src/controllers/write/topics.js

'use strict';

const validator = require('validator');

const api = require('../../api');
const topics = require('../../topics');
const privileges = require('../../privileges');

const helpers = require('../helpers');
const middleware = require('../../middleware');
const uploadsController = require('../uploads');

const Topics = module.exports;

Topics.get = async (req, res) => {
	helpers.formatApiResponse(200, res, await api.topics.get(req, req.params));
};

Topics.create = async (req, res) => {
	const payload = await api.topics.create(req, req.body);
	if (payload.queued) {
		helpers.formatApiResponse(202, res, payload);
	} else {
		helpers.formatApiResponse(200, res, payload);
	}
};

Topics.reply = async (req, res) => {
	const payload = await api.topics.reply(req, { ...req.body, tid: req.params.tid });
	helpers.formatApiResponse(200, res, payload);
};

Topics.delete = async (req, res) => {
	await api.topics.delete(req, { tids: [req.params.tid] });
	helpers.formatApiResponse(200, res);
};

Topics.restore = async (req, res) => {
	await api.topics.restore(req, { tids: [req.params.tid] });
	helpers.formatApiResponse(200, res);
};

Topics.purge = async (req, res) => {
	await api.topics.purge(req, { tids: [req.params.tid] });
	helpers.formatApiResponse(200, res);
};

Topics.pin = async (req, res) => {
	// Pin expiry was not available w/ sockets hence not included in api lib method
	if (req.body.expiry) {
		await topics.tools.setPinExpiry(req.params.tid, req.body.expiry, req.uid);
	}
	await api.topics.pin(req, {	tids: [req.params.tid] });

	helpers.formatApiResponse(200, res);
};

Topics.unpin = async (req, res) => {
	await api.topics.unpin(req, { tids: [req.params.tid] });
	helpers.formatApiResponse(200, res);
};

Topics.lock = async (req, res) => {
	await api.topics.lock(req, { tids: [req.params.tid] });
	helpers.formatApiResponse(200, res);
};

Topics.unlock = async (req, res) => {
	await api.topics.unlock(req, { tids: [req.params.tid] });
	helpers.formatApiResponse(200, res);
};

Topics.follow = async (req, res) => {
	await api.topics.follow(req, req.params);
	helpers.formatApiResponse(200, res);
};

Topics.ignore = async (req, res) => {
	await api.topics.ignore(req, req.params);
	helpers.formatApiResponse(200, res);
};

Topics.unfollow = async (req, res) => {
	await api.topics.unfollow(req, req.params);
	helpers.formatApiResponse(200, res);
};

Topics.addTags = async (req, res) => {
	if (!await privileges.topics.canEdit(req.params.tid, req.user.uid)) {
		return helpers.formatApiResponse(403, res);
	}
	const cid = await topics.getTopicField(req.params.tid, 'cid');
	await topics.validateTags(req.body.tags, cid, req.user.uid, req.params.tid);
	const tags = await topics.filterTags(req.body.tags);

	await topics.addTags(tags, [req.params.tid]);
	helpers.formatApiResponse(200, res);
};

Topics.deleteTags = async (req, res) => {
	if (!await privileges.topics.canEdit(req.params.tid, req.user.uid)) {
		return helpers.formatApiResponse(403, res);
	}

	await topics.deleteTopicTags(req.params.tid);
	helpers.formatApiResponse(200, res);
};

Topics.getThumbs = async (req, res) => {
	if (isFinite(req.params.tid)) {	// post_uuids can be passed in occasionally, in that case no checks are necessary
		const [exists, canRead] = await Promise.all([
			topics.exists(req.params.tid),
			privileges.topics.can('topics:read', req.params.tid, req.uid),
		]);
		if (!exists || !canRead) {
			return helpers.formatApiResponse(403, res);
		}
	}

	helpers.formatApiResponse(200, res, await topics.thumbs.get(req.params.tid));
};

Topics.addThumb = async (req, res) => {
	await checkThumbPrivileges({ tid: req.params.tid, uid: req.user.uid, res });
	if (res.headersSent) {
		return;
	}

	const files = await uploadsController.uploadThumb(req, res);	// response is handled here

	// Add uploaded files to topic zset
	if (files && files.length) {
		await Promise.all(files.map(async (fileObj) => {
			await topics.thumbs.associate({
				id: req.params.tid,
				path: fileObj.path || fileObj.url,
			});
		}));
	}
};

Topics.migrateThumbs = async (req, res) => {
	await Promise.all([
		checkThumbPrivileges({ tid: req.params.tid, uid: req.user.uid, res }),
		checkThumbPrivileges({ tid: req.body.tid, uid: req.user.uid, res }),
	]);
	if (res.headersSent) {
		return;
	}

	await topics.thumbs.migrate(req.params.tid, req.body.tid);
	helpers.formatApiResponse(200, res);
};

Topics.deleteThumb = async (req, res) => {
	if (!req.body.path.startsWith('http')) {
		await middleware.assert.path(req, res, () => {});
		if (res.headersSent) {
			return;
		}
	}

	await checkThumbPrivileges({ tid: req.params.tid, uid: req.user.uid, res });
	if (res.headersSent) {
		return;
	}

	await topics.thumbs.delete(req.params.tid, req.body.path);
	helpers.formatApiResponse(200, res, await topics.thumbs.get(req.params.tid));
};

Topics.reorderThumbs = async (req, res) => {
	await checkThumbPrivileges({ tid: req.params.tid, uid: req.user.uid, res });
	if (res.headersSent) {
		return;
	}

	const exists = await topics.thumbs.exists(req.params.tid, req.body.path);
	if (!exists) {
		return helpers.formatApiResponse(404, res);
	}

	await topics.thumbs.associate({
		id: req.params.tid,
		path: req.body.path,
		score: req.body.order,
	});
	helpers.formatApiResponse(200, res);
};

async function checkThumbPrivileges({ tid, uid, res }) {
	// req.params.tid could be either a tid (pushing a new thumb to an existing topic)
	// or a post UUID (a new topic being composed)
	const isUUID = validator.isUUID(tid);

	// Sanity-check the tid if it's strictly not a uuid
	if (!isUUID && (isNaN(parseInt(tid, 10)) || !await topics.exists(tid))) {
		return helpers.formatApiResponse(404, res, new Error('[[error:no-topic]]'));
	}

	// While drafts are not protected, tids are
	if (!isUUID && !await privileges.topics.canEdit(tid, uid)) {
		return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
	}
}

Topics.getEvents = async (req, res) => {
	if (!await privileges.topics.can('topics:read', req.params.tid, req.uid)) {
		return helpers.formatApiResponse(403, res);
	}

	helpers.formatApiResponse(200, res, await topics.events.get(req.params.tid));
};
feat(writeapi): adding missing files 2020-05-01 15:58:01 -04:00			`'use strict';`

feat: server-side routes for handling multiple topic thumbnails closes #8994, requires 'topic-thumb-refactor' branch of composer-default 2020-12-01 10:37:42 -05:00			`const validator = require('validator');`

refactor: topic creation to use api lib 2020-10-16 10:34:37 -04:00			`const api = require('../../api');`
feat(writeapi): adding missing files 2020-05-01 15:58:01 -04:00			`const topics = require('../../topics');`
feat: more work on topic thumbs refactor - addThumb and deleteThumb are now protected routes (duh) - new getThumbs route GET /api/v3/topics/<tid>/thumbs - Updated `assert.path` middleware to better handle if relative paths are received with upload_url - Slight refactor of thumbs lib to use validator to differentiate between tid and UUID 2020-12-03 15:04:23 -05:00			`const privileges = require('../../privileges');`
feat(writeapi): adding missing files 2020-05-01 15:58:01 -04:00
			`const helpers = require('../helpers');`
fix: tests 2020-12-09 16:46:19 -05:00			`const middleware = require('../../middleware');`
feat: server-side routes for handling multiple topic thumbnails closes #8994, requires 'topic-thumb-refactor' branch of composer-default 2020-12-01 10:37:42 -05:00			`const uploadsController = require('../uploads');`
feat(writeapi): adding missing files 2020-05-01 15:58:01 -04:00
			`const Topics = module.exports;`

feat(api): closes #9123 category and topic routes migrated to Write API 2020-12-29 10:31:53 -05:00			`Topics.get = async (req, res) => {`
			`helpers.formatApiResponse(200, res, await api.topics.get(req, req.params));`
			`};`

feat(writeapi): adding missing files 2020-05-01 15:58:01 -04:00			`Topics.create = async (req, res) => {`
refactor: topic creation to use api lib 2020-10-16 10:34:37 -04:00			`const payload = await api.topics.create(req, req.body);`
			`if (payload.queued) {`
			`helpers.formatApiResponse(202, res, payload);`
			`} else {`
			`helpers.formatApiResponse(200, res, payload);`
feat(writeapi): adding missing files 2020-05-01 15:58:01 -04:00			`}`
			`};`

			`Topics.reply = async (req, res) => {`
feat: topic reply to use api lib (also + missing file) 2020-10-16 11:01:10 -04:00			`const payload = await api.topics.reply(req, { ...req.body, tid: req.params.tid });`
			`helpers.formatApiResponse(200, res, payload);`
feat(writeapi): adding missing files 2020-05-01 15:58:01 -04:00			`};`
feat: topic delete/restore/purge/(un)pin/(un)lock 2020-10-02 16:35:45 -04:00
			`Topics.delete = async (req, res) => {`
fix: missing doTopicAction, fix wrong api params 2020-10-16 21:36:59 -04:00			`await api.topics.delete(req, { tids: [req.params.tid] });`
feat: topic delete/restore/purge/(un)pin/(un)lock 2020-10-02 16:35:45 -04:00			`helpers.formatApiResponse(200, res);`
			`};`

			`Topics.restore = async (req, res) => {`
fix: missing doTopicAction, fix wrong api params 2020-10-16 21:36:59 -04:00			`await api.topics.restore(req, { tids: [req.params.tid] });`
feat: topic delete/restore/purge/(un)pin/(un)lock 2020-10-02 16:35:45 -04:00			`helpers.formatApiResponse(200, res);`
			`};`

			`Topics.purge = async (req, res) => {`
fix: missing doTopicAction, fix wrong api params 2020-10-16 21:36:59 -04:00			`await api.topics.purge(req, { tids: [req.params.tid] });`
feat: topic delete/restore/purge/(un)pin/(un)lock 2020-10-02 16:35:45 -04:00			`helpers.formatApiResponse(200, res);`
			`};`

			`Topics.pin = async (req, res) => {`
feat: allow pins to expire (if set) (#8908) * fix: add back topic assert middleware for pin route * feat: server-side handling of pin expiries * refactor: togglePin to not require uid parameter [breaking] * feat: automatic unpinning if pin has expiration set * feat: client-side modal for setting pin expiration * refactor: categories.getPinnedTids to accept multiple cids ... in preparation for pin expiry logic, direct access to :pinned zsets is discouraged fix: remove references to since-removed jobs file for topics * feat: expire pins when getPinnedTids is called * refactor: make the togglePin change non-breaking The 'action:topic.pin' hook now sends uid again, as before. However, if it is a system action (that is, a pin that expired), 'system' will be sent in instead of a valid uid 2020-11-20 11:31:14 -05:00			`// Pin expiry was not available w/ sockets hence not included in api lib method`
			`if (req.body.expiry) {`
feat: #8983, update pin tooltip in topic 2020-12-01 16:25:13 -05:00			`await topics.tools.setPinExpiry(req.params.tid, req.body.expiry, req.uid);`
feat: allow pins to expire (if set) (#8908) * fix: add back topic assert middleware for pin route * feat: server-side handling of pin expiries * refactor: togglePin to not require uid parameter [breaking] * feat: automatic unpinning if pin has expiration set * feat: client-side modal for setting pin expiration * refactor: categories.getPinnedTids to accept multiple cids ... in preparation for pin expiry logic, direct access to :pinned zsets is discouraged fix: remove references to since-removed jobs file for topics * feat: expire pins when getPinnedTids is called * refactor: make the togglePin change non-breaking The 'action:topic.pin' hook now sends uid again, as before. However, if it is a system action (that is, a pin that expired), 'system' will be sent in instead of a valid uid 2020-11-20 11:31:14 -05:00			`}`
feat: #8983, update pin tooltip in topic 2020-12-01 16:25:13 -05:00			`await api.topics.pin(req, { tids: [req.params.tid] });`
feat: allow pins to expire (if set) (#8908) * fix: add back topic assert middleware for pin route * feat: server-side handling of pin expiries * refactor: togglePin to not require uid parameter [breaking] * feat: automatic unpinning if pin has expiration set * feat: client-side modal for setting pin expiration * refactor: categories.getPinnedTids to accept multiple cids ... in preparation for pin expiry logic, direct access to :pinned zsets is discouraged fix: remove references to since-removed jobs file for topics * feat: expire pins when getPinnedTids is called * refactor: make the togglePin change non-breaking The 'action:topic.pin' hook now sends uid again, as before. However, if it is a system action (that is, a pin that expired), 'system' will be sent in instead of a valid uid 2020-11-20 11:31:14 -05:00
feat: topic delete/restore/purge/(un)pin/(un)lock 2020-10-02 16:35:45 -04:00			`helpers.formatApiResponse(200, res);`
			`};`

			`Topics.unpin = async (req, res) => {`
fix: missing doTopicAction, fix wrong api params 2020-10-16 21:36:59 -04:00			`await api.topics.unpin(req, { tids: [req.params.tid] });`
feat: topic delete/restore/purge/(un)pin/(un)lock 2020-10-02 16:35:45 -04:00			`helpers.formatApiResponse(200, res);`
			`};`

			`Topics.lock = async (req, res) => {`
fix: missing doTopicAction, fix wrong api params 2020-10-16 21:36:59 -04:00			`await api.topics.lock(req, { tids: [req.params.tid] });`
feat: topic delete/restore/purge/(un)pin/(un)lock 2020-10-02 16:35:45 -04:00			`helpers.formatApiResponse(200, res);`
			`};`

			`Topics.unlock = async (req, res) => {`
fix: missing doTopicAction, fix wrong api params 2020-10-16 21:36:59 -04:00			`await api.topics.unlock(req, { tids: [req.params.tid] });`
feat: topic delete/restore/purge/(un)pin/(un)lock 2020-10-02 16:35:45 -04:00			`helpers.formatApiResponse(200, res);`
			`};`

feat(writeapi): topic follow/ignore 2020-10-06 11:36:52 -04:00			`Topics.follow = async (req, res) => {`
refactor: topic follow/ignore to use api lib 2020-10-16 12:30:14 -04:00			`await api.topics.follow(req, req.params);`
feat(writeapi): topic follow/ignore 2020-10-06 11:36:52 -04:00			`helpers.formatApiResponse(200, res);`
			`};`

			`Topics.ignore = async (req, res) => {`
refactor: topic follow/ignore to use api lib 2020-10-16 12:30:14 -04:00			`await api.topics.ignore(req, req.params);`
feat(writeapi): topic follow/ignore 2020-10-06 11:36:52 -04:00			`helpers.formatApiResponse(200, res);`
			`};`

			`Topics.unfollow = async (req, res) => {`
refactor: topic follow/ignore to use api lib 2020-10-16 12:30:14 -04:00			`await api.topics.unfollow(req, req.params);`
feat(writeapi): topic follow/ignore 2020-10-06 11:36:52 -04:00			`helpers.formatApiResponse(200, res);`
			`};`

feat(writeapi): topic tags 2020-10-06 11:54:25 -04:00			`Topics.addTags = async (req, res) => {`
fix: access checks for tags and thumbs get route 2021-01-12 17:38:35 -05:00			`if (!await privileges.topics.canEdit(req.params.tid, req.user.uid)) {`
			`return helpers.formatApiResponse(403, res);`
			`}`
feat: store topic tags in topic hash (#9656) * feat: store topic tags in topic hash breaking: remove color info from tags (use css) * fix: remove unused tag modal * fix: tag search 2021-07-12 19:25:04 -04:00			`const cid = await topics.getTopicField(req.params.tid, 'cid');`
			`await topics.validateTags(req.body.tags, cid, req.user.uid, req.params.tid);`
			`const tags = await topics.filterTags(req.body.tags);`
fix: access checks for tags and thumbs get route 2021-01-12 17:38:35 -05:00
feat: store topic tags in topic hash (#9656) * feat: store topic tags in topic hash breaking: remove color info from tags (use css) * fix: remove unused tag modal * fix: tag search 2021-07-12 19:25:04 -04:00			`await topics.addTags(tags, [req.params.tid]);`
feat(writeapi): topic tags 2020-10-06 11:54:25 -04:00			`helpers.formatApiResponse(200, res);`
			`};`

			`Topics.deleteTags = async (req, res) => {`
fix: access checks for tags and thumbs get route 2021-01-12 17:38:35 -05:00			`if (!await privileges.topics.canEdit(req.params.tid, req.user.uid)) {`
			`return helpers.formatApiResponse(403, res);`
			`}`

feat(writeapi): topic tags 2020-10-06 11:54:25 -04:00			`await topics.deleteTopicTags(req.params.tid);`
			`helpers.formatApiResponse(200, res);`
			`};`
feat: server-side routes for handling multiple topic thumbnails closes #8994, requires 'topic-thumb-refactor' branch of composer-default 2020-12-01 10:37:42 -05:00
feat: more work on topic thumbs refactor - addThumb and deleteThumb are now protected routes (duh) - new getThumbs route GET /api/v3/topics/<tid>/thumbs - Updated `assert.path` middleware to better handle if relative paths are received with upload_url - Slight refactor of thumbs lib to use validator to differentiate between tid and UUID 2020-12-03 15:04:23 -05:00			`Topics.getThumbs = async (req, res) => {`
fix: regression caused by 77ab46686db62871f149419a368c35628453884e Access checks were added for topic GET route, but occasionally a post_uuid is passed in, which is available to everyone, and so checks should be skipped 2021-01-17 15:43:21 -05:00			`if (isFinite(req.params.tid)) { // post_uuids can be passed in occasionally, in that case no checks are necessary`
			`const [exists, canRead] = await Promise.all([`
			`topics.exists(req.params.tid),`
			`privileges.topics.can('topics:read', req.params.tid, req.uid),`
			`]);`
			`if (!exists \|\| !canRead) {`
			`return helpers.formatApiResponse(403, res);`
			`}`
fix: access checks for tags and thumbs get route 2021-01-12 17:38:35 -05:00			`}`

feat: more work on topic thumbs refactor - addThumb and deleteThumb are now protected routes (duh) - new getThumbs route GET /api/v3/topics/<tid>/thumbs - Updated `assert.path` middleware to better handle if relative paths are received with upload_url - Slight refactor of thumbs lib to use validator to differentiate between tid and UUID 2020-12-03 15:04:23 -05:00			`helpers.formatApiResponse(200, res, await topics.thumbs.get(req.params.tid));`
			`};`

fix: added back missing topic thumb tests that were removed in last commit 2020-12-04 16:42:39 -05:00			`Topics.addThumb = async (req, res) => {`
feat: server-side work for #9047 - rename Thumbs.commit to Thumbs.migrate - new PUT method that calls Thumbs.migrate - `checkThumbPrivileges` now takes a single object parameter (ins. of req/res) 2020-12-04 09:37:50 -05:00			`await checkThumbPrivileges({ tid: req.params.tid, uid: req.user.uid, res });`
feat: core work for #9042, thumb deletion now accepts uuids + common data validation for thumb addition and deletion 2020-12-03 16:48:57 -05:00			`if (res.headersSent) {`
			`return;`
feat: more work on topic thumbs refactor - addThumb and deleteThumb are now protected routes (duh) - new getThumbs route GET /api/v3/topics/<tid>/thumbs - Updated `assert.path` middleware to better handle if relative paths are received with upload_url - Slight refactor of thumbs lib to use validator to differentiate between tid and UUID 2020-12-03 15:04:23 -05:00			`}`

fix: added back missing topic thumb tests that were removed in last commit 2020-12-04 16:42:39 -05:00			`const files = await uploadsController.uploadThumb(req, res); // response is handled here`
feat: server-side routes for handling multiple topic thumbnails closes #8994, requires 'topic-thumb-refactor' branch of composer-default 2020-12-01 10:37:42 -05:00
			`// Add uploaded files to topic zset`
feat: tests for topic thumbs Also added some error checking to addThumbs controller 2020-12-04 11:47:22 -05:00			`if (files && files.length) {`
			`await Promise.all(files.map(async (fileObj) => {`
fix: #9092, Topic thumbnails do not work with third-party uploaders 2020-12-09 15:47:58 -05:00			`await topics.thumbs.associate({`
			`id: req.params.tid,`
refactor: thumbs.associate accepts both relative path and url in path arg 2021-02-12 17:11:32 -05:00			`path: fileObj.path \|\| fileObj.url,`
fix: #9092, Topic thumbnails do not work with third-party uploaders 2020-12-09 15:47:58 -05:00			`});`
feat: tests for topic thumbs Also added some error checking to addThumbs controller 2020-12-04 11:47:22 -05:00			`}));`
			`}`
feat: server-side routes for handling multiple topic thumbnails closes #8994, requires 'topic-thumb-refactor' branch of composer-default 2020-12-01 10:37:42 -05:00			`};`

feat: server-side work for #9047 - rename Thumbs.commit to Thumbs.migrate - new PUT method that calls Thumbs.migrate - `checkThumbPrivileges` now takes a single object parameter (ins. of req/res) 2020-12-04 09:37:50 -05:00			`Topics.migrateThumbs = async (req, res) => {`
			`await Promise.all([`
			`checkThumbPrivileges({ tid: req.params.tid, uid: req.user.uid, res }),`
			`checkThumbPrivileges({ tid: req.body.tid, uid: req.user.uid, res }),`
			`]);`
			`if (res.headersSent) {`
			`return;`
			`}`

			`await topics.thumbs.migrate(req.params.tid, req.body.tid);`
			`helpers.formatApiResponse(200, res);`
			`};`

feat: server-side routes for handling multiple topic thumbnails closes #8994, requires 'topic-thumb-refactor' branch of composer-default 2020-12-01 10:37:42 -05:00			`Topics.deleteThumb = async (req, res) => {`
fix: #9092, Topic thumbnails do not work with third-party uploaders 2020-12-09 15:47:58 -05:00			`if (!req.body.path.startsWith('http')) {`
chore: eslint prefer-arrow-callback 2021-02-04 00:01:39 -07:00			`await middleware.assert.path(req, res, () => {});`
fix: #9092, Topic thumbnails do not work with third-party uploaders 2020-12-09 15:47:58 -05:00			`if (res.headersSent) {`
			`return;`
			`}`
			`}`

feat: server-side work for #9047 - rename Thumbs.commit to Thumbs.migrate - new PUT method that calls Thumbs.migrate - `checkThumbPrivileges` now takes a single object parameter (ins. of req/res) 2020-12-04 09:37:50 -05:00			`await checkThumbPrivileges({ tid: req.params.tid, uid: req.user.uid, res });`
feat: core work for #9042, thumb deletion now accepts uuids + common data validation for thumb addition and deletion 2020-12-03 16:48:57 -05:00			`if (res.headersSent) {`
			`return;`
feat: more work on topic thumbs refactor - addThumb and deleteThumb are now protected routes (duh) - new getThumbs route GET /api/v3/topics/<tid>/thumbs - Updated `assert.path` middleware to better handle if relative paths are received with upload_url - Slight refactor of thumbs lib to use validator to differentiate between tid and UUID 2020-12-03 15:04:23 -05:00			`}`

fix: #9040 2020-12-03 13:50:30 -05:00			`await topics.thumbs.delete(req.params.tid, req.body.path);`
feat: server-side routes for handling multiple topic thumbnails closes #8994, requires 'topic-thumb-refactor' branch of composer-default 2020-12-01 10:37:42 -05:00			`helpers.formatApiResponse(200, res, await topics.thumbs.get(req.params.tid));`
			`};`
feat: core work for #9042, thumb deletion now accepts uuids + common data validation for thumb addition and deletion 2020-12-03 16:48:57 -05:00
feat: ability to re-order topic thumbnails 2021-02-16 11:54:04 -05:00			`Topics.reorderThumbs = async (req, res) => {`
			`await checkThumbPrivileges({ tid: req.params.tid, uid: req.user.uid, res });`
			`if (res.headersSent) {`
			`return;`
			`}`

			`const exists = await topics.thumbs.exists(req.params.tid, req.body.path);`
			`if (!exists) {`
			`return helpers.formatApiResponse(404, res);`
			`}`

			`await topics.thumbs.associate({`
			`id: req.params.tid,`
			`path: req.body.path,`
			`score: req.body.order,`
			`});`
			`helpers.formatApiResponse(200, res);`
			`};`

feat: server-side work for #9047 - rename Thumbs.commit to Thumbs.migrate - new PUT method that calls Thumbs.migrate - `checkThumbPrivileges` now takes a single object parameter (ins. of req/res) 2020-12-04 09:37:50 -05:00			`async function checkThumbPrivileges({ tid, uid, res }) {`
chore: eslint max-len 2021-02-04 02:07:29 -07:00			`// req.params.tid could be either a tid (pushing a new thumb to an existing topic)`
			`// or a post UUID (a new topic being composed)`
feat: server-side work for #9047 - rename Thumbs.commit to Thumbs.migrate - new PUT method that calls Thumbs.migrate - `checkThumbPrivileges` now takes a single object parameter (ins. of req/res) 2020-12-04 09:37:50 -05:00			`const isUUID = validator.isUUID(tid);`
feat: core work for #9042, thumb deletion now accepts uuids + common data validation for thumb addition and deletion 2020-12-03 16:48:57 -05:00
			`// Sanity-check the tid if it's strictly not a uuid`
feat: server-side work for #9047 - rename Thumbs.commit to Thumbs.migrate - new PUT method that calls Thumbs.migrate - `checkThumbPrivileges` now takes a single object parameter (ins. of req/res) 2020-12-04 09:37:50 -05:00			`if (!isUUID && (isNaN(parseInt(tid, 10)) \|\| !await topics.exists(tid))) {`
feat: core work for #9042, thumb deletion now accepts uuids + common data validation for thumb addition and deletion 2020-12-03 16:48:57 -05:00			`return helpers.formatApiResponse(404, res, new Error('[[error:no-topic]]'));`
			`}`

			`// While drafts are not protected, tids are`
feat: server-side work for #9047 - rename Thumbs.commit to Thumbs.migrate - new PUT method that calls Thumbs.migrate - `checkThumbPrivileges` now takes a single object parameter (ins. of req/res) 2020-12-04 09:37:50 -05:00			`if (!isUUID && !await privileges.topics.canEdit(tid, uid)) {`
feat: core work for #9042, thumb deletion now accepts uuids + common data validation for thumb addition and deletion 2020-12-03 16:48:57 -05:00			`return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));`
			`}`
			`}`
feat(topic-events): topic events GET route in write API 2021-01-13 10:09:17 -05:00
			`Topics.getEvents = async (req, res) => {`
			`if (!await privileges.topics.can('topics:read', req.params.tid, req.uid)) {`
			`return helpers.formatApiResponse(403, res);`
			`}`

			`helpers.formatApiResponse(200, res, await topics.events.get(req.params.tid));`
			`};`