Commit b0d44f41 authored by Rene Saarsoo's avatar Rene Saarsoo
Browse files

Fix moderator detection. 

It seems that VBulletin membergroupids have changed.  ID 7 no more
means a moderator - instead all moderators have 2 and dev team
has additional ID of 19.

The mapping of membergroupids to moderator status is now done just
once at login time.  Previously the group number was checked whenever
one wanted to determine moderator status, although a boolean moderator
field had been set at login.

Additionally fixed emailHash saving in ForumUser#clientUser - previously
the result of calculation was just thrown away.
parent 1ed3f05c

opt/comments-server-side/ForumUser.js

+28 −37
Original line number Diff line number Diff line
@@ -12,13 +12,10 @@ var ForumUser = exports.ForumUser = function(client) { 
ForumUser.prototype = {



    login: function(username, password, callback) {



        var sql = "SELECT userid, usergroupid, membergroupids, email, username, password, salt FROM user WHERE username = ?",

            self = this;



        this.client.query(sql, [username],



            function selectCb(err, results, fields) {

        this.client.query(sql, [username], function(err, results, fields) {

            if (err) {

                callback(err);

                return;
@@ -29,52 +26,46 @@ ForumUser.prototype = { 
                return;

            }



                if (!self.checkPassword(password, results[0].salt, results[0].password)) {

            var user = results[0];



            if (!self.checkPassword(password, user.salt, user.password)) {

                callback("Invalid password");

                return;

            }



                var user = self.getUserFromResult(results[0]);

            user.moderator = self.isModerator(user);



            callback(null, user);

            }

        );

        });

    },



    clientUser: function(user) {



        crypto.createHash('md5').update(user.email).digest("hex");



        return {

            emailHash: user.email,

            emailHash: crypto.createHash('md5').update(user.email).digest("hex"),

            userName: user.username,

            userId: user.userid,

            mod: _.include(user.membergroupids, 7)

            mod: user.moderator

        };

    },



    checkPassword: function(password, salt, saltedPassword) {



        password = crypto.createHash('md5').update(password).digest("hex") + salt;

        password = crypto.createHash('md5').update(password).digest("hex");



        return password == saltedPassword;

    },



    getUserFromResult: function(result) {

    isModerator: function(user) {

        var COMMUNITY_SUPPORT_TEAM = 2;

        var DEV_TEAM = 19;



        var ids, id;



        if (result.membergroupids) {

            ids = result.membergroupids.split(',');

            result.membergroupids = [];

            for (id in ids) {

                result.membergroupids.push(Number(ids[id]));

        if (typeof user.membergroupids === "string") {

            var ids = _.map(user.membergroupids.split(','), parseInt);

        }

        else {

            var ids = [];

        }



        result.moderator = _.include(result.membergroupids, 7);



        return result;

        return _.include(ids, COMMUNITY_SUPPORT_TEAM) || _.include(ids, DEV_TEAM);

    }

};

opt/comments-server-side/util.js

+2 −10
Original line number Diff line number Diff line
@@ -216,14 +216,6 @@ exports.findCommentMeta = function(req, res, next) { 
    }

};



/**

 * True if the user is moderator

 */

function isModerator(user) {

    return _.include(user.membergroupids, 7);

}

exports.isModerator = isModerator;



/**

 * True if the user is author of the comment

 */
@@ -241,7 +233,7 @@ exports.isAuthor = isAuthor; 
 * @param {Function} next

 */

exports.requireOwner = function(req, res, next) {

    if (isModerator(req.session.user) || isAuthor(req.session.user, req.comment)) {

    if (req.session.user.moderator || isAuthor(req.session.user, req.comment)) {

        next();

    }

    else {
@@ -430,7 +422,7 @@ exports.getCommentReads = function(req, res, next) { 
    req.commentMeta = req.commentMeta || {};

    req.commentMeta.reads = req.commentMeta.reads || [];



    if (req.session.user && isModerator(req.session.user)) {

    if (req.session.user && req.session.user.moderator) {

        Meta.find({

            userId: req.session.user.userid

        }, function(err, commentMeta) {