diff --git a/install/package.json b/install/package.json index 1318c26379..e1bf34a5c1 100644 --- a/install/package.json +++ b/install/package.json @@ -97,8 +97,8 @@ "mousetrap": "1.6.5", "multiparty": "4.2.3", "nconf": "0.12.1", - "nodebb-plugin-2factor": "7.5.5", - "nodebb-plugin-composer-default": "10.2.39", + "nodebb-plugin-2factor": "7.5.6", + "nodebb-plugin-composer-default": "10.2.40", "nodebb-plugin-dbsearch": "6.2.5", "nodebb-plugin-emoji": "5.1.15", "nodebb-plugin-emoji-android": "4.0.0", @@ -198,4 +198,4 @@ "url": "https://github.com/barisusakli" } ] -} \ No newline at end of file +} diff --git a/src/cli/upgrade-plugins.js b/src/cli/upgrade-plugins.js index cb6cbce94b..b68db55eac 100644 --- a/src/cli/upgrade-plugins.js +++ b/src/cli/upgrade-plugins.js @@ -77,7 +77,8 @@ async function getSuggestedModules(nbbVersion, toCheck) { const request = require('../request'); let { response, body } = await request.get(`https://packages.nodebb.org/api/v1/suggest?version=${nbbVersion}&package[]=${toCheck.join('&package[]=')}`); if (!response.ok) { - throw new Error(`Unable to get suggested module for NodeBB(${nbbVersion}) ${toCheck.join(',')}`); + console.warn(`Unable to get suggested module for NodeBB(${nbbVersion}) ${toCheck.join(',')}`); + return []; } if (!Array.isArray(body) && toCheck.length === 1) { body = [body]; diff --git a/test/controllers.js b/test/controllers.js index 418420303f..e94720b471 100644 --- a/test/controllers.js +++ b/test/controllers.js @@ -1553,6 +1553,7 @@ describe('Controllers', () => { await privileges.categories.rescind(['groups:read'], category.cid, 'guests'); const { response } = await request.get(`${nconf.get('url')}/api/category/${category.slug}`); assert.equal(response.statusCode, 401); + await privileges.categories.give(['groups:read'], category.cid, 'guests'); }); it('should redirect if topic index is negative', async () => { @@ -1715,7 +1716,9 @@ describe('Controllers', () => { }); it('should load the composer route', async () => { - const { response, body } = await request.get(`${nconf.get('url')}/api/compose?cid=1`); + const { response, body } = await request.get(`${nconf.get('url')}/api/compose?cid=${cid}`, { + jar, + }); assert.equal(response.statusCode, 200); assert(body.title); assert(body.template); @@ -1733,7 +1736,9 @@ describe('Controllers', () => { method: hookMethod, }); - const { response, body } = await request.get(`${nconf.get('url')}/api/compose?cid=1`); + const { response, body } = await request.get(`${nconf.get('url')}/api/compose?cid=${cid}`, { + jar, + }); assert.equal(response.statusCode, 200); assert(body.title); assert.strictEqual(body.template.name, ''); @@ -1835,6 +1840,30 @@ describe('Controllers', () => { assert.equal(replyResult.response.statusCode, 302); await privileges.categories.rescind(['groups:topics:post', 'groups:topics:reply'], cid, 'guests'); }); + + it('should not load a topic data that is in private category', async () => { + const { cid } = await categories.create({ + name: 'private', + description: 'private', + }); + + const result = await topics.post({ uid: fooUid, title: 'hidden title', content: 'hidden content', cid: cid }); + + await privileges.categories.rescind(['groups:topics:read'], category.cid, 'guests'); + let { response, body } = await request.get(`${nconf.get('url')}/api/compose?tid=${result.topicData.tid}`); + assert.equal(response.statusCode, 401); + assert(!body.title); + + ({ response, body } = await request.get(`${nconf.get('url')}/api/compose?cid=${cid}`)); + assert.equal(response.statusCode, 401); + assert(!body.title); + + ({ response, body } = await request.get(`${nconf.get('url')}/api/compose?pid=${result.postData.pid}`)); + assert.equal(response.statusCode, 401); + assert(!body.title); + + await privileges.categories.give(['groups:topics:read'], category.cid, 'guests'); + }); }); describe('test routes', () => {