Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-05-06 06:46:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:NodeBB/NodeBB

Browse Source
This commit is contained in:
Julian Lam
2020-01-29 12:47:55 -05:00
parent 111ed802cf 6d7131fbc5
commit b959c24a2b
11 changed files with 59 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/meta/blacklist.js
View File

@@ -3,6 +3,7 @@
const ipaddr = require('ipaddr.js');
const winston = require('winston');
const _ = require('lodash');
const validator = require('validator');
const db = require('../database');
const pubsub = require('../pubsub');
@@ -128,7 +129,7 @@ Blacklist.validate = function (rules) {
}
if (!addr || whitelist.includes(rule)) {
invalid.push(rule);
invalid.push(validator.escape(rule));
return false;
}

1
src/privileges/categories.js
View File

@@ -110,6 +110,7 @@ module.exports = function (privileges) {
return await utils.promiseParallel({
categories: categories.getCategoriesFields(cids, ['disabled']),
allowedTo: helpers.isUserAllowedTo(privilege, uid, cids),
view_deleted: helpers.isUserAllowedTo('posts:view_deleted', uid, cids),
isAdmin: user.isAdministrator(uid),
});
};

7
src/privileges/posts.js
View File

@@ -88,16 +88,17 @@ module.exports = function (privileges) {
cids = _.uniq(cids);
const results = await privileges.categories.getBase(privilege, cids, uid);
cids = cids.filter(function (cid, index) {
const allowedCids = cids.filter(function (cid, index) {
return !results.categories[index].disabled &&
(results.allowedTo[index] || results.isAdmin);
});
const cidsSet = new Set(cids);
const cidsSet = new Set(allowedCids);
const canViewDeleted = _.zipObject(cids, results.view_deleted);
pids = postData.filter(function (post) {
return post.topic && cidsSet.has(post.topic.cid) &&
((!post.topic.deleted && !post.deleted) || results.isAdmin);
((!post.topic.deleted && !post.deleted) || canViewDeleted[post.topic.cid] || results.isAdmin);
}).map(post => post.pid);
const data = await plugins.fireHook('filter:privileges.posts.filter', {

14
src/privileges/topics.js
View File

@@ -68,14 +68,15 @@ module.exports = function (privileges) {
}
const topicsData = await topics.getTopicsFields(tids, ['tid', 'cid', 'deleted']);
let cids = _.uniq(topicsData.map(topic => topic.cid));
const cids = _.uniq(topicsData.map(topic => topic.cid));
const results = await privileges.categories.getBase(privilege, cids, uid);
cids = cids.filter((cid, index) => !results.categories[index].disabled && (results.allowedTo[index] || results.isAdmin));
const allowedCids = cids.filter((cid, index) => !results.categories[index].disabled && (results.allowedTo[index] || results.isAdmin));
const cidsSet = new Set(cids);
const cidsSet = new Set(allowedCids);
const canViewDeleted = _.zipObject(cids, results.view_deleted);
tids = topicsData.filter(t => cidsSet.has(t.cid) && (!t.deleted || results.isAdmin)).map(t => t.tid);
tids = topicsData.filter(t => cidsSet.has(t.cid) && (!t.deleted || canViewDeleted[t.cid] || results.isAdmin)).map(t => t.tid);
const data = await plugins.fireHook('filter:privileges.topics.filter', {
privilege: privilege,
@@ -115,7 +116,7 @@ module.exports = function (privileges) {
};
privileges.topics.canDelete = async function (tid, uid) {
const topicData = await topics.getTopicFields(tid, ['cid', 'postcount']);
const topicData = await topics.getTopicFields(tid, ['uid', 'cid', 'postcount', 'deleterUid']);
const [isModerator, isAdministrator, isOwner, allowedTo] = await Promise.all([
user.isModerator(uid, topicData.cid),
user.isAdministrator(uid),
@@ -135,7 +136,8 @@ module.exports = function (privileges) {
throw new Error(langKey);
}
return allowedTo[0] && (isOwner || isModerator);
const deleterUid = topicData.deleterUid;
return allowedTo[0] && ((isOwner && (deleterUid === 0 || deleterUid === topicData.uid)) || isModerator);
};
privileges.topics.canEdit = async function (tid, uid) {

1
src/topics/data.js
View File

@@ -11,6 +11,7 @@ const intFields = [
'tid', 'cid', 'uid', 'mainPid', 'postcount',
'viewcount', 'deleted', 'locked', 'pinned',
'timestamp', 'upvotes', 'downvotes', 'lastposttime',
'deleterUid',
];
module.exports = function (Topics) {

3
src/topics/index.js
View File

@@ -50,8 +50,7 @@ Topics.getTopics = async function (tids, options) {
}
tids = await privileges.topics.filterTids('topics:read', tids, uid);
const topics = await Topics.getTopicsByTids(tids, options);
return topics;
return await Topics.getTopicsByTids(tids, options);
};
Topics.getTopicsByTids = async function (tids, options) {

7
src/user/online.js
View File

@@ -30,11 +30,8 @@ module.exports = function (User) {
const now = Date.now();
const isArray = Array.isArray(uid);
uid = isArray ? uid : [uid];
const lastonline = db.sortedSetScores('users:online', uid);
const isOnline = uid.map(function (uid, index) {
return (now - lastonline[index]) < (meta.config.onlineCutoff * 60000);
});
const lastonline = await db.sortedSetScores('users:online', uid);
const isOnline = uid.map((uid, index) => (now - lastonline[index]) < (meta.config.onlineCutoff * 60000));
return isArray ? isOnline : isOnline[0];
};
};