Skip to content

Commit

Permalink
fix: #12183, remove ensureLoggedIn middleware
Browse files Browse the repository at this point in the history 
from category routes
add privilege check to getTopicCount
  • Loading branch information
@barisusakli
barisusakli committed Nov 24, 2023
1 parent 22932bd commit 0a4f3c8
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 4 deletions.
4 changes: 4 additions & 0 deletions src/api/categories.js
View file
Expand Up @@ -80,6 +80,10 @@ categoriesAPI.delete = async function (caller, { cid }) {
};

categoriesAPI.getTopicCount = async (caller, { cid }) => {
const allowed = await privileges.categories.can('find', cid, caller.uid);
if (!allowed) {
throw new Error('[[error:no-privileges]]');
}
const count = await categories.getCategoryField(cid, 'topic_count');
return { count };
};
Expand Down
8 changes: 4 additions & 4 deletions src/routes/write/categories.js
View file
Expand Up @@ -16,10 +16,10 @@ module.exports = function () {
setupApiRoute(router, 'put', '/:cid', [...middlewares], controllers.write.categories.update);
setupApiRoute(router, 'delete', '/:cid', [...middlewares], controllers.write.categories.delete);

setupApiRoute(router, 'get', '/:cid/count', [...middlewares, middleware.assert.category], controllers.write.categories.getTopicCount);
setupApiRoute(router, 'get', '/:cid/posts', [...middlewares, middleware.assert.category], controllers.write.categories.getPosts);
setupApiRoute(router, 'get', '/:cid/children', [...middlewares, middleware.assert.category], controllers.write.categories.getChildren);
setupApiRoute(router, 'get', '/:cid/topics', [...middlewares, middleware.assert.category], controllers.write.categories.getTopics);
setupApiRoute(router, 'get', '/:cid/count', [middleware.assert.category], controllers.write.categories.getTopicCount);
setupApiRoute(router, 'get', '/:cid/posts', [middleware.assert.category], controllers.write.categories.getPosts);
setupApiRoute(router, 'get', '/:cid/children', [middleware.assert.category], controllers.write.categories.getChildren);
setupApiRoute(router, 'get', '/:cid/topics', [middleware.assert.category], controllers.write.categories.getTopics);

setupApiRoute(router, 'put', '/:cid/watch', [...middlewares, middleware.assert.category], controllers.write.categories.setWatchState);
setupApiRoute(router, 'delete', '/:cid/watch', [...middlewares, middleware.assert.category], controllers.write.categories.setWatchState);
Expand Down

0 comments on commit 0a4f3c8

Please sign in to comment.