Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-02-25 08:01:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

closes #5872

Browse Source
This commit is contained in:
Baris Usakli
2017-08-11 14:22:02 -04:00
parent 24bbf8fe00
commit c21f64c27f
2 changed files with 35 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/controllers/posts.js
View File

@@ -3,6 +3,7 @@
var async = require('async');
var posts = require('../posts');
var privileges = require('../privileges');
var helpers = require('./helpers');
var postsController = module.exports;
@@ -15,13 +16,23 @@ postsController.redirectToPost = function (req, res, next) {
async.waterfall([
function (next) {
posts.generatePostPath(pid, req.uid, next);
async.parallel({
canRead: function (next) {
privileges.posts.can('read', pid, req.uid, next);
},
path: function (next) {
posts.generatePostPath(pid, req.uid, next);
},
}, next);
},
function (path, next) {
if (!path) {
function (results, next) {
if (!results.canRead) {
return helpers.notAllowed(req, res);
}
if (!results.path) {
return next();
}
helpers.redirect(res, path);
helpers.redirect(res, results.path);
},
], next);
};

20
test/controllers.js
View File

@@ -1232,6 +1232,15 @@ describe('Controllers', function () {
});
describe('post redirect', function () {
var jar;
before(function (done) {
helpers.loginUser('foo', 'barbar', function (err, _jar) {
assert.ifError(err);
jar = _jar;
done();
});
});
it('should 404 for invalid pid', function (done) {
request(nconf.get('url') + '/api/post/fail', function (err, res) {
assert.ifError(err);
@@ -1240,6 +1249,17 @@ describe('Controllers', function () {
});
});
it('should 403 if user does not have read privilege', function (done) {
privileges.categories.rescind(['read'], category.cid, 'registered-users', function (err) {
assert.ifError(err);
request(nconf.get('url') + '/api/post/' + pid, { jar: jar }, function (err, res) {
assert.ifError(err);
assert.equal(res.statusCode, 403);
privileges.categories.give(['read'], category.cid, 'registered-users', done);
});
});
});
it('should return correct post path', function (done) {
request(nconf.get('url') + '/api/post/' + pid, { json: true }, function (err, res, body) {
assert.ifError(err);