Skip to content

Commit

Permalink
feat: limit privileges column to superadmins only
Browse files Browse the repository at this point in the history
  • Loading branch information
@julianlam
julianlam committed Aug 12, 2020
1 parent 9500871 commit 0903eb4
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 8 deletions.
2 changes: 1 addition & 1 deletion src/controllers/admin/privileges.js
View file
Expand Up @@ -17,7 +17,7 @@ privilegesController.get = async function (req, res) {
}

const [privilegesData, categoriesData] = await Promise.all([
method(),
method(isAdminPriv ? req.uid : undefined),
categories.buildForSelectAll(),
]);

Expand Down
24 changes: 18 additions & 6 deletions src/privileges/admin.js
View file
Expand Up @@ -42,7 +42,7 @@ module.exports = function (privileges) {
};
privileges.admin.routeRegexpMap = {
'^manage/categories/\\d+': 'admin:categories',
'^manage/privileges/\\d+': 'admin:privileges',
'^manage/privileges/(\\d+|admin)': 'admin:privileges',
'^settings/[\\w\\-]+$': 'admin:settings',
'^appearance/[\\w]+$': 'admin:settings',
'^plugins/[\\w\\-]+$': 'admin:settings',
Expand Down Expand Up @@ -110,17 +110,29 @@ module.exports = function (privileges) {
return privilege;
};

privileges.admin.list = async function () {
privileges.admin.list = async function (uid) {
const privilegeLabels = privileges.admin.privilegeLabels.slice();
const userPrivilegeList = privileges.admin.userPrivilegeList.slice();
const groupPrivilegeList = privileges.admin.groupPrivilegeList.slice();

// Restrict privileges column to superadmins
if (!(await user.isAdministrator(uid))) {
const idx = privileges.admin.userPrivilegeList.indexOf('admin:privileges');
privilegeLabels.splice(idx, 1);
userPrivilegeList.splice(idx, 1);
groupPrivilegeList.splice(idx, 1);
}

async function getLabels() {
return await utils.promiseParallel({
users: plugins.fireHook('filter:privileges.admin.list_human', privileges.admin.privilegeLabels.slice()),
groups: plugins.fireHook('filter:privileges.admin.groups.list_human', privileges.admin.privilegeLabels.slice()),
users: plugins.fireHook('filter:privileges.admin.list_human', privilegeLabels.slice()),
groups: plugins.fireHook('filter:privileges.admin.groups.list_human', privilegeLabels.slice()),
});
}

const keys = await utils.promiseParallel({
users: plugins.fireHook('filter:privileges.admin.list', privileges.admin.userPrivilegeList.slice()),
groups: plugins.fireHook('filter:privileges.admin.groups.list', privileges.admin.groupPrivilegeList.slice()),
users: plugins.fireHook('filter:privileges.admin.list', userPrivilegeList.slice()),
groups: plugins.fireHook('filter:privileges.admin.groups.list', groupPrivilegeList.slice()),
});

const payload = await utils.promiseParallel({
Expand Down
2 changes: 1 addition & 1 deletion src/socket.io/admin/categories.js
View file
Expand Up @@ -85,7 +85,7 @@ Categories.setPrivilege = async function (socket, data) {

Categories.getPrivilegeSettings = async function (socket, cid) {
if (cid === 'admin') {
return await privileges.admin.list();
return await privileges.admin.list(socket.uid);
} else if (!parseInt(cid, 10)) {
return await privileges.global.list();
}
Expand Down

0 comments on commit 0903eb4

Please sign in to comment.