Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-01-29 02:39:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/designcreateplay/NodeBB

Browse Source
This commit is contained in:
Baris Soner Usakli
2014-01-08 21:47:16 -05:00
parent eb65c5ad1b c2c1632c0e
commit 3a6db04be5
5 changed files with 124 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
public/src/forum/admin/categories.js
View File

@@ -213,7 +213,7 @@ define(['uploader'], function(uploader) {
var modal = $('#category-permissions-modal'),
searchEl = modal.find('#permission-search'),
resultsEl = modal.find('.search-results'),
groupsResultsEl = modal.find('.groups-results'),
groupsResultsEl = modal.find('.groups-results'),
searchDelay;
searchEl.off().on('keyup', function() {
@@ -266,22 +266,23 @@ define(['uploader'], function(uploader) {
searchEl.keyup();
});
// User Groups and privileges
socket.emit('api:admin.categories.groupsearch', cid, function(err, results) {
// User Groups and privileges
socket.emit('api:admin.categories.groupsList', cid, function(err, results) {
var groupsFrag = document.createDocumentFragment(),
trEl = document.createElement('tr');
var numResults = results.length,
numResults = results.length,
trEl = document.createElement('tr'),
resultObj;
for(var x=0;x<numResults;x++) {
resultObj = results[x];
trEl.setAttribute('data-gid', resultObj.gid);
trEl.innerHTML = '<td><h4>' + resultObj.name + '</h4></td><td>' +
'<div class="btn-group pull-right">' +
'<button type="button" data-gpriv="+gr" class="btn btn-default' + (resultObj.privileges['+gr'] ? ' active' : '') + '">Read</button>' +
'<button type="button" data-gpriv="+gw" class="btn btn-default' + (resultObj.privileges['+gw'] ? ' active' : '') + '">Write</button>' +
'</div>' +
'</td>';
trEl.innerHTML = '<td><h4>' + resultObj.name + '</h4></td>' +
'<td>' +
'<div class="btn-group pull-right">' +
'<button type="button" data-gpriv="g+r" class="btn btn-default' + (resultObj.privileges['g+r'] ? ' active' : '') + '">Read</button>' +
'<button type="button" data-gpriv="g+w" class="btn btn-default' + (resultObj.privileges['g+w'] ? ' active' : '') + '">Write</button>' +
'</div>' +
'</td>';
groupsFrag.appendChild(trEl.cloneNode(true));
}
@@ -290,12 +291,14 @@ define(['uploader'], function(uploader) {
});
groupsResultsEl.off().on('click', '[data-gpriv]', function(e) {
var btnEl = $(this),
gid = btnEl.parents('li[data-gid]').attr('data-gid'),
privilege = this.getAttribute('data-gpriv');
var btnEl = $(this),
gid = btnEl.parents('tr[data-gid]').attr('data-gid'),
privilege = this.getAttribute('data-gpriv');
e.preventDefault();
socket.emit('api:admin.categories.setGroupPrivilege', cid, gid, privilege, !btnEl.hasClass('active'), function(err, privileges) {
btnEl.toggleClass('active', privileges[privilege]);
socket.emit('api:admin.categories.setGroupPrivilege', cid, gid, privilege, !btnEl.hasClass('active'), function(err) {
if (!err) {
btnEl.toggleClass('active');
}
});
})

80
src/categoryTools.js
View File

@@ -47,6 +47,46 @@ CategoryTools.privileges = function(cid, uid, callback) {
}
});
},
"g+r": function(next) {
var key = 'cid:' + cid + ':privileges:g+r';
Groups.exists(key, function(err, exists) {
if (exists) {
async.parallel({
isMember: function(next) {
Groups.isMemberOfGroupAny(uid, key, next);
},
isEmpty: function(next) {
Groups.isEmptyByGroupName(key, next);
}
}, next);
} else {
next(null, {
isMember: false,
isEmpty: true
});
}
});
},
"g+w": function(next) {
var key = 'cid:' + cid + ':privileges:g+w';
Groups.exists(key, function(err, exists) {
if (exists) {
async.parallel({
isMember: function(next) {
Groups.isMemberOfGroupAny(uid, key, next);
},
isEmpty: function(next) {
Groups.isEmptyByGroupName(key, next);
}
}, next);
} else {
next(null, {
isMember: false,
isEmpty: true
});
}
});
},
moderator: function(next) {
User.isModerator(uid, cid, next);
},
@@ -57,8 +97,24 @@ CategoryTools.privileges = function(cid, uid, callback) {
callback(err, !privileges ? null : {
"+r": privileges['+r'].isMember,
"+w": privileges['+w'].isMember,
read: (privileges['+r'].isMember || privileges['+r'].isEmpty) || privileges.moderator || privileges.admin,
write: (privileges['+w'].isMember || privileges['+w'].isEmpty) || privileges.moderator || privileges.admin,
"g+r": privileges['g+r'].isMember,
"g+w": privileges['g+w'].isMember,
read: (
(
(privileges['+r'].isMember || privileges['+r'].isEmpty) &&
(privileges['g+r'].isMember || privileges['g+r'].isEmpty)
) ||
privileges.moderator ||
privileges.admin
),
write: (
(
(privileges['+w'].isMember || privileges['+w'].isEmpty) &&
(privileges['g+w'].isMember || privileges['g+w'].isEmpty)
) ||
privileges.moderator ||
privileges.admin
),
editable: privileges.moderator || privileges.admin,
view_deleted: privileges.moderator || privileges.admin
});
@@ -67,16 +123,13 @@ CategoryTools.privileges = function(cid, uid, callback) {
CategoryTools.groupPrivileges = function(cid, gid, callback) {
async.parallel({
"+gr": function(next) {
var key = 'cid:' + cid + ':privileges:+gr';
"g+r": function(next) {
var key = 'cid:' + cid + ':privileges:g+r';
Groups.exists(key, function(err, exists) {
if (exists) {
async.parallel({
isMember: function(next) {
Groups.isMemberByGroupName(gid, key, next);
},
isEmpty: function(next) {
Groups.isEmptyByGroupName(key, next);
}
}, next);
} else {
@@ -87,16 +140,13 @@ CategoryTools.groupPrivileges = function(cid, gid, callback) {
}
});
},
"+gw": function(next) {
var key = 'cid:' + cid + ':privileges:+gw';
"g+w": function(next) {
var key = 'cid:' + cid + ':privileges:g+w';
Groups.exists(key, function(err, exists) {
if (exists) {
async.parallel({
isMember: function(next) {
Groups.isMemberByGroupName(gid, key, next);
},
isEmpty: function(next) {
Groups.isEmptyByGroupName(key, next);
}
}, next);
} else {
@@ -109,10 +159,8 @@ CategoryTools.groupPrivileges = function(cid, gid, callback) {
}
}, function(err, privileges) {
callback(err, !privileges ? null : {
"+gr": privileges['+gr'].isMember,
"+gw": privileges['+gw'].isMember,
read: (privileges['+gr'].isMember || privileges['+gr'].isEmpty),
write: (privileges['+gw'].isMember || privileges['+gw'].isEmpty),
"g+r": privileges['g+r'].isMember,
"g+w": privileges['g+w'].isMember
});
});
};

28
src/groups.js
View File

@@ -106,6 +106,28 @@
});
};
Groups.isMemberOfGroupAny = function(uid, groupListKey, callback) {
Groups.getGidFromName(groupListKey, function(err, gid) {
if (err || !gid) {
return callback(new Error('error-checking-group'));
}
db.getSetMembers('gid:' + gid + ':members', function(err, gids) {
async.some(gids, function(gid, next) {
Groups.isMember(uid, gid, function(err, isMember) {
if (!err && isMember) {
next(true);
} else {
next(false);
}
});
}, function(result) {
callback(null, result);
});
});
})
};
Groups.isEmpty = function(gid, callback) {
db.setCount('gid:' + gid + ':members', function(err, numMembers) {
callback(err, numMembers === 0);
@@ -266,7 +288,7 @@
// check user group read access level
async.series([function(callback){
// get groups with read permission
db.getObjectField('group:gid', 'cid:' + cid + ':privileges:+gr', function(err, gid){
db.getObjectField('group:gid', 'cid:' + cid + ':privileges:g+r', function(err, gid){
// get the user groups that belong to this read group
db.getSetMembers('gid:' + gid + ':members', function (err, gids) {
// check if user belong to any of these user groups
@@ -285,10 +307,10 @@
// has access or not.
async.series(groups_check, function(err, results){
callback(null, results);
});
});
});
});
}],
function(err, results){
// if the read group is empty we will asume that read access has been granted to ALL

36
src/routes/api.js
View File

@@ -132,15 +132,8 @@ var path = require('path'),
if (parseInt(data.deleted, 10) === 1 && parseInt(data.expose_tools, 10) === 0) {
return res.json(404, {});
}
// get the category this post belongs to and check category access
var cid = data.category_slug.split("/")[0];
groups.getCategoryAccess(cid, uid, function(err, access){
if (access){
res.json(data);
} else {
res.send(403);
}
})
res.json(data);
} else next();
});
} else {
@@ -155,24 +148,17 @@ var path = require('path'),
// Category Whitelisting
categoryTools.privileges(req.params.id, uid, function(err, privileges) {
if (!err && privileges.read) {
groups.getCategoryAccess(req.params.id, uid, function(err, access){
if (access){
categories.getCategoryById(req.params.id, uid, function (err, data) {
if(err) {
return next(err);
}
if (data && parseInt(data.disabled, 10) === 0) {
res.json(data);
} else {
next();
}
}, req.params.id, uid);
} else {
res.send(403);
categories.getCategoryById(req.params.id, uid, function (err, data) {
if(err) {
return next(err);
}
});
if (data && parseInt(data.disabled, 10) === 0) {
res.json(data);
} else {
next();
}
}, req.params.id, uid);
} else {
res.send(403);
}

15
src/websockets.js
View File

@@ -1136,32 +1136,27 @@ websockets.init = function(io) {
});
socket.on('api:admin.categories.setGroupPrivilege', function(cid, gid, privilege, set, callback) {
var cb = function(err) {
CategoryTools.groupPrivileges(cid, gid, callback);
};
if (set) {
groups.joinByGroupName('cid:' + cid + ':privileges:' + privilege, gid, cb);
groups.joinByGroupName('cid:' + cid + ':privileges:' + privilege, gid, callback);
} else {
groups.leaveByGroupName('cid:' + cid + ':privileges:' + privilege, gid, cb);
groups.leaveByGroupName('cid:' + cid + ':privileges:' + privilege, gid, callback);
}
});
socket.on('api:admin.categories.groupsearch', function(cid, callback) {
socket.on('api:admin.categories.groupsList', function(cid, callback) {
groups.list({expand:false}, function(err, data){
async.map(data, function(groupObj, next) {
CategoryTools.groupPrivileges(cid, groupObj.gid, function(err, privileges) {
if (!err) {
groupObj.privileges = privileges;
} else {
winston.error('[socket api:admin.categories.groupsearch] Could not retrieve permissions');
winston.error('[socket api:admin.categories.groupsList] Could not retrieve permissions');
}
next(null, groupObj);
});
}, function(err, data) {
if (!callback) socket.emit('api:admin.categories.groupsearch', data);
else callback(null, data);
callback(null, data);
});
});
});