowedToPrivileges(privileges, uid, cid, callback) { async function isUserAllowedToPrivileges(privileges, uid, cid) {
if (parseInt(uid, 10) <= 0) { if (parseInt(uid, 10) <= 0) {
return isSystemGroupAllowedToPrivileges(privileges, uid, cid, callback); return await isSystemGroupAllowedToPrivileges(privileges, uid, cid);
} }
var userKeys = []; const userKeys = [];
var groupKeys = []; const groupKeys = [];
privileges.forEach(function (privilege) { privileges.forEach(function (privilege) {
userKeys.push('cid:' + cid + ':privileges:' + privilege); userKeys.push('cid:' + cid + ':privileges:' + privilege);
groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege); groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege);
}); });
checkIfAllowed(uid, userKeys, groupKeys, callback); return await checkIfAllowed(uid, userKeys, groupKeys);
} }
function checkIfAllowed(uid, userKeys, groupKeys, callback) { async function checkIfAllowed(uid, userKeys, groupKeys) {
async.waterfall([ const [hasUserPrivilege, hasGroupPrivilege] = await Promise.all([
function (next) { groups.isMemberOfGroups(uid, userKeys),
async.parallel({ groups.isMemberOfGroupsList(uid, groupKeys),
hasUserPrivilege: function (next) { ]);
groups.isMemberOfGroups(uid, userKeys, next); return userKeys.map((key, index) => hasUserPrivilege[index] || hasGroupPrivilege[index]);
},
hasGroupPrivilege: function (next) {
groups.isMemberOfGroupsList(uid, groupKeys, next);
},
}, next);
},
function (results, next) {
var result = userKeys.map(function (key, index) {
return results.hasUserPrivilege[index] || results.hasGroupPrivilege[index];
});
next(null, result);
},
], callback);
} }
helpers.isUsersAllowedTo = function (privilege, uids, cid, callback) { helpers.isUsersAllowedTo = async function (privilege, uids, cid) {
async.waterfall([ const [hasUserPrivilege, hasGroupPrivilege] = await Promise.all([
function (next) { groups.isMembers(uids, 'cid:' + cid + ':privileges:' + privilege),
async.parallel({ groups.isMembersOfGroupList(uids, 'cid:' + cid + ':privileges:groups:' + privilege),
hasUserPrivilege: function (next) { ]);
groups.isMembers(uids, 'cid:' + cid + ':privileges:' + privilege, next); return uids.map((uid, index) => hasUserPrivilege[index] || hasGroupPrivilege[index]);
},
hasGroupPrivilege: function (next) {
groups.isMembersOfGroupList(uids, 'cid:' + cid + ':privileges:groups:' + privilege, next);
},
}, next);
},
function (results, next) {
var result = uids.map(function (uid, index) {
return results.hasUserPrivilege[index] || results.hasGroupPrivilege[index];
});
next(null, result);
},
], callback);
}; };
function isSystemGroupAllowedToCids(privilege, uid, cids, callback) { async function isSystemGroupAllowedToCids(privilege, uid, cids) {
const groupKeys = cids.map(cid => 'cid:' + cid + ':privileges:groups:' + privilege); const groupKeys = cids.map(cid => 'cid:' + cid + ':privileges:groups:' + privilege);
groups.isMemberOfGroups(uidToSystemGroup[uid], groupKeys, callback); return await groups.isMemberOfGroups(uidToSystemGroup[uid], groupKeys);
} }
function isSystemGroupAllowedToPrivileges(privileges, uid, cid, callback) { async function isSystemGroupAllowedToPrivileges(privileges, uid, cid) {
const groupKeys = privileges.map(privilege => 'cid:' + cid + ':privileges:groups:' + privilege); const groupKeys = privileges.map(privilege => 'cid:' + cid + ':privileges:groups:' + privilege);
groups.isMemberOfGroups(uidToSystemGroup[uid], groupKeys, callback); return await groups.isMemberOfGroups(uidToSystemGroup[uid], groupKeys);
} }
helpers.getUserPrivileges = function (cid, hookName, userPrivilegeList, callback) { helpers.getUserPrivileges = async function (cid, hookName, userPrivilegeList) {
var userPrivileges; const userPrivileges = await plugins.fireHook(hookName, userPrivilegeList.slice());
var memberSets; let memberSets = await groups.getMembersOfGroups(userPrivileges.map(privilege => 'cid:' + cid + ':privileges:' + privilege));
async.waterfall([ memberSets = memberSets.map(function (set) {
async.apply(plugins.fireHook, hookName, userPrivilegeList.slice()), return set.map(uid => parseInt(uid, 10));
function (_privs, next) { });
userPrivileges = _privs;
groups.getMembersOfGroups(userPrivileges.map(privilege => 'cid:' + cid + ':privileges:' + privilege), next);
},
function (_memberSets, next) {
memberSets = _memberSets.map(function (set) {
return set.map(uid => parseInt(uid, 10));
});
var members = _.uniq(_.flatten(memberSets)); const members = _.uniq(_.flatten(memberSets));
const memberData = await user.getUsersFields(members, ['picture', 'username']);
user.getUsersFields(members, ['picture', 'username'], next); memberData.forEach(function (member) {
}, member.privileges = {};
function (memberData, next) { for (var x = 0, numPrivs = userPrivileges.length; x < numPrivs; x += 1) {
memberData.forEach(function (member) { member.privileges[userPrivileges[x]] = memberSets[x].includes(parseInt(member.uid, 10));
member.privileges = {}; }
for (var x = 0, numPrivs = userPrivileges.length; x < numPrivs; x += 1) { });
member.privileges[userPrivileges[x]] = memberSets[x].includes(parseInt(member.uid, 10));
}
});
next(null, memberData); return memberData;
},
], callback);
}; };
helpers.getGroupPrivileges = function (cid, hookName, groupPrivilegeList, callback) { helpers.getGroupPrivileges = async function (cid, hookName, groupPrivilegeList) {
var groupPrivileges; const groupPrivileges = await plugins.fireHook(hookName, groupPrivilegeList.slice());
async.waterfall([ const [memberSets, allGroupNames] = await Promise.all([
async.apply(plugins.fireHook, hookName, groupPrivilegeList.slice()), groups.getMembersOfGroups(groupPrivileges.map(privilege => 'cid:' + cid + ':privileges:' + privilege)),
function (_privs, next) { groups.getGroups('groups:createtime', 0, -1),
groupPrivileges = _privs; ]);
async.parallel({
memberSets: function (next) { const uniqueGroups = _.uniq(_.flatten(memberSets));
groups.getMembersOfGroups(groupPrivileges.map(privilege => 'cid:' + cid + ':privileges:' + privilege), next);
}, let groupNames = allGroupNames.filter(groupName => !groupName.includes(':privileges:') && uniqueGroups.includes(groupName));
groupNames: function (next) {
groups.getGroups('groups:createtime', 0, -1, next); groupNames = groups.ephemeralGroups.concat(groupNames);
}, moveToFront(groupNames, 'Global Moderators');
}, next); moveToFront(groupNames, 'registered-users');
},
function (results, next) {
var memberSets = results.memberSets;
var uniqueGroups = _.uniq(_.flatten(memberSets));
var groupNames = results.groupNames.filter(groupName => !groupName.includes(':privileges:') && uniqueGroups.includes(groupName));
groupNames = groups.ephemeralGroups.concat(groupNames);
moveToFront(groupNames, 'Global Moderators');
moveToFront(groupNames, 'registered-users');
var adminIndex = groupNames.indexOf('administrators');
if (adminIndex !== -1) {
groupNames.splice(adminIndex, 1);
}
var memberPrivs;
var memberData = groupNames.map(function (member) {
memberPrivs = {};
for (var x = 0, numPrivs = groupPrivileges.length; x < numPrivs; x += 1) {
memberPrivs[groupPrivileges[x]] = memberSets[x].includes(member);
}
return {
name: member,
privileges: memberPrivs,
};
});
next(null, memberData); const adminIndex = groupNames.indexOf('administrators');
}, if (adminIndex !== -1) {
function (memberData, next) { groupNames.splice(adminIndex, 1);
// Grab privacy info for the groups as well }
async.map(memberData, function (member, next) { const groupData = await groups.getGroupsFields(groupNames, ['private']);
async.waterfall([ const memberData = groupNames.map(function (member, index) {
function (next) { const memberPrivs = {};
groups.isPrivate(member.name, next);
}, for (var x = 0, numPrivs = groupPrivileges.length; x < numPrivs; x += 1) {
function (isPrivate, next) { memberPrivs[groupPrivileges[x]] = memberSets[x].includes(member);
member.isPrivate = isPrivate; }
next(null, member); return {
}, name: member,
], next); privileges: memberPrivs,
}, next); isPrivate: groupData[index] && !!groupData[index].private,
}, };
], callback); });
return memberData;
}; };
function moveToFront(groupNames, groupToMove) { function moveToFront(groupNames, groupToMove) {
@ -218,16 +143,19 @@ function moveToFront(groupNames, groupToMove) {
} }
} }
helpers.giveOrRescind = function (method, privileges, cids, groupNames, callback) { helpers.giveOrRescind = async function (method, privileges, cids, groupNames) {
groupNames = Array.isArray(groupNames) ? groupNames : [groupNames]; groupNames = Array.isArray(groupNames) ? groupNames : [groupNames];
cids = Array.isArray(cids) ? cids : [cids]; cids = Array.isArray(cids) ? cids : [cids];
async.eachSeries(groupNames, function (groupName, next) { for (const groupName of groupNames) {
var groupKeys = []; const groupKeys = [];
cids.forEach((cid) => { cids.forEach((cid) => {
privileges.forEach((privilege) => { privileges.forEach((privilege) => {
groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege); groupKeys.push('cid:' + cid + ':privileges:groups:' + privilege);
}); });
}); });
method(groupKeys, groupName, next); /* eslint-disable no-await-in-loop */
}, callback); await method(groupKeys, groupName);
}
}; };
require('../promisify')(helpers);

4
src/privileges/index.js
Unescape Escape View File

@ -38,9 +38,7 @@ privileges.userPrivilegeList = [
'moderate', 'moderate',
]; ];
privileges.groupPrivilegeList = privileges.userPrivilegeList.map(function (privilege) { privileges.groupPrivilegeList = privileges.userPrivilegeList.map(privilege => 'groups:' + privilege);
return 'groups:' + privilege;
});
privileges.privilegeList = privileges.userPrivilegeList.concat(privileges.groupPrivilegeList); privileges.privilegeList = privileges.userPrivilegeList.concat(privileges.groupPrivilegeList);

449
src/privileges/posts.js
Unescape Escape View File

@ -1,300 +1,213 @@
'use strict'; 'use strict';
var async = require('async'); const _ = require('lodash');
var _ = require('lodash');
var meta = require('../meta'); const meta = require('../meta');
var posts = require('../posts'); const posts = require('../posts');
var topics = require('../topics'); const topics = require('../topics');
var user = require('../user'); const user = require('../user');
var helpers = require('./helpers'); const helpers = require('./helpers');
var plugins = require('../plugins'); const plugins = require('../plugins');
const utils = require('../utils');
module.exports = function (privileges) { module.exports = function (privileges) {
privileges.posts = {}; privileges.posts = {};
privileges.posts.get = function (pids, uid, callback) { privileges.posts.get = async function (pids, uid) {
if (!Array.isArray(pids) || !pids.length) { if (!Array.isArray(pids) || !pids.length) {
return setImmediate(callback, null, []); return [];
} }
let uniqueCids; const cids = await posts.getCidsByPids(pids);
let cids; const uniqueCids = _.uniq(cids);
async.waterfall([
function (next) { const results = await utils.promiseParallel({
posts.getCidsByPids(pids, next); isAdmin: user.isAdministrator(uid),
}, isModerator: user.isModerator(uid, uniqueCids),
function (_cids, next) { isOwner: posts.isOwner(pids, uid),
cids = _cids; 'topics:read': helpers.isUserAllowedTo('topics:read', uid, uniqueCids),
uniqueCids = _.uniq(cids); read: helpers.isUserAllowedTo('read', uid, uniqueCids),
async.parallel({ 'posts:edit': helpers.isUserAllowedTo('posts:edit', uid, uniqueCids),
isAdmin: async.apply(user.isAdministrator, uid), 'posts:history': helpers.isUserAllowedTo('posts:history', uid, uniqueCids),
isModerator: async.apply(user.isModerator, uid, uniqueCids), 'posts:view_deleted': helpers.isUserAllowedTo('posts:view_deleted', uid, uniqueCids),
isOwner: async.apply(posts.isOwner, pids, uid), });
'topics:read': async.apply(helpers.isUserAllowedTo, 'topics:read', uid, uniqueCids),
read: async.apply(helpers.isUserAllowedTo, 'read', uid, uniqueCids), const isModerator = _.zipObject(uniqueCids, results.isModerator);
'posts:edit': async.apply(helpers.isUserAllowedTo, 'posts:edit', uid, uniqueCids), const privData = {};
'posts:history': async.apply(helpers.isUserAllowedTo, 'posts:history', uid, uniqueCids), privData['topics:read'] = _.zipObject(uniqueCids, results['topics:read']);
'posts:view_deleted': async.apply(helpers.isUserAllowedTo, 'posts:view_deleted', uid, uniqueCids), privData.read = _.zipObject(uniqueCids, results.read);
}, next); privData['posts:edit'] = _.zipObject(uniqueCids, results['posts:edit']);
}, privData['posts:history'] = _.zipObject(uniqueCids, results['posts:history']);
function (results, next) { privData['posts:view_deleted'] = _.zipObject(uniqueCids, results['posts:view_deleted']);
const isModerator = _.zipObject(uniqueCids, results.isModerator);
const privData = {}; const privileges = cids.map(function (cid, i) {
privData['topics:read'] = _.zipObject(uniqueCids, results['topics:read']); const isAdminOrMod = results.isAdmin || isModerator[cid];
privData.read = _.zipObject(uniqueCids, results.read); const editable = (privData['posts:edit'][cid] && (results.isOwner[i] || results.isModerator)) || results.isAdmin;
privData['posts:edit'] = _.zipObject(uniqueCids, results['posts:edit']); const viewDeletedPosts = results.isOwner[i] || privData['posts:view_deleted'][cid] || results.isAdmin;
privData['posts:history'] = _.zipObject(uniqueCids, results['posts:history']); const viewHistory = results.isOwner[i] || privData['posts:history'][cid] || results.isAdmin;
privData['posts:view_deleted'] = _.zipObject(uniqueCids, results['posts:view_deleted']);
return {
var privileges = cids.map(function (cid, i) { editable: editable,
var isAdminOrMod = results.isAdmin || isModerator[cid]; move: isAdminOrMod,
var editable = (privData['posts:edit'][cid] && (results.isOwner[i] || results.isModerator)) || results.isAdmin; isAdminOrMod: isAdminOrMod,
var viewDeletedPosts = results.isOwner[i] || privData['posts:view_deleted'][cid] || results.isAdmin; 'topics:read': privData['topics:read'][cid] || results.isAdmin,
var viewHistory = results.isOwner[i] || privData['posts:history'][cid] || results.isAdmin; read: privData.read[cid] || results.isAdmin,
'posts:history': viewHistory,
return { 'posts:view_deleted': viewDeletedPosts,
editable: editable, };
move: isAdminOrMod, });
isAdminOrMod: isAdminOrMod,
'topics:read': privData['topics:read'][cid] || results.isAdmin, return privileges;
read: privData.read[cid] || results.isAdmin,
'posts:history': viewHistory,
'posts:view_deleted': viewDeletedPosts,
};
});
next(null, privileges);
},
], callback);
}; };
privileges.posts.can = function (privilege, pid, uid, callback) { privileges.posts.can = async function (privilege, pid, uid) {
async.waterfall([ const cid = await posts.getCidByPid(pid);
function (next) { return await privileges.categories.can(privilege, cid, uid);
posts.getCidByPid(pid, next);
},
function (cid, next) {
privileges.categories.can(privilege, cid, uid, next);
},
], callback);
}; };
privileges.posts.filter = function (privilege, pids, uid, callback) { privileges.posts.filter = async function (privilege, pids, uid) {
if (!Array.isArray(pids) || !pids.length) { if (!Array.isArray(pids) || !pids.length) {
return setImmediate(callback, null, []); return [];
} }
var cids;
var postData;
var tids;
var tidToTopic = {};
pids = _.uniq(pids); pids = _.uniq(pids);
const postData = await posts.getPostsFields(pids, ['uid', 'tid', 'deleted']);
async.waterfall([ const tids = _.uniq(postData.map(post => post && post.tid).filter(Boolean));
function (next) { const topicData = await topics.getTopicsFields(tids, ['deleted', 'cid']);
posts.getPostsFields(pids, ['uid', 'tid', 'deleted'], next);
}, const tidToTopic = _.zipObject(tids, topicData);
function (_posts, next) {
postData = _posts; let cids = postData.map(function (post, index) {
if (post) {
tids = _.uniq(_posts.map(post => post && post.tid).filter(Boolean)); post.pid = pids[index];
post.topic = tidToTopic[post.tid];
topics.getTopicsFields(tids, ['deleted', 'cid'], next); }
}, return tidToTopic[post.tid] && tidToTopic[post.tid].cid;
function (topicData, next) { }).filter(cid => parseInt(cid, 10));
topicData.forEach(function (topic, index) {
if (topic) { cids = _.uniq(cids);
tidToTopic[tids[index]] = topic;
} const results = await privileges.categories.getBase(privilege, cids, uid);
}); cids = cids.filter(function (cid, index) {
return !results.categories[index].disabled &&
cids = postData.map(function (post, index) { (results.allowedTo[index] || results.isAdmin);
if (post) { });
post.pid = pids[index];
post.topic = tidToTopic[post.tid]; const cidsSet = new Set(cids);
}
return tidToTopic[post.tid] && tidToTopic[post.tid].cid; pids = postData.filter(function (post) {
}).filter(cid => parseInt(cid, 10)); return post.topic && cidsSet.has(post.topic.cid) &&
((!post.topic.deleted && !post.deleted) || results.isAdmin);
cids = _.uniq(cids); }).map(post => post.pid);
privileges.categories.getBase(privilege, cids, uid, next); const data = await plugins.fireHook('filter:privileges.posts.filter', {
}, privilege: privilege,
function (results, next) { uid: uid,
cids = cids.filter(function (cid, index) { pids: pids,
return !results.categories[index].disabled && });
(results.allowedTo[index] || results.isAdmin);
}); return data ? data.pids : null;
const cidsSet = new Set(cids);
pids = postData.filter(function (post) {
return post.topic && cidsSet.has(post.topic.cid) &&
((!post.topic.deleted && !post.deleted) || results.isAdmin);
}).map(post => post.pid);
plugins.fireHook('filter:privileges.posts.filter', {
privilege: privilege,
uid: uid,
pids: pids,
}, function (err, data) {
next(err, data ? data.pids : null);
});
},
], callback);
}; };
privileges.posts.canEdit = function (pid, uid, callback) { privileges.posts.canEdit = async function (pid, uid) {
let results; const results = await utils.promiseParallel({
async.waterfall([ isAdmin: privileges.users.isAdministrator(uid),
function (next) { isMod: posts.isModerator([pid], uid),
async.parallel({ owner: posts.isOwner(pid, uid),
isAdmin: async.apply(privileges.users.isAdministrator, uid), edit: privileges.posts.can('posts:edit', pid, uid),
isMod: async.apply(posts.isModerator, [pid], uid), postData: posts.getPostFields(pid, ['tid', 'timestamp', 'deleted', 'deleterUid']),
owner: async.apply(posts.isOwner, pid, uid), userData: user.getUserFields(uid, ['reputation']),
edit: async.apply(privileges.posts.can, 'posts:edit', pid, uid), });
postData: async.apply(posts.getPostFields, pid, ['tid', 'timestamp', 'deleted', 'deleterUid']),
userData: async.apply(user.getUserFields, uid, ['reputation']), results.isMod = results.isMod[0];
}, next); if (results.isAdmin) {
}, return { flag: true };
function (_results, next) { }
results = _results;
results.isMod = results.isMod[0]; if (!results.isMod && meta.config.postEditDuration && (Date.now() - results.postData.timestamp > meta.config.postEditDuration * 1000)) {
if (results.isAdmin) { return { flag: false, message: '[[error:post-edit-duration-expired, ' + meta.config.postEditDuration + ']]' };
return callback(null, { flag: true }); }
} if (!results.isMod && meta.config.newbiePostEditDuration > 0 && meta.config.newbiePostDelayThreshold > results.userData.reputation && Date.now() - results.postData.timestamp > meta.config.newbiePostEditDuration * 1000) {
return { flag: false, message: '[[error:post-edit-duration-expired, ' + meta.config.newbiePostEditDuration + ']]' };
if (!results.isMod && meta.config.postEditDuration && (Date.now() - results.postData.timestamp > meta.config.postEditDuration * 1000)) { }
return callback(null, { flag: false, message: '[[error:post-edit-duration-expired, ' + meta.config.postEditDuration + ']]' });
} const isLocked = await topics.isLocked(results.postData.tid);
if (!results.isMod && meta.config.newbiePostEditDuration > 0 && meta.config.newbiePostDelayThreshold > _results.userData.reputation && Date.now() - _results.postData.timestamp > meta.config.newbiePostEditDuration * 1000) { if (!results.isMod && isLocked) {
return callback(null, { flag: false, message: '[[error:post-edit-duration-expired, ' + meta.config.newbiePostEditDuration + ']]' }); return { flag: false, message: '[[error:topic-locked]]' };
} }
topics.isLocked(results.postData.tid, next); if (!results.isMod && results.postData.deleted && parseInt(uid, 10) !== parseInt(results.postData.deleterUid, 10)) {
}, return { flag: false, message: '[[error:post-deleted]]' };
function (isLocked, next) { }
if (!results.isMod && isLocked) {
return callback(null, { flag: false, message: '[[error:topic-locked]]' }); results.pid = parseInt(pid, 10);
} results.uid = uid;
if (!results.isMod && results.postData.deleted && parseInt(uid, 10) !== parseInt(results.postData.deleterUid, 10)) { const result = await plugins.fireHook('filter:privileges.posts.edit', results);
return callback(null, { flag: false, message: '[[error:post-deleted]]' }); return { flag: result.edit && (result.owner || result.isMod), message: '[[error:no-privileges]]' };
}
results.pid = parseInt(pid, 10);
results.uid = uid;
plugins.fireHook('filter:privileges.posts.edit', results, next);
},
function (result, next) {
next(null, { flag: result.edit && (result.owner || result.isMod), message: '[[error:no-privileges]]' });
},
], callback);
}; };
privileges.posts.canDelete = function (pid, uid, callback) { privileges.posts.canDelete = async function (pid, uid) {
var postData; const postData = await posts.getPostFields(pid, ['uid', 'tid', 'timestamp', 'deleterUid']);
async.waterfall([ const results = await utils.promiseParallel({
function (next) { isAdmin: privileges.users.isAdministrator(uid),
posts.getPostFields(pid, ['uid', 'tid', 'timestamp', 'deleterUid'], next); isMod: posts.isModerator([pid], uid),
}, isLocked: topics.isLocked(postData.tid),
function (_postData, next) { isOwner: posts.isOwner(pid, uid),
postData = _postData; 'posts:delete': privileges.posts.can('posts:delete', pid, uid),
async.parallel({ });
isAdmin: async.apply(privileges.users.isAdministrator, uid), results.isMod = results.isMod[0];
isMod: async.apply(posts.isModerator, [pid], uid), if (results.isAdmin) {
isLocked: async.apply(topics.isLocked, postData.tid), return { flag: true };
isOwner: async.apply(posts.isOwner, pid, uid), }
'posts:delete': async.apply(privileges.posts.can, 'posts:delete', pid, uid),
}, next); if (!results.isMod && results.isLocked) {
}, return { flag: false, message: '[[error:topic-locked]]' };
function (results, next) { }
results.isMod = results.isMod[0];
if (results.isAdmin) { var postDeleteDuration = meta.config.postDeleteDuration;
return next(null, { flag: true }); if (!results.isMod && postDeleteDuration && (Date.now() - postData.timestamp > postDeleteDuration * 1000)) {
} return { flag: false, message: '[[error:post-delete-duration-expired, ' + meta.config.postDeleteDuration + ']]' };
}
if (!results.isMod && results.isLocked) { var deleterUid = postData.deleterUid;
return next(null, { flag: false, message: '[[error:topic-locked]]' }); var flag = results['posts:delete'] && ((results.isOwner && (deleterUid === 0 || deleterUid === postData.uid)) || results.isMod);
} return { flag: flag, message: '[[error:no-privileges]]' };
var postDeleteDuration = meta.config.postDeleteDuration;
if (!results.isMod && postDeleteDuration && (Date.now() - postData.timestamp > postDeleteDuration * 1000)) {
return next(null, { flag: false, message: '[[error:post-delete-duration-expired, ' + meta.config.postDeleteDuration + ']]' });
}
var deleterUid = postData.deleterUid;
var flag = results['posts:delete'] && ((results.isOwner && (deleterUid === 0 || deleterUid === postData.uid)) || results.isMod);
next(null, { flag: flag, message: '[[error:no-privileges]]' });
},
], callback);
}; };
privileges.posts.canFlag = function (pid, uid, callback) { privileges.posts.canFlag = async function (pid, uid) {
async.waterfall([ const [userReputation, isAdminOrModerator] = await Promise.all([
function (next) { user.getUserField(uid, 'reputation'),
async.parallel({ isAdminOrMod(pid, uid),
userReputation: async.apply(user.getUserField, uid, 'reputation'), ]);
isAdminOrMod: async.apply(isAdminOrMod, pid, uid), const minimumReputation = meta.config['min:rep:flag'];
}, next); const canFlag = isAdminOrModerator || (userReputation >= minimumReputation);
}, return { flag: canFlag };
function (results, next) {
var minimumReputation = meta.config['min:rep:flag'];
var canFlag = results.isAdminOrMod || (results.userReputation >= minimumReputation);
next(null, { flag: canFlag });
},
], callback);
}; };
privileges.posts.canMove = function (pid, uid, callback) { privileges.posts.canMove = async function (pid, uid) {
async.waterfall([ const isMain = await posts.isMain(pid);
function (next) { if (isMain) {
posts.isMain(pid, next); throw new Error('[[error:cant-move-mainpost]]');
}, }
function (isMain, next) { return await isAdminOrMod(pid, uid);
if (isMain) {
return next(new Error('[[error:cant-move-mainpost]]'));
}
isAdminOrMod(pid, uid, next);
},
], callback);
}; };
privileges.posts.canPurge = function (pid, uid, callback) { privileges.posts.canPurge = async function (pid, uid) {
async.waterfall([ const cid = await posts.getCidByPid(pid);
function (next) { const results = await utils.promiseParallel({
posts.getCidByPid(pid, next); purge: privileges.categories.isUserAllowedTo('purge', cid, uid),
}, owner: posts.isOwner(pid, uid),
function (cid, next) { isAdmin: privileges.users.isAdministrator(uid),
async.parallel({ isModerator: privileges.users.isModerator(uid, cid),
purge: async.apply(privileges.categories.isUserAllowedTo, 'purge', cid, uid), });
owner: async.apply(posts.isOwner, pid, uid), return (results.purge && (results.owner || results.isModerator)) || results.isAdmin;
isAdmin: async.apply(privileges.users.isAdministrator, uid),
isModerator: async.apply(privileges.users.isModerator, uid, cid),
}, next);
},
function (results, next) {
next(null, (results.purge && (results.owner || results.isModerator)) || results.isAdmin);
},
], callback);
}; };
function isAdminOrMod(pid, uid, callback) { async function isAdminOrMod(pid, uid) {
helpers.some([ if (parseInt(uid, 10) <= 0) {
function (next) { return false;
async.waterfall([ }
function (next) { const cid = await posts.getCidByPid(pid);
posts.getCidByPid(pid, next); return await privileges.categories.isAdminOrMod(cid, uid);
},
function (cid, next) {
user.isModerator(uid, cid, next);
},
], next);
},
function (next) {
user.isAdministrator(uid, next);
},
], callback);
} }
}; };

328
src/privileges/topics.js
Unescape Escape View File

@ -1,239 +1,163 @@
'use strict'; 'use strict';
var async = require('async'); const _ = require('lodash');
var _ = require('lodash');
var meta = require('../meta'); const meta = require('../meta');
var topics = require('../topics'); const topics = require('../topics');
var user = require('../user'); const user = require('../user');
var helpers = require('./helpers'); const helpers = require('./helpers');
var categories = require('../categories'); const categories = require('../categories');
var plugins = require('../plugins'); const plugins = require('../plugins');
module.exports = function (privileges) { module.exports = function (privileges) {
privileges.topics = {}; privileges.topics = {};
privileges.topics.get = function (tid, uid, callback) { privileges.topics.get = async function (tid, uid) {
uid = parseInt(uid, 10); uid = parseInt(uid, 10);
var topic;
var privs = [ const privs = [
'topics:reply', 'topics:read', 'topics:tag', 'topics:reply', 'topics:read', 'topics:tag',
'topics:delete', 'posts:edit', 'posts:history', 'topics:delete', 'posts:edit', 'posts:history',
'posts:delete', 'posts:view_deleted', 'read', 'purge', 'posts:delete', 'posts:view_deleted', 'read', 'purge',
]; ];
async.waterfall([ const topicData = await topics.getTopicFields(tid, ['cid', 'uid', 'locked', 'deleted']);
async.apply(topics.getTopicFields, tid, ['cid', 'uid', 'locked', 'deleted']), const [userPrivileges, isAdministrator, isModerator, disabled] = await Promise.all([
function (_topic, next) { helpers.isUserAllowedTo(privs, uid, topicData.cid),
topic = _topic; user.isAdministrator(uid),
async.parallel({ user.isModerator(uid, topicData.cid),
privileges: async.apply(helpers.isUserAllowedTo, privs, uid, topic.cid), categories.getCategoryField(topicData.cid, 'disabled'),
isAdministrator: async.apply(user.isAdministrator, uid), ]);
isModerator: async.apply(user.isModerator, uid, topic.cid), const privData = _.zipObject(privs, userPrivileges);
disabled: async.apply(categories.getCategoryField, topic.cid, 'disabled'), const isOwner = uid > 0 && uid === topicData.uid;
}, next); const isAdminOrMod = isAdministrator || isModerator;
}, const editable = isAdminOrMod;
function (results, next) { const deletable = (privData['topics:delete'] && (isOwner || isModerator)) || isAdministrator;
var privData = _.zipObject(privs, results.privileges);
var isOwner = uid > 0 && uid === topic.uid; return await plugins.fireHook('filter:privileges.topics.get', {
var isAdminOrMod = results.isAdministrator || results.isModerator; 'topics:reply': (privData['topics:reply'] && ((!topicData.locked && !topicData.deleted) || isModerator)) || isAdministrator,
var editable = isAdminOrMod; 'topics:read': privData['topics:read'] || isAdministrator,
var deletable = (privData['topics:delete'] && (isOwner || results.isModerator)) || results.isAdministrator; 'topics:tag': privData['topics:tag'] || isAdministrator,
'topics:delete': (privData['topics:delete'] && (isOwner || isModerator)) || isAdministrator,
plugins.fireHook('filter:privileges.topics.get', { 'posts:edit': (privData['posts:edit'] && (!topicData.locked || isModerator)) || isAdministrator,
'topics:reply': (privData['topics:reply'] && ((!topic.locked && !topic.deleted) || results.isModerator)) || results.isAdministrator, 'posts:history': privData['posts:history'] || isAdministrator,
'topics:read': privData['topics:read'] || results.isAdministrator, 'posts:delete': (privData['posts:delete'] && (!topicData.locked || isModerator)) || isAdministrator,
'topics:tag': privData['topics:tag'] || results.isAdministrator, 'posts:view_deleted': privData['posts:view_deleted'] || isAdministrator,
'topics:delete': (privData['topics:delete'] && (isOwner || results.isModerator)) || results.isAdministrator, read: privData.read || isAdministrator,
'posts:edit': (privData['posts:edit'] && (!topic.locked || results.isModerator)) || results.isAdministrator, purge: (privData.purge && (isOwner || isModerator)) || isAdministrator,
'posts:history': privData['posts:history'] || results.isAdministrator,
'posts:delete': (privData['posts:delete'] && (!topic.locked || results.isModerator)) || results.isAdministrator, view_thread_tools: editable || deletable,
'posts:view_deleted': privData['posts:view_deleted'] || results.isAdministrator, editable: editable,
read: privData.read || results.isAdministrator, deletable: deletable,
purge: (privData.purge && (isOwner || results.isModerator)) || results.isAdministrator, view_deleted: isAdminOrMod || isOwner,
isAdminOrMod: isAdminOrMod,
view_thread_tools: editable || deletable, disabled: disabled,
editable: editable, tid: tid,
deletable: deletable, uid: uid,
view_deleted: isAdminOrMod || isOwner, });
isAdminOrMod: isAdminOrMod,
disabled: results.disabled,
tid: tid,
uid: uid,
}, next);
},
], callback);
}; };
privileges.topics.can = function (privilege, tid, uid, callback) { privileges.topics.can = async function (privilege, tid, uid) {
async.waterfall([ const cid = await topics.getTopicField(tid, 'cid');
function (next) { return await privileges.categories.can(privilege, cid, uid);
topics.getTopicField(tid, 'cid', next);
},
function (cid, next) {
privileges.categories.can(privilege, cid, uid, next);
},
], callback);
}; };
privileges.topics.filterTids = function (privilege, tids, uid, callback) { privileges.topics.filterTids = async function (privilege, tids, uid) {
if (!Array.isArray(tids) || !tids.length) { if (!Array.isArray(tids) || !tids.length) {
return callback(null, []); return [];
} }
var cids;
var topicsData; const topicsData = await topics.getTopicsFields(tids, ['tid', 'cid', 'deleted']);
async.waterfall([ let cids = _.uniq(topicsData.map(topic => topic.cid));
function (next) { const results = await privileges.categories.getBase(privilege, cids, uid);
topics.getTopicsFields(tids, ['tid', 'cid', 'deleted'], next);
}, cids = cids.filter(function (cid, index) {
function (_topicsData, next) { return !results.categories[index].disabled &&
topicsData = _topicsData; (results.allowedTo[index] || results.isAdmin);
cids = _.uniq(topicsData.map(topic => topic.cid)); });
privileges.categories.getBase(privilege, cids, uid, next); const cidsSet = new Set(cids);
},
function (results, next) { tids = topicsData.filter(t => cidsSet.has(t.cid) && (!t.deleted || results.isAdmin)).map(t => t.tid);
cids = cids.filter(function (cid, index) {
return !results.categories[index].disabled && const data = await plugins.fireHook('filter:privileges.topics.filter', {
(results.allowedTo[index] || results.isAdmin); privilege: privilege,
}); uid: uid,
tids: tids,
const cidsSet = new Set(cids); });
return data ? data.tids : [];
tids = topicsData.filter(function (topic) {
return cidsSet.has(topic.cid) &&
(!topic.deleted || results.isAdmin);
}).map(topic => topic.tid);
plugins.fireHook('filter:privileges.topics.filter', {
privilege: privilege,
uid: uid,
tids: tids,
}, function (err, data) {
next(err, data ? data.tids : null);
});
},
], callback);
}; };
privileges.topics.filterUids = function (privilege, tid, uids, callback) { privileges.topics.filterUids = async function (privilege, tid, uids) {
if (!Array.isArray(uids) || !uids.length) { if (!Array.isArray(uids) || !uids.length) {
return setImmediate(callback, null, []); return [];
} }
uids = _.uniq(uids); uids = _.uniq(uids);
var topicData; const topicData = await topics.getTopicFields(tid, ['tid', 'cid', 'deleted']);
async.waterfall([ const [disabled, allowedTo, isAdmins] = await Promise.all([
function (next) { categories.getCategoryField(topicData.cid, 'disabled'),
topics.getTopicFields(tid, ['tid', 'cid', 'deleted'], next); helpers.isUsersAllowedTo(privilege, uids, topicData.cid),
}, user.isAdministrator(uids),
function (_topicData, next) { ]);
topicData = _topicData; return uids.filter(function (uid, index) {
async.parallel({ return !disabled &&
disabled: function (next) { ((allowedTo[index] && !topicData.deleted) || isAdmins[index]);
categories.getCategoryField(topicData.cid, 'disabled', next); });
},
allowedTo: function (next) {
helpers.isUsersAllowedTo(privilege, uids, topicData.cid, next);
},
isAdmins: function (next) {
user.isAdministrator(uids, next);
},
}, next);
},
function (results, next) {
uids = uids.filter(function (uid, index) {
return !results.disabled &&
((results.allowedTo[index] && !topicData.deleted) || results.isAdmins[index]);
});
next(null, uids);
},
], callback);
}; };
privileges.topics.canPurge = function (tid, uid, callback) { privileges.topics.canPurge = async function (tid, uid) {
async.waterfall([ const cid = await topics.getTopicField(tid, 'cid');
function (next) { const [purge, owner, isAdmin, isModerator] = await Promise.all([
topics.getTopicField(tid, 'cid', next); privileges.categories.isUserAllowedTo('purge', cid, uid),
}, topics.isOwner(tid, uid),
function (cid, next) { privileges.users.isAdministrator(uid),
async.parallel({ privileges.users.isModerator(uid, cid),
purge: async.apply(privileges.categories.isUserAllowedTo, 'purge', cid, uid), ]);
owner: async.apply(topics.isOwner, tid, uid), return (purge && (owner || isModerator)) || isAdmin;
isAdmin: async.apply(privileges.users.isAdministrator, uid),
isModerator: async.apply(privileges.users.isModerator, uid, cid),
}, next);
},
function (results, next) {
next(null, (results.purge && (results.owner || results.isModerator)) || results.isAdmin);
},
], callback);
}; };
privileges.topics.canDelete = function (tid, uid, callback) { privileges.topics.canDelete = async function (tid, uid) {
var topicData; const topicData = await topics.getTopicFields(tid, ['cid', 'postcount']);
async.waterfall([ const [isModerator, isAdministrator, isOwner, allowedTo] = await Promise.all([
function (next) { user.isModerator(uid, topicData.cid),
topics.getTopicFields(tid, ['cid', 'postcount'], next); user.isAdministrator(uid),
}, topics.isOwner(tid, uid),
function (_topicData, next) { helpers.isUserAllowedTo('topics:delete', uid, [topicData.cid]),
topicData = _topicData; ]);
async.parallel({
isModerator: async.apply(user.isModerator, uid, topicData.cid), if (isAdministrator) {
isAdministrator: async.apply(user.isAdministrator, uid), return true;
isOwner: async.apply(topics.isOwner, tid, uid), }
'topics:delete': async.apply(helpers.isUserAllowedTo, 'topics:delete', uid, [topicData.cid]),
}, next); const preventTopicDeleteAfterReplies = meta.config.preventTopicDeleteAfterReplies;
}, if (!isModerator && preventTopicDeleteAfterReplies && (topicData.postcount - 1) >= preventTopicDeleteAfterReplies) {
function (results, next) { const langKey = preventTopicDeleteAfterReplies > 1 ?
if (results.isAdministrator) { '[[error:cant-delete-topic-has-replies, ' + meta.config.preventTopicDeleteAfterReplies + ']]' :
return next(null, true); '[[error:cant-delete-topic-has-reply]]';
} throw new Error(langKey);
}
var preventTopicDeleteAfterReplies = meta.config.preventTopicDeleteAfterReplies;
if (!results.isModerator && preventTopicDeleteAfterReplies && (topicData.postcount - 1) >= preventTopicDeleteAfterReplies) { return allowedTo[0] && (isOwner || isModerator);
var langKey = preventTopicDeleteAfterReplies > 1 ?
'[[error:cant-delete-topic-has-replies, ' + meta.config.preventTopicDeleteAfterReplies + ']]' :
'[[error:cant-delete-topic-has-reply]]';
return next(new Error(langKey));
}
next(null, results['topics:delete'][0] && (results.isOwner || results.isModerator));
},
], callback);
}; };
privileges.topics.canEdit = function (tid, uid, callback) { privileges.topics.canEdit = async function (tid, uid) {
privileges.topics.isOwnerOrAdminOrMod(tid, uid, callback); return await privileges.topics.isOwnerOrAdminOrMod(tid, uid);
}; };
privileges.topics.isOwnerOrAdminOrMod = function (tid, uid, callback) { privileges.topics.isOwnerOrAdminOrMod = async function (tid, uid) {
helpers.some([ const [isOwner, isAdminOrMod] = await Promise.all([
function (next) { topics.isOwner(tid, uid),
topics.isOwner(tid, uid, next); privileges.topics.isAdminOrMod(tid, uid),
}, ]);
function (next) { return isOwner || isAdminOrMod;
privileges.topics.isAdminOrMod(tid, uid, next);
},
], callback);
}; };
privileges.topics.isAdminOrMod = function (tid, uid, callback) { privileges.topics.isAdminOrMod = async function (tid, uid) {
helpers.some([ if (parseInt(uid, 10) <= 0) {
function (next) { return false;
async.waterfall([ }
function (next) { const cid = await topics.getTopicField(tid, 'cid');
topics.getTopicField(tid, 'cid', next); return await privileges.categories.isAdminOrMod(cid, uid);
},
function (cid, next) {
user.isModerator(uid, cid, next);
},
], next);
},
function (next) {
user.isAdministrator(uid, next);
},
], callback);
}; };
}; };

237
src/privileges/users.js
Unescape Escape View File

@ -1,189 +1,118 @@
'use strict'; 'use strict';
var async = require('async'); const _ = require('lodash');
var _ = require('lodash');
var groups = require('../groups'); const groups = require('../groups');
var plugins = require('../plugins'); const plugins = require('../plugins');
var helpers = require('./helpers'); const helpers = require('./helpers');
module.exports = function (privileges) { module.exports = function (privileges) {
privileges.users = {}; privileges.users = {};
privileges.users.isAdministrator = function (uid, callback) { privileges.users.isAdministrator = async function (uid) {
if (Array.isArray(uid)) { return await isGroupMember(uid, 'administrators');
groups.isMembers(uid, 'administrators', callback);
} else {
groups.isMember(uid, 'administrators', callback);
}
}; };
privileges.users.isGlobalModerator = function (uid, callback) { privileges.users.isGlobalModerator = async function (uid) {
if (Array.isArray(uid)) { return await isGroupMember(uid, 'Global Moderators');
groups.isMembers(uid, 'Global Moderators', callback);
} else {
groups.isMember(uid, 'Global Moderators', callback);
}
}; };
privileges.users.isModerator = function (uid, cid, callback) { async function isGroupMember(uid, groupName) {
return await groups[Array.isArray(uid) ? 'isMembers' : 'isMember'](uid, groupName);
}
privileges.users.isModerator = async function (uid, cid) {
if (Array.isArray(cid)) { if (Array.isArray(cid)) {
isModeratorOfCategories(cid, uid, callback); return await isModeratorOfCategories(cid, uid);
} else if (Array.isArray(uid)) { } else if (Array.isArray(uid)) {
isModeratorsOfCategory(cid, uid, callback); return await isModeratorsOfCategory(cid, uid);
} else {
isModeratorOfCategory(cid, uid, callback);
} }
return await isModeratorOfCategory(cid, uid);
}; };
function isModeratorOfCategories(cids, uid, callback) { async function isModeratorOfCategories(cids, uid) {
if (parseInt(uid, 10) <= 0) { if (parseInt(uid, 10) <= 0) {
return filterIsModerator(cids, uid, cids.map(() => false), callback); return await filterIsModerator(cids, uid, cids.map(() => false));
}
const isGlobalModerator = await privileges.users.isGlobalModerator(uid);
if (isGlobalModerator) {
return await filterIsModerator(cids, uid, cids.map(() => true));
} }
var uniqueCids; const uniqueCids = _.uniq(cids);
async.waterfall([ const isAllowed = await helpers.isUserAllowedTo('moderate', uid, uniqueCids);
function (next) {
privileges.users.isGlobalModerator(uid, next); const cidToIsAllowed = _.zipObject(uniqueCids, isAllowed);
}, const isModerator = cids.map(cid => cidToIsAllowed[cid]);
function (isGlobalModerator, next) { return await filterIsModerator(cids, uid, isModerator);
if (isGlobalModerator) {
return filterIsModerator(cids, uid, cids.map(() => true), callback);
}
uniqueCids = _.uniq(cids);
helpers.isUserAllowedTo('moderate', uid, uniqueCids, next);
},
function (isAllowed, next) {
const map = _.zipObject(uniqueCids, isAllowed);
const isModerator = cids.map(cid => map[cid]);
filterIsModerator(cids, uid, isModerator, next);
},
], callback);
} }
function isModeratorsOfCategory(cid, uids, callback) { async function isModeratorsOfCategory(cid, uids) {
async.waterfall([ const [check1, check2, check3] = await Promise.all([
function (next) { privileges.users.isGlobalModerator(uids),
async.parallel([ groups.isMembers(uids, 'cid:' + cid + ':privileges:moderate'),
async.apply(privileges.users.isGlobalModerator, uids), groups.isMembersOfGroupList(uids, 'cid:' + cid + ':privileges:groups:moderate'),
async.apply(groups.isMembers, uids, 'cid:' + cid + ':privileges:moderate'), ]);
async.apply(groups.isMembersOfGroupList, uids, 'cid:' + cid + ':privileges:groups:moderate'), const isModerator = uids.map((uid, idx) => check1[idx] || check2[idx] || check3[idx]);
], next); return await filterIsModerator(cid, uids, isModerator);
},
function (checks, next) {
var isModerator = checks[0].map(function (isMember, idx) {
return isMember || checks[1][idx] || checks[2][idx];
});
filterIsModerator(cid, uids, isModerator, next);
},
], callback);
} }
function isModeratorOfCategory(cid, uid, callback) { async function isModeratorOfCategory(cid, uid) {
if (parseInt(uid, 10) <= 0) { const result = await isModeratorOfCategories([cid], uid);
return filterIsModerator(cid, uid, false, callback); return result ? result[0] : false;
}
async.waterfall([
function (next) {
async.parallel([
async.apply(privileges.users.isGlobalModerator, uid),
async.apply(groups.isMember, uid, 'cid:' + cid + ':privileges:moderate'),
async.apply(groups.isMemberOfGroupList, uid, 'cid:' + cid + ':privileges:groups:moderate'),
], next);
},
function (checks, next) {
var isModerator = checks[0] || checks[1] || checks[2];
filterIsModerator(cid, uid, isModerator, next);
},
], callback);
} }
function filterIsModerator(cid, uid, isModerator, callback) { async function filterIsModerator(cid, uid, isModerator) {
async.waterfall([ const data = await plugins.fireHook('filter:user.isModerator', { uid: uid, cid: cid, isModerator: isModerator });
function (next) { if ((Array.isArray(uid) || Array.isArray(cid)) && !Array.isArray(data.isModerator)) {
plugins.fireHook('filter:user.isModerator', { uid: uid, cid: cid, isModerator: isModerator }, next); throw new Error('filter:user.isModerator - i/o mismatch');
}, }
function (data, next) {
if ((Array.isArray(uid) || Array.isArray(cid)) && !Array.isArray(data.isModerator)) { return data.isModerator;
return callback(new Error('filter:user.isModerator - i/o mismatch'));
}
next(null, data.isModerator);
},
], callback);
} }
privileges.users.canEdit = function (callerUid, uid, callback) { privileges.users.canEdit = async function (callerUid, uid) {
if (parseInt(callerUid, 10) === parseInt(uid, 10)) { if (parseInt(callerUid, 10) === parseInt(uid, 10)) {
return process.nextTick(callback, null, true); return true;
} }
async.waterfall([ const [isAdmin, isGlobalMod, isTargetAdmin] = await Promise.all([
function (next) { privileges.users.isAdministrator(callerUid),
async.parallel({ privileges.users.isGlobalModerator(callerUid),
isAdmin: function (next) { privileges.users.isAdministrator(uid),
privileges.users.isAdministrator(callerUid, next); ]);
},
isGlobalMod: function (next) { const data = await plugins.fireHook('filter:user.canEdit', {
privileges.users.isGlobalModerator(callerUid, next); isAdmin: isAdmin,
}, isGlobalMod: isGlobalMod,
isTargetAdmin: function (next) { isTargetAdmin: isTargetAdmin,
privileges.users.isAdministrator(uid, next); canEdit: isAdmin || (isGlobalMod && !isTargetAdmin),
}, callerUid: callerUid,
}, next); uid: uid,
}, });
function (results, next) { return data.canEdit;
results.canEdit = results.isAdmin || (results.isGlobalMod && !results.isTargetAdmin);
results.callerUid = callerUid;
results.uid = uid;
plugins.fireHook('filter:user.canEdit', results, next);
},
function (data, next) {
next(null, data.canEdit);
},
], callback);
}; };
privileges.users.canBanUser = function (callerUid, uid, callback) { privileges.users.canBanUser = async function (callerUid, uid) {
async.waterfall([ const [canBan, isTargetAdmin] = await Promise.all([
function (next) { privileges.global.can('ban', callerUid),
async.parallel({ privileges.users.isAdministrator(uid),
canBan: function (next) { ]);
privileges.global.can('ban', callerUid, next);
}, const data = await plugins.fireHook('filter:user.canBanUser', {
isTargetAdmin: function (next) { canBan: canBan && !isTargetAdmin,
privileges.users.isAdministrator(uid, next); callerUid: callerUid,
}, uid: uid,
}, next); });
}, return data.canBan;
function (results, next) {
results.canBan = !results.isTargetAdmin && results.canBan;
results.callerUid = callerUid;
results.uid = uid;
plugins.fireHook('filter:user.canBanUser', results, next);
},
function (data, next) {
next(null, data.canBan);
},
], callback);
}; };
privileges.users.hasBanPrivilege = function (uid, callback) { privileges.users.hasBanPrivilege = async function (uid) {
async.waterfall([ const canBan = await privileges.global.can('ban', uid);
function (next) { const data = await plugins.fireHook('filter:user.hasBanPrivilege', {
privileges.global.can('ban', uid, next); uid: uid,
}, canBan: canBan,
function (canBan, next) { });
plugins.fireHook('filter:user.hasBanPrivilege', { return data.canBan;
uid: uid,
canBan: canBan,
}, next);
},
function (data, next) {
next(null, data.canBan);
},
], callback);
}; };
}; };

Write Preview
Loading…
Cancel
Save