Commit 72253f9c authored by Nicolas Giard's avatar Nicolas Giard Committed by Nick

fix: root admin access deny bug + patreon link

parent 8f573ffd
...@@ -5,6 +5,7 @@ indent_style = space ...@@ -5,6 +5,7 @@ indent_style = space
indent_size = 2 indent_size = 2
charset = utf-8 charset = utf-8
trim_trailing_whitespace = true trim_trailing_whitespace = true
end_of_line = lf
insert_final_newline = true insert_final_newline = true
[*.{jade,pug,md}] [*.{jade,pug,md}]
......
...@@ -7,10 +7,6 @@ ...@@ -7,10 +7,6 @@
.admin-header-title .admin-header-title
.headline.primary--text {{ $t('admin:contribute.title') }} .headline.primary--text {{ $t('admin:contribute.title') }}
.subheading.grey--text {{ $t('admin:contribute.subtitle') }} .subheading.grey--text {{ $t('admin:contribute.subtitle') }}
v-spacer
v-btn(depressed, color='primary', href='https://opencollective.com/wikijs', large)
v-icon(left) local_atm
span {{ $t('admin:contribute.makeADonation') }}
v-card.mt-3 v-card.mt-3
v-card-text v-card-text
i18next.body-1.pl-3(path='admin:contribute.openSource', tag='div') i18next.body-1.pl-3(path='admin:contribute.openSource', tag='div')
...@@ -20,7 +16,11 @@ ...@@ -20,7 +16,11 @@
.body-1.pt-3.pl-3 {{ $t('admin:contribute.needYourHelp') }} .body-1.pt-3.pl-3 {{ $t('admin:contribute.needYourHelp') }}
v-divider.mt-3 v-divider.mt-3
v-subheader {{ $t('admin:contribute.fundOurWork') }} v-subheader {{ $t('admin:contribute.fundOurWork') }}
.body-1.pl-3 {{ $t('admin:contribute.openCollective') }} .body-1.pl-3 {{ $t('admin:contribute.patreon') }}
v-card-actions.ml-2
a(href='https://www.patreon.com/bePatron?u=16744039', :title='$t(`admin:contribute.becomeAPatron`)')
img(src='/img/become_a_patron_button.png', :alt='$t(`admin:contribute.becomeAPatron`)' style='width:200px;')
.body-1.mt-3.pl-3 {{ $t('admin:contribute.openCollective') }}
v-card-actions.ml-2 v-card-actions.ml-2
v-btn(outline, :color='darkMode ? `blue lighten-1` : `primary`', href='https://opencollective.com/wikijs') v-btn(outline, :color='darkMode ? `blue lighten-1` : `primary`', href='https://opencollective.com/wikijs')
v-icon(left) local_atm v-icon(left) local_atm
......
...@@ -26,7 +26,7 @@ ...@@ -26,7 +26,7 @@
@click.native.stop='exit' @click.native.stop='exit'
) )
v-icon(color='red', :left='$vuetify.breakpoint.lgAndUp') close v-icon(color='red', :left='$vuetify.breakpoint.lgAndUp') close
span.white--text(v-if='$vuetify.breakpoint.lgAndUp') {{ $t('common:actions.discard') }} span.white--text(v-if='$vuetify.breakpoint.lgAndUp') {{ $t('editor:close') }}
v-content v-content
component(:is='currentEditor') component(:is='currentEditor')
editor-modal-properties(v-model='dialogProps') editor-modal-properties(v-model='dialogProps')
......
This diff was suppressed by a .gitattributes entry.
# -- DEV DOCKERFILE -- # -- DEV DOCKERFILE --
# -- DO NOT USE IN PRODUCTION! -- # -- DO NOT USE IN PRODUCTION! --
FROM node:10.14-alpine FROM node:10-alpine
LABEL maintainer "requarks.io" LABEL maintainer "requarks.io"
RUN apk update && \ RUN apk update && \
apk add bash curl git python make g++ --no-cache && \ apk add bash curl git python make g++ --no-cache && \
mkdir -p /var/wiki mkdir -p /wiki
WORKDIR /var/wiki WORKDIR /wiki
COPY package.json . COPY package.json .
RUN yarn --silent RUN yarn --silent
COPY ./dev/docker/init.sh ./init.sh COPY ./dev/docker/init.sh ./init.sh
......
...@@ -49,8 +49,8 @@ services: ...@@ -49,8 +49,8 @@ services:
ports: ports:
- "3000:3000" - "3000:3000"
volumes: volumes:
- .:/var/wiki - .:/wiki
- /var/wiki/node_modules - /wiki/node_modules
command: ["sh", "./dev/docker/init.sh"] command: ["sh", "./dev/docker/init.sh"]
networks: networks:
......
...@@ -30,6 +30,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => { ...@@ -30,6 +30,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => {
}) })
if (page) { if (page) {
if (!WIKI.auth.checkAccess(req.user, ['manage:pages'], pageArgs)) { if (!WIKI.auth.checkAccess(req.user, ['manage:pages'], pageArgs)) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'edit'}) return res.render('unauthorized', { action: 'edit'})
} }
...@@ -40,6 +41,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => { ...@@ -40,6 +41,7 @@ router.get(['/e', '/e/*'], async (req, res, next) => {
page.content = Buffer.from(page.content).toString('base64') page.content = Buffer.from(page.content).toString('base64')
} else { } else {
if (!WIKI.auth.checkAccess(req.user, ['write:pages'], pageArgs)) { if (!WIKI.auth.checkAccess(req.user, ['write:pages'], pageArgs)) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'create'}) return res.render('unauthorized', { action: 'create'})
} }
...@@ -78,6 +80,7 @@ router.get(['/h', '/h/*'], async (req, res, next) => { ...@@ -78,6 +80,7 @@ router.get(['/h', '/h/*'], async (req, res, next) => {
const pageArgs = pageHelper.parsePath(req.path) const pageArgs = pageHelper.parsePath(req.path)
if (!WIKI.auth.checkAccess(req.user, ['read:pages'], pageArgs)) { if (!WIKI.auth.checkAccess(req.user, ['read:pages'], pageArgs)) {
_.set(res.locals, 'pageMeta.title', 'Unauthorized')
return res.render('unauthorized', { action: 'history'}) return res.render('unauthorized', { action: 'history'})
} }
......
...@@ -114,6 +114,7 @@ module.exports = { ...@@ -114,6 +114,7 @@ module.exports = {
try { try {
const newToken = await WIKI.models.users.refreshToken(jwtPayload.id) const newToken = await WIKI.models.users.refreshToken(jwtPayload.id)
user = newToken.user user = newToken.user
req.user = user
// Try headers, otherwise cookies for response // Try headers, otherwise cookies for response
if (req.get('content-type') === 'application/json') { if (req.get('content-type') === 'application/json') {
...@@ -153,20 +154,18 @@ module.exports = { ...@@ -153,20 +154,18 @@ module.exports = {
* @param {String|Boolean} path * @param {String|Boolean} path
*/ */
checkAccess(user, permissions = [], page = false) { checkAccess(user, permissions = [], page = false) {
const userPermissions = user.permissions ? user.permissions : user.getGlobalPermissions()
// System Admin // System Admin
if (_.includes(user.permissions, 'manage:system')) { if (_.includes(userPermissions, 'manage:system')) {
return true return true
} }
const userPermissions = user.permissions ? user.permissions : user.getGlobalPermissions()
// Check Global Permissions // Check Global Permissions
if (_.intersection(userPermissions, permissions).length < 1) { if (_.intersection(userPermissions, permissions).length < 1) {
return false return false
} }
console.info('---------------------')
// Check Page Rules // Check Page Rules
if (path && user.groups) { if (path && user.groups) {
let checkState = { let checkState = {
...@@ -204,9 +203,6 @@ module.exports = { ...@@ -204,9 +203,6 @@ module.exports = {
}) })
}) })
console.info('DAKSJDHKASJD')
console.info(checkState)
return (checkState.match && !checkState.deny) return (checkState.match && !checkState.deny)
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment