2014-05-14 17:53:23 -04:00
|
|
|
|
|
|
|
|
'use strict';
|
|
|
|
|
|
2016-01-20 18:00:55 +02:00
|
|
|
var async = require('async');
|
|
|
|
|
|
2016-08-27 12:58:08 +03:00
|
|
|
var meta = require('../meta');
|
|
|
|
|
var posts = require('../posts');
|
|
|
|
|
var topics = require('../topics');
|
|
|
|
|
var user = require('../user');
|
2016-01-20 18:00:55 +02:00
|
|
|
var helpers = require('./helpers');
|
2016-08-27 12:58:08 +03:00
|
|
|
var plugins = require('../plugins');
|
2014-05-14 17:53:23 -04:00
|
|
|
|
2016-10-13 11:43:39 +02:00
|
|
|
module.exports = function (privileges) {
|
2014-05-14 17:53:23 -04:00
|
|
|
|
|
|
|
|
privileges.posts = {};
|
|
|
|
|
|
2016-10-13 11:43:39 +02:00
|
|
|
privileges.posts.get = function (pids, uid, callback) {
|
2014-10-02 19:03:03 -04:00
|
|
|
if (!Array.isArray(pids) || !pids.length) {
|
|
|
|
|
return callback(null, []);
|
|
|
|
|
}
|
2016-08-27 12:58:08 +03:00
|
|
|
|
2016-07-01 13:01:09 +03:00
|
|
|
async.waterfall([
|
2016-10-13 11:43:39 +02:00
|
|
|
function (next) {
|
2016-07-01 13:01:09 +03:00
|
|
|
posts.getCidsByPids(pids, next);
|
2015-03-30 13:31:08 -04:00
|
|
|
},
|
2016-10-13 11:43:39 +02:00
|
|
|
function (cids, next) {
|
2016-07-01 13:01:09 +03:00
|
|
|
async.parallel({
|
|
|
|
|
isAdmin: async.apply(user.isAdministrator, uid),
|
2016-11-02 13:21:51 +03:00
|
|
|
isModerator: async.apply(user.isModerator, uid, cids),
|
2016-07-01 13:01:09 +03:00
|
|
|
isOwner: async.apply(posts.isOwner, pids, uid),
|
|
|
|
|
'topics:read': async.apply(helpers.isUserAllowedTo, 'topics:read', uid, cids),
|
|
|
|
|
read: async.apply(helpers.isUserAllowedTo, 'read', uid, cids),
|
2016-08-09 09:50:49 -05:00
|
|
|
'posts:edit': async.apply(helpers.isUserAllowedTo, 'posts:edit', uid, cids),
|
2016-07-01 13:01:09 +03:00
|
|
|
}, next);
|
2017-02-17 19:31:21 -07:00
|
|
|
},
|
2016-10-13 11:43:39 +02:00
|
|
|
], function (err, results) {
|
2015-03-30 13:31:08 -04:00
|
|
|
if (err) {
|
2014-05-14 17:53:23 -04:00
|
|
|
return callback(err);
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-30 13:31:08 -04:00
|
|
|
var privileges = [];
|
2014-06-28 14:59:01 -04:00
|
|
|
|
2017-02-18 01:12:18 -07:00
|
|
|
for (var i = 0; i < pids.length; i += 1) {
|
2016-07-01 13:01:09 +03:00
|
|
|
var isAdminOrMod = results.isAdmin || results.isModerator[i];
|
2016-08-09 09:50:49 -05:00
|
|
|
var editable = isAdminOrMod || (results.isOwner[i] && results['posts:edit'][i]);
|
2016-07-01 13:01:09 +03:00
|
|
|
|
2015-03-30 13:31:08 -04:00
|
|
|
privileges.push({
|
|
|
|
|
editable: editable,
|
|
|
|
|
view_deleted: editable,
|
2016-07-01 13:01:09 +03:00
|
|
|
move: isAdminOrMod,
|
|
|
|
|
isAdminOrMod: isAdminOrMod,
|
|
|
|
|
'topics:read': results['topics:read'][i] || isAdminOrMod,
|
2017-02-17 19:31:21 -07:00
|
|
|
read: results.read[i] || isAdminOrMod,
|
2015-03-30 13:31:08 -04:00
|
|
|
});
|
|
|
|
|
}
|
2014-05-14 17:53:23 -04:00
|
|
|
|
2015-03-30 13:31:08 -04:00
|
|
|
callback(null, privileges);
|
2014-05-14 17:53:23 -04:00
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
2016-10-13 11:43:39 +02:00
|
|
|
privileges.posts.can = function (privilege, pid, uid, callback) {
|
|
|
|
|
posts.getCidByPid(pid, function (err, cid) {
|
2014-05-14 17:53:23 -04:00
|
|
|
if (err) {
|
|
|
|
|
return callback(err);
|
|
|
|
|
}
|
|
|
|
|
|
2014-05-17 18:59:34 -04:00
|
|
|
privileges.categories.can(privilege, cid, uid, callback);
|
2014-05-14 17:53:23 -04:00
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
2016-10-13 11:43:39 +02:00
|
|
|
privileges.posts.filter = function (privilege, pids, uid, callback) {
|
2014-11-09 01:30:27 -05:00
|
|
|
if (!Array.isArray(pids) || !pids.length) {
|
2014-07-31 17:29:20 -04:00
|
|
|
return callback(null, []);
|
|
|
|
|
}
|
2016-04-29 20:35:49 +03:00
|
|
|
var cids;
|
|
|
|
|
var postData;
|
|
|
|
|
var tids;
|
|
|
|
|
var tidToTopic = {};
|
|
|
|
|
|
|
|
|
|
async.waterfall([
|
|
|
|
|
function (next) {
|
|
|
|
|
posts.getPostsFields(pids, ['uid', 'tid', 'deleted'], next);
|
|
|
|
|
},
|
|
|
|
|
function (_posts, next) {
|
|
|
|
|
postData = _posts;
|
2016-10-13 11:43:39 +02:00
|
|
|
tids = _posts.map(function (post) {
|
2016-04-29 20:35:49 +03:00
|
|
|
return post && post.tid;
|
2016-10-13 11:43:39 +02:00
|
|
|
}).filter(function (tid, index, array) {
|
2016-04-29 20:35:49 +03:00
|
|
|
return tid && array.indexOf(tid) === index;
|
|
|
|
|
});
|
|
|
|
|
topics.getTopicsFields(tids, ['deleted', 'cid'], next);
|
|
|
|
|
},
|
|
|
|
|
function (topicData, next) {
|
2014-07-29 21:51:46 -04:00
|
|
|
|
2016-10-13 11:43:39 +02:00
|
|
|
topicData.forEach(function (topic, index) {
|
2016-04-29 20:35:49 +03:00
|
|
|
if (topic) {
|
|
|
|
|
tidToTopic[tids[index]] = topic;
|
|
|
|
|
}
|
|
|
|
|
});
|
2014-07-29 21:51:46 -04:00
|
|
|
|
2016-10-13 11:43:39 +02:00
|
|
|
cids = postData.map(function (post, index) {
|
2016-04-29 20:35:49 +03:00
|
|
|
if (post) {
|
|
|
|
|
post.pid = pids[index];
|
|
|
|
|
post.topic = tidToTopic[post.tid];
|
|
|
|
|
}
|
|
|
|
|
return tidToTopic[post.tid] && tidToTopic[post.tid].cid;
|
2016-10-13 11:43:39 +02:00
|
|
|
}).filter(function (cid, index, array) {
|
2016-04-29 20:35:49 +03:00
|
|
|
return cid && array.indexOf(cid) === index;
|
|
|
|
|
});
|
2014-07-29 21:51:46 -04:00
|
|
|
|
2016-04-29 20:35:49 +03:00
|
|
|
privileges.categories.getBase(privilege, cids, uid, next);
|
|
|
|
|
},
|
|
|
|
|
function (results, next) {
|
|
|
|
|
|
|
|
|
|
var isModOf = {};
|
2016-10-13 11:43:39 +02:00
|
|
|
cids = cids.filter(function (cid, index) {
|
2016-04-29 20:35:49 +03:00
|
|
|
isModOf[cid] = results.isModerators[index];
|
|
|
|
|
return !results.categories[index].disabled &&
|
|
|
|
|
(results.allowedTo[index] || results.isAdmin || results.isModerators[index]);
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
|
2016-10-13 11:43:39 +02:00
|
|
|
pids = postData.filter(function (post) {
|
2016-04-29 22:33:03 +03:00
|
|
|
return post.topic && cids.indexOf(post.topic.cid) !== -1 &&
|
2016-04-29 20:35:49 +03:00
|
|
|
((parseInt(post.topic.deleted, 10) !== 1 && parseInt(post.deleted, 10) !== 1) || results.isAdmin || isModOf[post.cid]);
|
2016-10-13 11:43:39 +02:00
|
|
|
}).map(function (post) {
|
2014-07-29 21:51:46 -04:00
|
|
|
return post.pid;
|
|
|
|
|
});
|
2014-11-14 17:31:39 -05:00
|
|
|
|
|
|
|
|
plugins.fireHook('filter:privileges.posts.filter', {
|
|
|
|
|
privilege: privilege,
|
|
|
|
|
uid: uid,
|
2017-02-17 19:31:21 -07:00
|
|
|
pids: pids,
|
2016-10-13 11:43:39 +02:00
|
|
|
}, function (err, data) {
|
2016-04-29 20:35:49 +03:00
|
|
|
next(err, data ? data.pids : null);
|
2014-11-14 17:31:39 -05:00
|
|
|
});
|
2017-02-17 19:31:21 -07:00
|
|
|
},
|
2016-04-29 20:35:49 +03:00
|
|
|
], callback);
|
2014-07-29 21:51:46 -04:00
|
|
|
};
|
|
|
|
|
|
2016-10-13 11:43:39 +02:00
|
|
|
privileges.posts.canEdit = function (pid, uid, callback) {
|
2015-02-25 15:37:33 -05:00
|
|
|
async.parallel({
|
|
|
|
|
isEditable: async.apply(isPostEditable, pid, uid),
|
2017-02-17 19:31:21 -07:00
|
|
|
isAdminOrMod: async.apply(isAdminOrMod, pid, uid),
|
2016-10-13 11:43:39 +02:00
|
|
|
}, function (err, results) {
|
2015-02-25 15:37:33 -05:00
|
|
|
if (err) {
|
|
|
|
|
return callback(err);
|
2014-05-14 17:53:23 -04:00
|
|
|
}
|
2015-02-25 15:37:33 -05:00
|
|
|
if (results.isAdminOrMod) {
|
2016-08-10 23:55:49 +03:00
|
|
|
return callback(null, {flag: true});
|
2015-02-25 15:37:33 -05:00
|
|
|
}
|
2016-08-10 23:55:49 +03:00
|
|
|
|
|
|
|
|
callback(null, results.isEditable);
|
2015-03-30 13:31:08 -04:00
|
|
|
});
|
2014-05-15 10:38:02 -04:00
|
|
|
};
|
|
|
|
|
|
2016-10-13 11:43:39 +02:00
|
|
|
privileges.posts.canDelete = function (pid, uid, callback) {
|
2016-06-28 12:34:09 +03:00
|
|
|
var postData;
|
|
|
|
|
async.waterfall([
|
2016-10-13 11:43:39 +02:00
|
|
|
function (next) {
|
2016-10-31 22:39:58 +03:00
|
|
|
posts.getPostFields(pid, ['uid', 'tid', 'timestamp', 'deleterUid'], next);
|
2016-06-28 12:34:09 +03:00
|
|
|
},
|
2016-10-13 11:43:39 +02:00
|
|
|
function (_postData, next) {
|
2016-06-28 12:34:09 +03:00
|
|
|
postData = _postData;
|
|
|
|
|
async.parallel({
|
|
|
|
|
isAdminOrMod: async.apply(isAdminOrMod, pid, uid),
|
|
|
|
|
isLocked: async.apply(topics.isLocked, postData.tid),
|
2016-08-06 20:28:55 -05:00
|
|
|
isOwner: async.apply(posts.isOwner, pid, uid),
|
2017-02-17 19:31:21 -07:00
|
|
|
'posts:delete': async.apply(privileges.posts.can, 'posts:delete', pid, uid),
|
2016-06-28 12:34:09 +03:00
|
|
|
}, next);
|
2017-02-17 19:31:21 -07:00
|
|
|
},
|
2016-10-13 11:43:39 +02:00
|
|
|
], function (err, results) {
|
2016-06-28 12:34:09 +03:00
|
|
|
if (err) {
|
|
|
|
|
return callback(err);
|
|
|
|
|
}
|
2016-08-10 23:55:49 +03:00
|
|
|
|
2016-06-28 12:34:09 +03:00
|
|
|
if (results.isAdminOrMod) {
|
2016-08-10 23:55:49 +03:00
|
|
|
return callback(null, {flag: true});
|
2016-06-28 12:34:09 +03:00
|
|
|
}
|
2016-08-10 23:55:49 +03:00
|
|
|
|
2016-06-28 12:34:09 +03:00
|
|
|
if (results.isLocked) {
|
2016-08-10 23:55:49 +03:00
|
|
|
return callback(null, {flag: false, message: '[[error:topic-locked]]'});
|
2016-06-28 12:34:09 +03:00
|
|
|
}
|
2016-08-10 23:55:49 +03:00
|
|
|
|
2016-08-09 09:50:49 -05:00
|
|
|
if (!results['posts:delete']) {
|
2016-08-10 23:55:49 +03:00
|
|
|
return callback(null, {flag: false, message: '[[error:no-privileges]]'});
|
2016-08-06 20:28:55 -05:00
|
|
|
}
|
2016-08-10 23:55:49 +03:00
|
|
|
|
2016-06-28 12:34:09 +03:00
|
|
|
var postDeleteDuration = parseInt(meta.config.postDeleteDuration, 10);
|
|
|
|
|
if (postDeleteDuration && (Date.now() - parseInt(postData.timestamp, 10) > postDeleteDuration * 1000)) {
|
2016-08-10 23:55:49 +03:00
|
|
|
return callback(null, {flag: false, message: '[[error:post-delete-duration-expired, ' + meta.config.postDeleteDuration + ']]'});
|
2016-06-28 12:34:09 +03:00
|
|
|
}
|
2016-10-31 22:39:58 +03:00
|
|
|
var deleterUid = parseInt(postData.deleterUid, 10) || 0;
|
|
|
|
|
var flag = results.isOwner && (deleterUid === 0 || deleterUid === parseInt(postData.uid, 10));
|
|
|
|
|
callback(null, {flag: flag, message: '[[error:no-privileges]]'});
|
2016-06-28 12:34:09 +03:00
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
2016-10-13 11:43:39 +02:00
|
|
|
privileges.posts.canMove = function (pid, uid, callback) {
|
|
|
|
|
posts.isMain(pid, function (err, isMain) {
|
2014-06-23 18:06:59 -04:00
|
|
|
if (err || isMain) {
|
|
|
|
|
return callback(err || new Error('[[error:cant-move-mainpost]]'));
|
|
|
|
|
}
|
|
|
|
|
isAdminOrMod(pid, uid, callback);
|
|
|
|
|
});
|
2014-06-23 17:26:02 -04:00
|
|
|
};
|
|
|
|
|
|
2016-10-13 11:43:39 +02:00
|
|
|
privileges.posts.canPurge = function (pid, uid, callback) {
|
2015-09-16 08:35:40 -04:00
|
|
|
async.waterfall([
|
|
|
|
|
function (next) {
|
|
|
|
|
posts.getCidByPid(pid, next);
|
|
|
|
|
},
|
|
|
|
|
function (cid, next) {
|
|
|
|
|
async.parallel({
|
|
|
|
|
purge: async.apply(privileges.categories.isUserAllowedTo, 'purge', cid, uid),
|
|
|
|
|
owner: async.apply(posts.isOwner, pid, uid),
|
2017-02-17 19:31:21 -07:00
|
|
|
isAdminOrMod: async.apply(privileges.categories.isAdminOrMod, cid, uid),
|
2015-09-16 08:35:40 -04:00
|
|
|
}, next);
|
|
|
|
|
},
|
|
|
|
|
function (results, next) {
|
|
|
|
|
next(null, results.isAdminOrMod || (results.purge && results.owner));
|
2017-02-17 19:31:21 -07:00
|
|
|
},
|
2015-09-16 08:35:40 -04:00
|
|
|
], callback);
|
|
|
|
|
};
|
|
|
|
|
|
2015-02-25 15:37:33 -05:00
|
|
|
function isPostEditable(pid, uid, callback) {
|
2016-08-10 23:55:49 +03:00
|
|
|
var tid;
|
2015-02-25 15:37:33 -05:00
|
|
|
async.waterfall([
|
2016-10-13 11:43:39 +02:00
|
|
|
function (next) {
|
2015-02-25 15:37:33 -05:00
|
|
|
posts.getPostFields(pid, ['tid', 'timestamp'], next);
|
|
|
|
|
},
|
2016-10-13 11:43:39 +02:00
|
|
|
function (postData, next) {
|
2016-08-10 23:55:49 +03:00
|
|
|
tid = postData.tid;
|
2015-02-25 15:37:33 -05:00
|
|
|
var postEditDuration = parseInt(meta.config.postEditDuration, 10);
|
|
|
|
|
if (postEditDuration && Date.now() - parseInt(postData.timestamp, 10) > postEditDuration * 1000) {
|
2016-08-10 23:55:49 +03:00
|
|
|
return callback(null, {flag: false, message: '[[error:post-edit-duration-expired, ' + meta.config.postEditDuration + ']]'});
|
2015-02-25 15:37:33 -05:00
|
|
|
}
|
|
|
|
|
topics.isLocked(postData.tid, next);
|
|
|
|
|
},
|
2016-10-13 11:43:39 +02:00
|
|
|
function (isLocked, next) {
|
2015-02-25 15:37:33 -05:00
|
|
|
if (isLocked) {
|
2016-08-10 23:55:49 +03:00
|
|
|
return callback(null, {flag: false, message: '[[error:topic-locked]]'});
|
2015-02-25 15:37:33 -05:00
|
|
|
}
|
2015-03-30 13:31:08 -04:00
|
|
|
|
2016-08-06 20:28:55 -05:00
|
|
|
async.parallel({
|
|
|
|
|
owner: async.apply(posts.isOwner, pid, uid),
|
2017-02-17 19:31:21 -07:00
|
|
|
edit: async.apply(privileges.posts.can, 'posts:edit', pid, uid),
|
2016-08-06 20:28:55 -05:00
|
|
|
}, next);
|
2015-03-30 13:31:08 -04:00
|
|
|
},
|
2016-10-13 11:43:39 +02:00
|
|
|
function (result, next) {
|
2016-08-10 23:55:49 +03:00
|
|
|
next(null, {flag: result.owner && result.edit, message: '[[error:no-privileges]]'});
|
2017-02-17 19:31:21 -07:00
|
|
|
},
|
2015-02-25 15:37:33 -05:00
|
|
|
], callback);
|
|
|
|
|
}
|
|
|
|
|
|
2014-06-23 17:26:02 -04:00
|
|
|
function isAdminOrMod(pid, uid, callback) {
|
2014-05-15 10:38:02 -04:00
|
|
|
helpers.some([
|
2016-10-13 11:43:39 +02:00
|
|
|
function (next) {
|
|
|
|
|
posts.getCidByPid(pid, function (err, cid) {
|
2015-02-24 13:02:58 -05:00
|
|
|
if (err || !cid) {
|
|
|
|
|
return next(err, false);
|
2014-05-15 10:38:02 -04:00
|
|
|
}
|
2015-03-30 13:31:08 -04:00
|
|
|
|
2014-05-15 10:38:02 -04:00
|
|
|
user.isModerator(uid, cid, next);
|
|
|
|
|
});
|
|
|
|
|
},
|
2016-10-13 11:43:39 +02:00
|
|
|
function (next) {
|
2014-05-15 10:38:02 -04:00
|
|
|
user.isAdministrator(uid, next);
|
2017-02-17 19:31:21 -07:00
|
|
|
},
|
2014-05-15 10:38:02 -04:00
|
|
|
], callback);
|
2014-06-23 17:26:02 -04:00
|
|
|
}
|
2016-08-27 12:58:08 +03:00
|
|
|
};
|
