diff --git a/public/openapi/read.yaml b/public/openapi/read.yaml index c57e7c1257..8a60e0342f 100644 --- a/public/openapi/read.yaml +++ b/public/openapi/read.yaml @@ -4542,6 +4542,13 @@ paths: type: string searchDefaultSortBy: type: string + permissions: + type: object + properties: + users: + type: boolean + content: + type: boolean required: - posts - matchCount @@ -4556,6 +4563,7 @@ paths: - showAsTopics - title - searchDefaultSortBy + - permissions - $ref: components/schemas/Pagination.yaml#/Pagination - $ref: components/schemas/Breadcrumbs.yaml#/Breadcrumbs - $ref: components/schemas/CommonProps.yaml#/CommonProps diff --git a/src/controllers/search.js b/src/controllers/search.js index 1c5da9ce58..9f6aa10c68 100644 --- a/src/controllers/search.js +++ b/src/controllers/search.js @@ -9,6 +9,7 @@ const search = require('../search'); const categories = require('../categories'); const pagination = require('../pagination'); const privileges = require('../privileges'); +const utils = require('../utils'); const helpers = require('./helpers'); const searchController = module.exports; @@ -21,7 +22,13 @@ searchController.search = async function (req, res, next) { const searchOnly = parseInt(req.query.searchOnly, 10) === 1; - const allowed = await privileges.global.can('search:content', req.uid); + const permissions = await utils.promiseParallel({ + users: privileges.global.can('search:users', req.uid), + content: privileges.global.can('search:content', req.uid), + }); + + const allowed = (req.query.in === 'users') ? permissions.users : permissions.content; + if (!allowed) { return helpers.notAllowed(req, res); } @@ -77,6 +84,8 @@ searchController.search = async function (req, res, next) { searchData.title = '[[global:header.search]]'; searchData.searchDefaultSortBy = meta.config.searchDefaultSortBy || ''; + searchData.permissions = permissions; + res.render('search', searchData); };