diff --git a/CHANGELOG.md b/CHANGELOG.md index 7055ccfb7b..8b43ddb762 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,40 @@ +#### v2.6.1 (2022-11-28) + +##### Chores + +* incrementing version number - v2.6.0 (e7fcf482) +* update changelog for v2.6.0 (eedd84ae) +* incrementing version number - v2.5.8 (dec0e7de) +* incrementing version number - v2.5.7 (5836bf4a) +* incrementing version number - v2.5.6 (c7bd7dbf) +* incrementing version number - v2.5.5 (3509ed94) +* incrementing version number - v2.5.4 (e83260ca) +* incrementing version number - v2.5.3 (7e922936) +* incrementing version number - v2.5.2 (babcd17e) +* incrementing version number - v2.5.1 (ce3aa950) +* incrementing version number - v2.5.0 (01d276cb) +* incrementing version number - v2.4.5 (dd3e1a28) +* incrementing version number - v2.4.4 (d5525c87) +* incrementing version number - v2.4.3 (9c647c6c) +* incrementing version number - v2.4.2 (3aa7b855) +* incrementing version number - v2.4.1 (60cbd148) +* incrementing version number - v2.4.0 (4834cde3) +* incrementing version number - v2.3.1 (d2425942) +* incrementing version number - v2.3.0 (046ea120) + +##### Documentation Changes + +* remote extraneous lines from changelog (8a15e58d) + +##### Bug Fixes + +* prototype vulnerability in socket.io onMessage (48d14392) +* #11066, fix custom privilege/path in routePrefixMap (0e495f9e) + +##### Refactors + +* not deprecated on 2.x (91c2e5ac) + #### v2.6.0 (2022-11-23) ##### Chores diff --git a/install/package.json b/install/package.json index b7a9570750..5c7e28fe9c 100644 --- a/install/package.json +++ b/install/package.json @@ -2,7 +2,7 @@ "name": "nodebb", "license": "GPL-3.0", "description": "NodeBB Forum", - "version": "2.6.0", + "version": "2.6.1", "homepage": "http://www.nodebb.org", "repository": { "type": "git", diff --git a/public/language/hy/_DO_NOT_EDIT_FILES_HERE.md b/public/language/hy/_DO_NOT_EDIT_FILES_HERE.md new file mode 100644 index 0000000000..1faf87ad65 --- /dev/null +++ b/public/language/hy/_DO_NOT_EDIT_FILES_HERE.md @@ -0,0 +1,3 @@ +# The files here are not meant to be edited directly + +Please see the → [Internalization README](../README.md). \ No newline at end of file diff --git a/src/privileges/admin.js b/src/privileges/admin.js index 1f7255f52a..5a733d30f4 100644 --- a/src/privileges/admin.js +++ b/src/privileges/admin.js @@ -56,6 +56,14 @@ privsAdmin.routeMap = { 'extend/plugins': 'admin:settings', 'extend/widgets': 'admin:settings', 'extend/rewards': 'admin:settings', + // uploads + 'category/uploadpicture': 'admin:categories', + uploadfavicon: 'admin:settings', + uploadTouchIcon: 'admin:settings', + uploadMaskableIcon: 'admin:settings', + uploadlogo: 'admin:settings', + uploadOgImage: 'admin:settings', + uploadDefaultAvatar: 'admin:settings', }; privsAdmin.routePrefixMap = { 'manage/categories/': 'admin:categories', diff --git a/src/privileges/categories.js b/src/privileges/categories.js index 92b0edd849..8abdd0b34f 100644 --- a/src/privileges/categories.js +++ b/src/privileges/categories.js @@ -47,6 +47,7 @@ privsCategories.getPrivilegeList = async () => { }; privsCategories.init = async () => { + privsCategories._coreSize = _privilegeMap.size; await plugins.hooks.fire('static:privileges.categories.init', { privileges: _privilegeMap, }); @@ -72,8 +73,8 @@ privsCategories.list = async function (cid) { }); payload.keys = keys; - payload.columnCountUserOther = payload.labels.users.length - labels.users.length; - payload.columnCountGroupOther = payload.labels.groups.length - labels.groups.length; + payload.columnCountUserOther = payload.labels.users.length - privsCategories._coreSize; + payload.columnCountGroupOther = payload.labels.groups.length - privsCategories._coreSize; return payload; }; diff --git a/test/controllers-admin.js b/test/controllers-admin.js index 48137ddd81..c53f3ce3e3 100644 --- a/test/controllers-admin.js +++ b/test/controllers-admin.js @@ -832,7 +832,18 @@ describe('Admin Controllers', () => { }); }); } - for (const route of Object.keys(privileges.admin.routeMap)) { + const uploadRoutes = [ + 'category/uploadpicture', + 'uploadfavicon', + 'uploadTouchIcon', + 'uploadMaskableIcon', + 'uploadlogo', + 'uploadOgImage', + 'uploadDefaultAvatar', + ]; + const adminRoutes = Object.keys(privileges.admin.routeMap) + .filter(route => !uploadRoutes.includes(route)); + for (const route of adminRoutes) { /* eslint-disable no-await-in-loop */ await privileges.admin.rescind([privileges.admin.routeMap[route]], uid); let res = await makeRequest(`${nconf.get('url')}/api/admin/${route}`); @@ -845,7 +856,7 @@ describe('Admin Controllers', () => { await privileges.admin.rescind([privileges.admin.routeMap[route]], uid); } - for (const route of Object.keys(privileges.admin.routeMap)) { + for (const route of adminRoutes) { /* eslint-disable no-await-in-loop */ await privileges.admin.rescind([privileges.admin.routeMap[route]], uid); let res = await makeRequest(`${nconf.get('url')}/api/admin`);