fix: editing buttons showing up even if no action is allowed (#2043)
* feat: Edit / Page Create Buttons showing up even if no action is allowed #1780
This commit is contained in:
Regev Brody
GitHub
@@ -7,6 +7,30 @@ const _ = require('lodash')
|
||||
|
||||
const tmplCreateRegex = /^[0-9]+(,[0-9]+)?$/
|
||||
|
||||
const getPageEffectivePermissions = (req, page) => {
|
||||
return {
|
||||
comments: {
|
||||
read: WIKI.config.features.featurePageComments ? WIKI.auth.checkAccess(req.user, ['read:comments'], page) : false,
|
||||
write: WIKI.config.features.featurePageComments ? WIKI.auth.checkAccess(req.user, ['write:comments'], page) : false,
|
||||
manage: WIKI.config.features.featurePageComments ? WIKI.auth.checkAccess(req.user, ['manage:comments'], page) : false
|
||||
},
|
||||
history: {
|
||||
read: WIKI.auth.checkAccess(req.user, ['read:history'], page)
|
||||
},
|
||||
source: {
|
||||
read: WIKI.auth.checkAccess(req.user, ['read:source'], page)
|
||||
},
|
||||
pages: {
|
||||
write: WIKI.auth.checkAccess(req.user, ['write:pages'], page),
|
||||
manage: WIKI.auth.checkAccess(req.user, ['manage:pages'], page),
|
||||
delete: WIKI.auth.checkAccess(req.user, ['delete:pages'], page)
|
||||
},
|
||||
system: {
|
||||
manage: WIKI.auth.checkAccess(req.user, ['manage:system'], page)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Robots.txt
|
||||
*/
|
||||
@@ -196,7 +220,11 @@ router.get(['/e', '/e/*'], async (req, res, next) => {
|
||||
}
|
||||
}
|
||||
}
|
||||
res.render('editor', { page, injectCode })
|
||||
|
||||
// -> Effective Permissions
|
||||
const effectivePermissions = getPageEffectivePermissions(req, pageArgs)
|
||||
|
||||
res.render('editor', { page, injectCode, effectivePermissions })
|
||||
})
|
||||
|
||||
/**
|
||||
@@ -234,7 +262,11 @@ router.get(['/h', '/h/*'], async (req, res, next) => {
|
||||
if (page) {
|
||||
_.set(res.locals, 'pageMeta.title', page.title)
|
||||
_.set(res.locals, 'pageMeta.description', page.description)
|
||||
res.render('history', { page })
|
||||
|
||||
// -> Effective Permissions
|
||||
const effectivePermissions = getPageEffectivePermissions(req, pageArgs)
|
||||
|
||||
res.render('history', { page, effectivePermissions })
|
||||
} else {
|
||||
res.redirect(`/${pageArgs.path}`)
|
||||
}
|
||||
@@ -335,7 +367,11 @@ router.get(['/s', '/s/*'], async (req, res, next) => {
|
||||
} else {
|
||||
_.set(res.locals, 'pageMeta.title', page.title)
|
||||
_.set(res.locals, 'pageMeta.description', page.description)
|
||||
res.render('source', { page })
|
||||
|
||||
// -> Effective Permissions
|
||||
const effectivePermissions = getPageEffectivePermissions(req, pageArgs)
|
||||
|
||||
res.render('source', { page, effectivePermissions })
|
||||
}
|
||||
} else {
|
||||
res.redirect(`/${pageArgs.path}`)
|
||||
@@ -447,16 +483,8 @@ router.get('/*', async (req, res, next) => {
|
||||
})
|
||||
}
|
||||
|
||||
// -> Comments Permissions
|
||||
const commentsPermissions = WIKI.config.features.featurePageComments ? {
|
||||
read: WIKI.auth.checkAccess(req.user, ['read:comments'], pageArgs),
|
||||
write: WIKI.auth.checkAccess(req.user, ['write:comments'], pageArgs),
|
||||
manage: WIKI.auth.checkAccess(req.user, ['manage:comments'], pageArgs)
|
||||
} : {
|
||||
read: false,
|
||||
write: false,
|
||||
manage: false
|
||||
}
|
||||
// -> Effective Permissions
|
||||
const effectivePermissions = getPageEffectivePermissions(req, pageArgs)
|
||||
|
||||
// -> Render view
|
||||
res.render('page', {
|
||||
@@ -464,7 +492,7 @@ router.get('/*', async (req, res, next) => {
|
||||
sidebar,
|
||||
injectCode,
|
||||
comments: WIKI.data.commentProvider,
|
||||
commentsPermissions
|
||||
effectivePermissions
|
||||
})
|
||||
}
|
||||
} else if (pageArgs.path === 'home') {
|
||||
|
||||
@@ -18,4 +18,5 @@ block body
|
||||
init-editor=page.editorKey
|
||||
init-content=page.content
|
||||
checkout-date=page.updatedAt
|
||||
effective-permissions=Buffer.from(JSON.stringify(effectivePermissions)).toString('base64')
|
||||
)
|
||||
|
||||
@@ -17,4 +17,5 @@ block body
|
||||
:author-id=page.authorId
|
||||
:is-published=page.isPublished.toString()
|
||||
live-content=page.content
|
||||
effective-permissions=Buffer.from(JSON.stringify(effectivePermissions)).toString('base64')
|
||||
)
|
||||
|
||||
@@ -26,7 +26,7 @@ block body
|
||||
sidebar=Buffer.from(JSON.stringify(sidebar)).toString('base64')
|
||||
nav-mode=config.nav.mode
|
||||
comments-enabled=config.features.featurePageComments
|
||||
comments-permissions=Buffer.from(JSON.stringify(commentsPermissions)).toString('base64')
|
||||
effective-permissions=Buffer.from(JSON.stringify(effectivePermissions)).toString('base64')
|
||||
comments-external=comments.codeTemplate
|
||||
)
|
||||
template(slot='contents')
|
||||
|
||||
@@ -10,4 +10,5 @@ block body
|
||||
path=page.path
|
||||
:version-id=page.versionId
|
||||
version-date=page.versionDate
|
||||
effective-permissions=Buffer.from(JSON.stringify(effectivePermissions)).toString('base64')
|
||||
)= page.content
|
||||
|
||||
Reference in New Issue
Block a user