nbb-fix-categories-groups-privileges-v1.4.6.js

// tested with NodeBB v1.4.6+

var path  = require('path');
var nconf = require('nconf');
var async = require('async');
var pkg = require('./package.json');

nconf.file({ file: path.join(__dirname, './config.json') });

nconf.defaults({
	base_dir: __dirname,
	themes_path: path.join(__dirname, 'node_modules'),
	upload_path: 'public/uploads',
	views_dir: path.join(__dirname, 'build/public/templates'),
	version: pkg.version
});

var dbType = nconf.get('database');
var productionDbConfig = nconf.get(dbType);

nconf.set(dbType, productionDbConfig);
var db = require('./src/database');

db.init(function() {
	var batch = require('./src/batch');
	var privileges = require('./src/privileges');
	var groups = require('./src/groups');

	var PRIVILEGES = privileges.groupPrivilegeList.slice(0).map(function (p) { return p.replace(/^groups:/, ''); });
	var RESCIND_PRIVILEGES = PRIVILEGES.slice(0);
	var GIVE_PRIVILEGES = PRIVILEGES.slice(0).filter(function (privilege) {
		return !/purge|moderate/.test(privilege);
	});

	async.series([

		function cleanPrivileges (next) {
			// comment this return out if you want to remove the current group privileges on all categories.
			// make sure you also uncomment the series.function right below it, in setDefaults()
			// return next();

			db.getSortedSetRange('categories:cid', 0, -1, function (err, cids) {
				async.each(cids, function (categoryId, next) {
					privileges.categories.list(categoryId, function (err, privs) {
						if (!privs || !privs.groups || !Array.isArray(privs.groups) || !privs.groups.length) {
							return next();
						}
						async.each(privs.groups, function (group, next) {
							if (!group.name || !group.privileges) {
								return next();
							}
							var privilegesNames = Object.keys(group.privileges || {})
								.filter(function (privilegeName) {
									return /^groups:/.test(privilegeName);
								})
								.map(function (privilegeName) {
									return privilegeName.replace(/^groups:/, '');
								});
							privileges.categories.rescind(privilegesNames, categoryId, group.name, function (e) {
								console.log('cleaned cid:' + categoryId);
								next(e);
							});
						}, next);
					}, next);
				}, next);
			});
		},

		function setDefaults (next) {
			// comment this return out if you want to remove the current group privileges on all categories.
			// return next();

			db.getSortedSetRange('categories:cid', 0, -1, function (err, cids) {
				async.each(cids, function (categoryId, next) {
					async.series([
						function (next) {
							privileges.categories.give(GIVE_PRIVILEGES, categoryId, 'administrators', next);
						},
						function (next) {
							privileges.categories.give(GIVE_PRIVILEGES, categoryId, 'registered-users', next);
						},
						function (next) {
							privileges.categories.give(['find', 'read', 'topics:read'], categoryId, 'guests', next);
						}
					], function (e) {
						console.log('set default privileges on cid:' + categoryId);
						next(e);
					});
				}, next);
			});
		},

		function (next) {
			groups.getGroups('groups:createtime', 0, -1, function (err, groupNames) {
				async.each(groupNames, function (groupName, next) {
					if (groups.isPrivilegeGroup(groupName)) {
						return next();
					}
					console.log('Giving groupName:' + groupName + ' only access to its cids');

					async.waterfall([
						function (next) {
							db.getObjectField('group:' + groupName, '_imported_cids', next);
						},
						function (value, next) {
							if (!value) {
								return next();
							}
							var _cids = value.split(',');
							async.each(_cids, function (_cid, next) {
								var categoryId;
								var category;
								var rescindGuestsAndUsers = true;

								async.series([
									function (next) {
										db.getObject('_imported_category:' + _cid, function (e, importedCategory) {
											if (e || !importedCategory) {
												return next(e);
											}

											categoryId = importedCategory.cid;
											category = importedCategory;


											// ubnt only
											if (!/private|alpha|beta|moderator|administrator|\(nda\)/i.test(importedCategory.name)) {
												rescindGuestsAndUsers = false;
											}

											next(e);
										});
									},
									function (next) {
										if (!rescindGuestsAndUsers) {
											return next();
										}
										categoryId && console.log('rescind guests access to ' + categoryId);
										categoryId ? privileges.categories.rescind(RESCIND_PRIVILEGES, categoryId, 'guests', next) : next();
									},
									function (next) {
										if (!rescindGuestsAndUsers) {
											return next();
										}
										categoryId && console.log('rescind registered-users access to ' + categoryId);
										categoryId ? privileges.categories.rescind(RESCIND_PRIVILEGES, categoryId, 'registered-users', next) : next();
									},
									function (next) {
										categoryId && console.log('rescind ' + groupName + ' access to ' + categoryId);
										categoryId ? privileges.categories.rescind(RESCIND_PRIVILEGES, categoryId, groupName, next) : next();
									},
									function (next) {
										categoryId && console.log('give ' + groupName + ' access to ' + categoryId);
										categoryId ? privileges.categories.give(GIVE_PRIVILEGES, categoryId, groupName, next) : next();
									}
								], function (e) {
									categoryId && console.log('processed cid:' + categoryId + ', with gid:' + groupName);
									next(e);
								});
							}, next);
						}
					], next);
				}, next);
			});
		}
	], function (e) {
		if (e) {
			throw e;
		}
		console.log('ALL DONE!');
		process.exit(0);
	});
});