Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-02-26 00:21:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #14007, deny access for guests to topics in cid -1, unless a post from a local user exists

Browse Source
This commit is contained in:
Julian Lam
2026-02-23 13:26:39 -05:00
parent c1581a1259
commit de4f016f50
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/controllers/topics.js
View File

@@ -41,10 +41,12 @@ topicsController.get = async function getTopic(req, res, next) {
userPrivileges,
settings,
rssToken,
uids,
] = await Promise.all([
privileges.topics.get(tid, req.uid),
user.getSettings(req.uid),
user.auth.getFeedToken(req.uid),
topics.getUids(tid),
]);
let currentPage = parseInt(req.query.page, 10) || 1;
@@ -53,7 +55,8 @@ topicsController.get = async function getTopic(req, res, next) {
if (
userPrivileges.disabled ||
invalidPagination ||
(topicData.scheduled && !userPrivileges.view_scheduled)
(topicData.scheduled && !userPrivileges.view_scheduled) ||
(!req.uid && (topicData.cid === -1 && !uids.filter(uid => utils.isNumber(uid)).length))
) {
return next();
}