From 5938a2078517b811233f5c599a150e3744d40a97 Mon Sep 17 00:00:00 2001 From: Nick Date: Tue, 19 Mar 2019 15:15:40 -0400 Subject: [PATCH] fix: missing guest global permissions (#788) --- server/controllers/common.js | 14 +++++++------- server/models/users.js | 5 +++-- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/server/controllers/common.js b/server/controllers/common.js index 1a170fe6..1d892f40 100644 --- a/server/controllers/common.js +++ b/server/controllers/common.js @@ -11,7 +11,7 @@ const _ = require('lodash') router.get('/robots.txt', (req, res, next) => { res.type('text/plain') if (_.includes(WIKI.config.seo.robots, 'noindex')) { - res.send("User-agent: *\nDisallow: /") + res.send('User-agent: *\nDisallow: /') } else { res.status(200).end() } @@ -31,7 +31,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => { if (page) { if (!WIKI.auth.checkAccess(req.user, ['manage:pages'], pageArgs)) { _.set(res.locals, 'pageMeta.title', 'Unauthorized') - return res.render('unauthorized', { action: 'edit'}) + return res.render('unauthorized', { action: 'edit' }) } _.set(res.locals, 'pageMeta.title', `Edit ${page.title}`) @@ -42,7 +42,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => { } else { if (!WIKI.auth.checkAccess(req.user, ['write:pages'], pageArgs)) { _.set(res.locals, 'pageMeta.title', 'Unauthorized') - return res.render('unauthorized', { action: 'create'}) + return res.render('unauthorized', { action: 'create' }) } _.set(res.locals, 'pageMeta.title', `New Page`) @@ -81,7 +81,7 @@ router.get(['/h', '/h/*'], async (req, res, next) => { if (!WIKI.auth.checkAccess(req.user, ['read:pages'], pageArgs)) { _.set(res.locals, 'pageMeta.title', 'Unauthorized') - return res.render('unauthorized', { action: 'history'}) + return res.render('unauthorized', { action: 'history' }) } const page = await WIKI.models.pages.getPageFromDb({ @@ -106,7 +106,7 @@ router.get(['/s', '/s/*'], async (req, res, next) => { const pageArgs = pageHelper.parsePath(req.path) if (!WIKI.auth.checkAccess(req.user, ['read:pages'], pageArgs)) { - return res.render('unauthorized', { action: 'source'}) + return res.render('unauthorized', { action: 'source' }) } const page = await WIKI.models.pages.getPageFromDb({ @@ -135,7 +135,7 @@ router.get('/*', async (req, res, next) => { return res.redirect('/login') } else { _.set(res.locals, 'pageMeta.title', 'Unauthorized') - return res.render('unauthorized', { action: 'view'}) + return res.render('unauthorized', { action: 'view' }) } } @@ -163,7 +163,7 @@ router.get('/*', async (req, res, next) => { if (WIKI.auth.checkAccess(req.user, ['write:pages'], pageArgs)) { res.status(404).render('new', { pagePath: req.path }) } else { - res.render('notfound', { action: 'view'}) + res.render('notfound', { action: 'view' }) } } }) diff --git a/server/models/users.js b/server/models/users.js index 23e63822..914820b7 100644 --- a/server/models/users.js +++ b/server/models/users.js @@ -264,7 +264,7 @@ module.exports = class User extends Model { WIKI.logger.warn(`Failed to refresh token for user ${user}: Not found.`) throw new WIKI.Error.AuthGenericError() } - } else if(_.isNil(user.groups)) { + } else if (_.isNil(user.groups)) { await user.$relatedQuery('groups').select('groups.id', 'permissions') } @@ -353,7 +353,7 @@ module.exports = class User extends Model { minimum: 2, maximum: 255 } - }, + } }, { format: 'flat' }) if (validation && validation.length > 0) { throw new WIKI.Error.InputInvalid(validation[0]) @@ -422,6 +422,7 @@ module.exports = class User extends Model { WIKI.logger.error('CRITICAL ERROR: Guest user is missing!') process.exit(1) } + user.permissions = user.getGlobalPermissions() return user } }