fix: root admin access deny bug + patreon link
This commit is contained in:
Nicolas Giard
@@ -5,6 +5,7 @@ indent_style = space
|
||||
indent_size = 2
|
||||
charset = utf-8
|
||||
trim_trailing_whitespace = true
|
||||
end_of_line = lf
|
||||
insert_final_newline = true
|
||||
|
||||
[*.{jade,pug,md}]
|
||||
|
||||
@@ -7,10 +7,6 @@
|
||||
.admin-header-title
|
||||
.headline.primary--text {{ $t('admin:contribute.title') }}
|
||||
.subheading.grey--text {{ $t('admin:contribute.subtitle') }}
|
||||
v-spacer
|
||||
v-btn(depressed, color='primary', href='https://opencollective.com/wikijs', large)
|
||||
v-icon(left) local_atm
|
||||
span {{ $t('admin:contribute.makeADonation') }}
|
||||
v-card.mt-3
|
||||
v-card-text
|
||||
i18next.body-1.pl-3(path='admin:contribute.openSource', tag='div')
|
||||
@@ -20,7 +16,11 @@
|
||||
.body-1.pt-3.pl-3 {{ $t('admin:contribute.needYourHelp') }}
|
||||
v-divider.mt-3
|
||||
v-subheader {{ $t('admin:contribute.fundOurWork') }}
|
||||
.body-1.pl-3 {{ $t('admin:contribute.openCollective') }}
|
||||
.body-1.pl-3 {{ $t('admin:contribute.patreon') }}
|
||||
v-card-actions.ml-2
|
||||
a(href='https://www.patreon.com/bePatron?u=16744039', :title='$t(`admin:contribute.becomeAPatron`)')
|
||||
img(src='/img/become_a_patron_button.png', :alt='$t(`admin:contribute.becomeAPatron`)' style='width:200px;')
|
||||
.body-1.mt-3.pl-3 {{ $t('admin:contribute.openCollective') }}
|
||||
v-card-actions.ml-2
|
||||
v-btn(outline, :color='darkMode ? `blue lighten-1` : `primary`', href='https://opencollective.com/wikijs')
|
||||
v-icon(left) local_atm
|
||||
|
||||
@@ -26,7 +26,7 @@
|
||||
@click.native.stop='exit'
|
||||
)
|
||||
v-icon(color='red', :left='$vuetify.breakpoint.lgAndUp') close
|
||||
span.white--text(v-if='$vuetify.breakpoint.lgAndUp') {{ $t('common:actions.discard') }}
|
||||
span.white--text(v-if='$vuetify.breakpoint.lgAndUp') {{ $t('editor:close') }}
|
||||
v-content
|
||||
component(:is='currentEditor')
|
||||
editor-modal-properties(v-model='dialogProps')
|
||||
|
||||
BIN
client/static/img/become_a_patron_button.png
Normal file
BIN
client/static/img/become_a_patron_button.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 6.4 KiB |
@@ -1,14 +1,14 @@
|
||||
# -- DEV DOCKERFILE --
|
||||
# -- DO NOT USE IN PRODUCTION! --
|
||||
|
||||
FROM node:10.14-alpine
|
||||
FROM node:10-alpine
|
||||
LABEL maintainer "requarks.io"
|
||||
|
||||
RUN apk update && \
|
||||
apk add bash curl git python make g++ --no-cache && \
|
||||
mkdir -p /var/wiki
|
||||
mkdir -p /wiki
|
||||
|
||||
WORKDIR /var/wiki
|
||||
WORKDIR /wiki
|
||||
COPY package.json .
|
||||
RUN yarn --silent
|
||||
COPY ./dev/docker/init.sh ./init.sh
|
||||
|
||||
@@ -49,8 +49,8 @@ services:
|
||||
ports:
|
||||
- "3000:3000"
|
||||
volumes:
|
||||
- .:/var/wiki
|
||||
- /var/wiki/node_modules
|
||||
- .:/wiki
|
||||
- /wiki/node_modules
|
||||
command: ["sh", "./dev/docker/init.sh"]
|
||||
|
||||
networks:
|
||||
|
||||
@@ -30,6 +30,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => {
|
||||
})
|
||||
if (page) {
|
||||
if (!WIKI.auth.checkAccess(req.user, ['manage:pages'], pageArgs)) {
|
||||
_.set(res.locals, 'pageMeta.title', 'Unauthorized')
|
||||
return res.render('unauthorized', { action: 'edit'})
|
||||
}
|
||||
|
||||
@@ -40,6 +41,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => {
|
||||
page.content = Buffer.from(page.content).toString('base64')
|
||||
} else {
|
||||
if (!WIKI.auth.checkAccess(req.user, ['write:pages'], pageArgs)) {
|
||||
_.set(res.locals, 'pageMeta.title', 'Unauthorized')
|
||||
return res.render('unauthorized', { action: 'create'})
|
||||
}
|
||||
|
||||
@@ -78,6 +80,7 @@ router.get(['/h', '/h/*'], async (req, res, next) => {
|
||||
const pageArgs = pageHelper.parsePath(req.path)
|
||||
|
||||
if (!WIKI.auth.checkAccess(req.user, ['read:pages'], pageArgs)) {
|
||||
_.set(res.locals, 'pageMeta.title', 'Unauthorized')
|
||||
return res.render('unauthorized', { action: 'history'})
|
||||
}
|
||||
|
||||
|
||||
@@ -114,6 +114,7 @@ module.exports = {
|
||||
try {
|
||||
const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)
|
||||
user = newToken.user
|
||||
req.user = user
|
||||
|
||||
// Try headers, otherwise cookies for response
|
||||
if (req.get('content-type') === 'application/json') {
|
||||
@@ -153,20 +154,18 @@ module.exports = {
|
||||
* @param {String|Boolean} path
|
||||
*/
|
||||
checkAccess(user, permissions = [], page = false) {
|
||||
const userPermissions = user.permissions ? user.permissions : user.getGlobalPermissions()
|
||||
|
||||
// System Admin
|
||||
if (_.includes(user.permissions, 'manage:system')) {
|
||||
if (_.includes(userPermissions, 'manage:system')) {
|
||||
return true
|
||||
}
|
||||
|
||||
const userPermissions = user.permissions ? user.permissions : user.getGlobalPermissions()
|
||||
|
||||
// Check Global Permissions
|
||||
if (_.intersection(userPermissions, permissions).length < 1) {
|
||||
return false
|
||||
}
|
||||
|
||||
console.info('---------------------')
|
||||
|
||||
// Check Page Rules
|
||||
if (path && user.groups) {
|
||||
let checkState = {
|
||||
@@ -204,9 +203,6 @@ module.exports = {
|
||||
})
|
||||
})
|
||||
|
||||
console.info('DAKSJDHKASJD')
|
||||
console.info(checkState)
|
||||
|
||||
return (checkState.match && !checkState.deny)
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user