From b0d44f418e38855e3964ba8bcb095d6b560fea99 Mon Sep 17 00:00:00 2001
From: Rene Saarsoo <nene@triin.net>
Date: Mon, 25 Jun 2012 13:21:27 +0300
Subject: [PATCH] Fix moderator detection.

It seems that VBulletin membergroupids have changed.  ID 7 no more
means a moderator - instead all moderators have 2 and dev team
has additional ID of 19.

The mapping of membergroupids to moderator status is now done just
once at login time.  Previously the group number was checked whenever
one wanted to determine moderator status, although a boolean moderator
field had been set at login.

Additionally fixed emailHash saving in ForumUser#clientUser - previously
the result of calculation was just thrown away.
---
 opt/comments-server-side/ForumUser.js | 65 ++++++++++++---------------
 opt/comments-server-side/util.js      | 12 +----
 2 files changed, 30 insertions(+), 47 deletions(-)

diff --git a/opt/comments-server-side/ForumUser.js b/opt/comments-server-side/ForumUser.js
index fbde5ca7..561c7a29 100644
--- a/opt/comments-server-side/ForumUser.js
+++ b/opt/comments-server-side/ForumUser.js
@@ -12,69 +12,60 @@ var ForumUser = exports.ForumUser = function(client) {
 ForumUser.prototype = {
 
     login: function(username, password, callback) {
-
         var sql = "SELECT userid, usergroupid, membergroupids, email, username, password, salt FROM user WHERE username = ?",
             self = this;
 
-        this.client.query(sql, [username],
+        this.client.query(sql, [username], function(err, results, fields) {
+            if (err) {
+                callback(err);
+                return;
+            }
 
-            function selectCb(err, results, fields) {
-                if (err) {
-                    callback(err);
-                    return;
-                }
+            if (results.length == 0) {
+                callback("No such user");
+                return;
+            }
 
-                if (results.length == 0) {
-                    callback("No such user");
-                    return;
-                }
+            var user = results[0];
 
-                if (!self.checkPassword(password, results[0].salt, results[0].password)) {
-                    callback("Invalid password");
-                    return;
-                }
+            if (!self.checkPassword(password, user.salt, user.password)) {
+                callback("Invalid password");
+                return;
+            }
 
-                var user = self.getUserFromResult(results[0]);
+            user.moderator = self.isModerator(user);
 
-                callback(null, user);
-            }
-        );
+            callback(null, user);
+        });
     },
 
     clientUser: function(user) {
-
-        crypto.createHash('md5').update(user.email).digest("hex");
-
         return {
-            emailHash: user.email,
+            emailHash: crypto.createHash('md5').update(user.email).digest("hex"),
             userName: user.username,
             userId: user.userid,
-            mod: _.include(user.membergroupids, 7)
+            mod: user.moderator
         };
     },
 
     checkPassword: function(password, salt, saltedPassword) {
-
         password = crypto.createHash('md5').update(password).digest("hex") + salt;
         password = crypto.createHash('md5').update(password).digest("hex");
 
         return password == saltedPassword;
     },
 
-    getUserFromResult: function(result) {
-
-        var ids, id;
+    isModerator: function(user) {
+        var COMMUNITY_SUPPORT_TEAM = 2;
+        var DEV_TEAM = 19;
 
-        if (result.membergroupids) {
-            ids = result.membergroupids.split(',');
-            result.membergroupids = [];
-            for (id in ids) {
-                result.membergroupids.push(Number(ids[id]));
-            }
+        if (typeof user.membergroupids === "string") {
+            var ids = _.map(user.membergroupids.split(','), parseInt);
+        }
+        else {
+            var ids = [];
         }
 
-        result.moderator = _.include(result.membergroupids, 7);
-
-        return result;
+        return _.include(ids, COMMUNITY_SUPPORT_TEAM) || _.include(ids, DEV_TEAM);
     }
 };
diff --git a/opt/comments-server-side/util.js b/opt/comments-server-side/util.js
index ff6b37c8..8db8f6c1 100644
--- a/opt/comments-server-side/util.js
+++ b/opt/comments-server-side/util.js
@@ -216,14 +216,6 @@ exports.findCommentMeta = function(req, res, next) {
     }
 };
 
-/**
- * True if the user is moderator
- */
-function isModerator(user) {
-    return _.include(user.membergroupids, 7);
-}
-exports.isModerator = isModerator;
-
 /**
  * True if the user is author of the comment
  */
@@ -241,7 +233,7 @@ exports.isAuthor = isAuthor;
  * @param {Function} next
  */
 exports.requireOwner = function(req, res, next) {
-    if (isModerator(req.session.user) || isAuthor(req.session.user, req.comment)) {
+    if (req.session.user.moderator || isAuthor(req.session.user, req.comment)) {
         next();
     }
     else {
@@ -430,7 +422,7 @@ exports.getCommentReads = function(req, res, next) {
     req.commentMeta = req.commentMeta || {};
     req.commentMeta.reads = req.commentMeta.reads || [];
 
-    if (req.session.user && isModerator(req.session.user)) {
+    if (req.session.user && req.session.user.moderator) {
         Meta.find({
             userId: req.session.user.userid
         }, function(err, commentMeta) {
-- 
GitLab