NodeBB/src/privileges/posts.js


'use strict';

var async = require('async'),
	winston = require('winston'),

	meta = require('../meta'),
	posts = require('../posts'),
	topics = require('../topics'),
	user = require('../user'),
	helpers = require('./helpers'),
	groups = require('../groups'),
	categories = require('../categories'),
	plugins = require('../plugins');

module.exports = function(privileges) {

	privileges.posts = {};

	privileges.posts.get = function(pids, uid, callback) {
		if (!Array.isArray(pids) || !pids.length) {
			return callback(null, []);
		}

		async.parallel({
			isAdmin: function(next){
				user.isAdministrator(uid, next);
			},
			isModerator: function(next) {
				posts.isModerator(pids, uid, next);
			},
			isOwner: function(next) {
				posts.isOwner(pids, uid, next);
			}
		}, function(err, results) {
			if (err) {
				return callback(err);
			}

			var privileges = [];

			for (var i=0; i<pids.length; ++i) {
				var editable = results.isAdmin || results.isModerator[i] || results.isOwner[i];
				privileges.push({
					editable: editable,
					view_deleted: editable,
					move: results.isAdmin || results.isModerator[i]
				});
			}

			callback(null, privileges);
		});
	};

	privileges.posts.can = function(privilege, pid, uid, callback) {
		posts.getCidByPid(pid, function(err, cid) {
			if (err) {
				return callback(err);
			}

			privileges.categories.can(privilege, cid, uid, callback);
		});
	};

	privileges.posts.filter = function(privilege, pids, uid, callback) {
		if (!Array.isArray(pids) || !pids.length) {
			return callback(null, []);
		}
		posts.getCidsByPids(pids, function(err, cids) {
			if (err) {
				return callback(err);
			}

			pids = pids.map(function(pid, index) {
				return {pid: pid, cid: cids[index]};
			});

			privileges.categories.filterCids(privilege, cids, uid, function(err, cids) {
				if (err) {
					return callback(err);
				}

				pids = pids.filter(function(post) {
					return cids.indexOf(post.cid) !== -1;
				}).map(function(post) {
					return post.pid;
				});

				plugins.fireHook('filter:privileges.posts.filter', {
					privilege: privilege,
					uid: uid,
					pids: pids
				},  function(err, data) {
					callback(err, data ? data.pids : null);
				});
			});
		});
	};

	privileges.posts.canEdit = function(pid, uid, callback) {
		async.parallel({
			isEditable: async.apply(isPostEditable, pid, uid),
			isAdminOrMod: async.apply(isAdminOrMod, pid, uid)
		}, function(err, results) {
			if (err) {
				return callback(err);
			}
			if (results.isAdminOrMod) {
				return callback(null, true);
			}
			if (results.isEditable.isLocked) {
				return callback(new Error('[[error:topic-locked]]'));
			}
			if (results.isEditable.isEditExpired) {
				return callback(new Error('[[error:post-edit-duration-expired, ' + meta.config.postEditDuration + ']]'));
			}
			callback(null, results.isEditable.editable);
		});
	};

	privileges.posts.canMove = function(pid, uid, callback) {
		posts.isMain(pid, function(err, isMain) {
			if (err || isMain) {
				return callback(err || new Error('[[error:cant-move-mainpost]]'));
			}
			isAdminOrMod(pid, uid, callback);
		});
	};

	privileges.posts.canPurge = function(pid, uid, callback) {
		async.waterfall([
			function (next) {
				posts.getCidByPid(pid, next);
			},
			function (cid, next) {
				async.parallel({
					purge: async.apply(privileges.categories.isUserAllowedTo, 'purge', cid, uid),
					owner: async.apply(posts.isOwner, pid, uid),
					isAdminOrMod: async.apply(privileges.categories.isAdminOrMod, cid, uid)
				}, next);
			},
			function (results, next) {
				next(null, results.isAdminOrMod || (results.purge && results.owner));
			}
		], callback);
	};

	function isPostEditable(pid, uid, callback) {
		async.waterfall([
			function(next) {
				posts.getPostFields(pid, ['tid', 'timestamp'], next);
			},
			function(postData, next) {
				var postEditDuration = parseInt(meta.config.postEditDuration, 10);
				if (postEditDuration && Date.now() - parseInt(postData.timestamp, 10) > postEditDuration * 1000) {
					return callback(null, {isEditExpired: true});
				}
				topics.isLocked(postData.tid, next);
			},
			function(isLocked, next) {
				if (isLocked) {
					return callback(null, {isLocked: true});
				}

				posts.isOwner(pid, uid, next);
			},
			function(isOwner, next) {
				next(null, {editable: isOwner});
			}
		], callback);
	}

	function isPostTopicLocked(pid, callback) {
		posts.getPostField(pid, 'tid', function(err, tid) {
			if (err) {
				return callback(err);
			}
			topics.isLocked(tid, callback);
		});
	}

	function isAdminOrMod(pid, uid, callback) {
		helpers.some([
			function(next) {
				posts.getCidByPid(pid, function(err, cid) {
					if (err || !cid) {
						return next(err, false);
					}

					user.isModerator(uid, cid, next);
				});
			},
			function(next) {
				user.isAdministrator(uid, next);
			}
		], callback);
	}
};
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00
			`'use strict';`

			`var async = require('async'),`
check privs pids 2014-09-06 02:39:54 -04:00			`winston = require('winston'),`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00
closes #2247 2015-02-25 15:37:33 -05:00			`meta = require('../meta'),`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00			`posts = require('../posts'),`
closes #1735 2014-06-24 13:27:37 -04:00			`topics = require('../topics'),`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00			`user = require('../user'),`
			`helpers = require('./helpers'),`
			`groups = require('../groups'),`
added four new hooks: filter:categories.recent, filter:privileges.categories.get, filter:privileges.posts.filter, filter:privileges.topics.filter 2014-11-14 17:31:39 -05:00			`categories = require('../categories'),`
			`plugins = require('../plugins');`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00
			`module.exports = function(privileges) {`

			`privileges.posts = {};`

privileges.posts.get takes an array of pids now 2014-06-28 14:59:01 -04:00			`privileges.posts.get = function(pids, uid, callback) {`
crash fix 2014-10-02 19:03:03 -04:00			`if (!Array.isArray(pids) \|\| !pids.length) {`
			`return callback(null, []);`
			`}`
closes #2904 2015-03-30 13:31:08 -04:00
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00			`async.parallel({`
closes #2904 2015-03-30 13:31:08 -04:00			`isAdmin: function(next){`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00			`user.isAdministrator(uid, next);`
			`},`
closes #2904 2015-03-30 13:31:08 -04:00			`isModerator: function(next) {`
			`posts.isModerator(pids, uid, next);`
			`},`
			`isOwner: function(next) {`
			`posts.isOwner(pids, uid, next);`
			`}`
			`}, function(err, results) {`
			`if (err) {`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00			`return callback(err);`
			`}`

closes #2904 2015-03-30 13:31:08 -04:00			`var privileges = [];`
privileges.posts.get takes an array of pids now 2014-06-28 14:59:01 -04:00
closes #2904 2015-03-30 13:31:08 -04:00			`for (var i=0; i<pids.length; ++i) {`
			`var editable = results.isAdmin \|\| results.isModerator[i] \|\| results.isOwner[i];`
			`privileges.push({`
			`editable: editable,`
			`view_deleted: editable,`
			`move: results.isAdmin \|\| results.isModerator[i]`
			`});`
			`}`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00
closes #2904 2015-03-30 13:31:08 -04:00			`callback(null, privileges);`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00			`});`
			`};`

privilege cleanup 2014-05-17 18:59:34 -04:00			`privileges.posts.can = function(privilege, pid, uid, callback) {`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00			`posts.getCidByPid(pid, function(err, cid) {`
			`if (err) {`
			`return callback(err);`
			`}`

privilege cleanup 2014-05-17 18:59:34 -04:00			`privileges.categories.can(privilege, cid, uid, callback);`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00			`});`
			`};`

optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 2014-07-29 21:51:46 -04:00			`privileges.posts.filter = function(privilege, pids, uid, callback) {`
posts/recent.js refactor 2014-11-09 01:30:27 -05:00			`if (!Array.isArray(pids) \|\| !pids.length) {`
early outs for privs no need to check if empty array is passed in, happens if there are no unread topics remove dupe cids before checking for privileges 2014-07-31 17:29:20 -04:00			`return callback(null, []);`
			`}`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 2014-07-29 21:51:46 -04:00			`posts.getCidsByPids(pids, function(err, cids) {`
			`if (err) {`
			`return callback(err);`
			`}`

			`pids = pids.map(function(pid, index) {`
			`return {pid: pid, cid: cids[index]};`
			`});`

added filterUids method to privileges used to filter uids on a single category 2014-09-09 15:19:57 -04:00			`privileges.categories.filterCids(privilege, cids, uid, function(err, cids) {`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 2014-07-29 21:51:46 -04:00			`if (err) {`
			`return callback(err);`
			`}`

			`pids = pids.filter(function(post) {`
			`return cids.indexOf(post.cid) !== -1;`
			`}).map(function(post) {`
			`return post.pid;`
			`});`
added four new hooks: filter:categories.recent, filter:privileges.categories.get, filter:privileges.posts.filter, filter:privileges.topics.filter 2014-11-14 17:31:39 -05:00
			`plugins.fireHook('filter:privileges.posts.filter', {`
			`privilege: privilege,`
			`uid: uid,`
			`pids: pids`
properly handling error for hook filter:privileges.posts.filter 2014-11-14 17:53:20 -05:00			`}, function(err, data) {`
			`callback(err, data ? data.pids : null);`
added four new hooks: filter:categories.recent, filter:privileges.categories.get, filter:privileges.posts.filter, filter:privileges.topics.filter 2014-11-14 17:31:39 -05:00			`});`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 2014-07-29 21:51:46 -04:00			`});`
			`});`
			`};`

first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00			`privileges.posts.canEdit = function(pid, uid, callback) {`
closes #2247 2015-02-25 15:37:33 -05:00			`async.parallel({`
			`isEditable: async.apply(isPostEditable, pid, uid),`
			`isAdminOrMod: async.apply(isAdminOrMod, pid, uid)`
			`}, function(err, results) {`
			`if (err) {`
			`return callback(err);`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00			`}`
closes #2247 2015-02-25 15:37:33 -05:00			`if (results.isAdminOrMod) {`
			`return callback(null, true);`
			`}`
			`if (results.isEditable.isLocked) {`
closes #2970, closes #3078 2015-04-21 16:26:24 -04:00			`return callback(new Error('[[error:topic-locked]]'));`
closes #2247 2015-02-25 15:37:33 -05:00			`}`
			`if (results.isEditable.isEditExpired) {`
			`return callback(new Error('[[error:post-edit-duration-expired, ' + meta.config.postEditDuration + ']]'));`
			`}`
			`callback(null, results.isEditable.editable);`
closes #2904 2015-03-30 13:31:08 -04:00			`});`
more work on #1518 still needs more work, category is next 2014-05-15 10:38:02 -04:00			`};`

			`privileges.posts.canMove = function(pid, uid, callback) {`
closes #1725 removed move button from main post, disable moving main post, fixed moving posts. 2014-06-23 18:06:59 -04:00			`posts.isMain(pid, function(err, isMain) {`
			`if (err \|\| isMain) {`
			`return callback(err \|\| new Error('[[error:cant-move-mainpost]]'));`
			`}`
			`isAdminOrMod(pid, uid, callback);`
			`});`
closes #1731 2014-06-23 17:26:02 -04:00			`};`

closes #2330 2015-09-16 08:35:40 -04:00			`privileges.posts.canPurge = function(pid, uid, callback) {`
			`async.waterfall([`
			`function (next) {`
			`posts.getCidByPid(pid, next);`
			`},`
			`function (cid, next) {`
			`async.parallel({`
			`purge: async.apply(privileges.categories.isUserAllowedTo, 'purge', cid, uid),`
			`owner: async.apply(posts.isOwner, pid, uid),`
			`isAdminOrMod: async.apply(privileges.categories.isAdminOrMod, cid, uid)`
			`}, next);`
			`},`
			`function (results, next) {`
			`next(null, results.isAdminOrMod \|\| (results.purge && results.owner));`
			`}`
			`], callback);`
			`};`

closes #2247 2015-02-25 15:37:33 -05:00			`function isPostEditable(pid, uid, callback) {`
			`async.waterfall([`
			`function(next) {`
			`posts.getPostFields(pid, ['tid', 'timestamp'], next);`
			`},`
			`function(postData, next) {`
			`var postEditDuration = parseInt(meta.config.postEditDuration, 10);`
			`if (postEditDuration && Date.now() - parseInt(postData.timestamp, 10) > postEditDuration * 1000) {`
			`return callback(null, {isEditExpired: true});`
			`}`
			`topics.isLocked(postData.tid, next);`
			`},`
			`function(isLocked, next) {`
			`if (isLocked) {`
			`return callback(null, {isLocked: true});`
			`}`
closes #2904 2015-03-30 13:31:08 -04:00
			`posts.isOwner(pid, uid, next);`
			`},`
			`function(isOwner, next) {`
			`next(null, {editable: isOwner});`
closes #2247 2015-02-25 15:37:33 -05:00			`}`
			`], callback);`
			`}`

closes #1735 2014-06-24 13:27:37 -04:00			`function isPostTopicLocked(pid, callback) {`
			`posts.getPostField(pid, 'tid', function(err, tid) {`
			`if (err) {`
			`return callback(err);`
			`}`
			`topics.isLocked(tid, callback);`
			`});`
			`}`

closes #1731 2014-06-23 17:26:02 -04:00			`function isAdminOrMod(pid, uid, callback) {`
more work on #1518 still needs more work, category is next 2014-05-15 10:38:02 -04:00			`helpers.some([`
			`function(next) {`
			`posts.getCidByPid(pid, function(err, cid) {`
api/post/pid route 2015-02-24 13:02:58 -05:00			`if (err \|\| !cid) {`
			`return next(err, false);`
more work on #1518 still needs more work, category is next 2014-05-15 10:38:02 -04:00			`}`
closes #2904 2015-03-30 13:31:08 -04:00
more work on #1518 still needs more work, category is next 2014-05-15 10:38:02 -04:00			`user.isModerator(uid, cid, next);`
			`});`
			`},`
			`function(next) {`
			`user.isAdministrator(uid, next);`
			`}`
			`], callback);`
closes #1731 2014-06-23 17:26:02 -04:00			`}`
first pass for #1518 this only handles postTools privileges, topic and category will follow 2014-05-14 17:53:23 -04:00			`};`