src/privileges/categories.js


'use strict';

const _ = require('lodash');

const categories = require('../categories');
const user = require('../user');
const groups = require('../groups');
const helpers = require('./helpers');
const plugins = require('../plugins');
const utils = require('../utils');

const privsCategories = module.exports;

privsCategories.privilegeLabels = [
	{ name: '[[admin/manage/privileges:find-category]]' },
	{ name: '[[admin/manage/privileges:access-category]]' },
	{ name: '[[admin/manage/privileges:access-topics]]' },
	{ name: '[[admin/manage/privileges:create-topics]]' },
	{ name: '[[admin/manage/privileges:reply-to-topics]]' },
	{ name: '[[admin/manage/privileges:tag-topics]]' },
	{ name: '[[admin/manage/privileges:edit-posts]]' },
	{ name: '[[admin/manage/privileges:view-edit-history]]' },
	{ name: '[[admin/manage/privileges:delete-posts]]' },
	{ name: '[[admin/manage/privileges:upvote-posts]]' },
	{ name: '[[admin/manage/privileges:downvote-posts]]' },
	{ name: '[[admin/manage/privileges:delete-topics]]' },
	{ name: '[[admin/manage/privileges:view_deleted]]' },
	{ name: '[[admin/manage/privileges:purge]]' },
	{ name: '[[admin/manage/privileges:moderate]]' },
];

privsCategories.userPrivilegeList = [
	'find',
	'read',
	'topics:read',
	'topics:create',
	'topics:reply',
	'topics:tag',
	'posts:edit',
	'posts:history',
	'posts:delete',
	'posts:upvote',
	'posts:downvote',
	'topics:delete',
	'posts:view_deleted',
	'purge',
	'moderate',
];

privsCategories.groupPrivilegeList = privsCategories.userPrivilegeList.map(privilege => `groups:${privilege}`);

privsCategories.privilegeList = privsCategories.userPrivilegeList.concat(privsCategories.groupPrivilegeList);

// Method used in admin/category controller to show all users/groups with privs in that given cid
privsCategories.list = async function (cid) {
	const labels = await utils.promiseParallel({
		users: plugins.hooks.fire('filter:privileges.list_human', privsCategories.privilegeLabels.slice()),
		groups: plugins.hooks.fire('filter:privileges.groups.list_human', privsCategories.privilegeLabels.slice()),
	});

	const keys = await utils.promiseParallel({
		users: plugins.hooks.fire('filter:privileges.list', privsCategories.userPrivilegeList.slice()),
		groups: plugins.hooks.fire('filter:privileges.groups.list', privsCategories.groupPrivilegeList.slice()),
	});

	const payload = await utils.promiseParallel({
		labels,
		users: helpers.getUserPrivileges(cid, keys.users),
		groups: helpers.getGroupPrivileges(cid, keys.groups),
	});
	payload.keys = keys;

	payload.columnCountUserOther = payload.labels.users.length - privsCategories.privilegeLabels.length;
	payload.columnCountGroupOther = payload.labels.groups.length - privsCategories.privilegeLabels.length;

	return payload;
};

privsCategories.get = async function (cid, uid) {
	const privs = ['topics:create', 'topics:read', 'topics:tag', 'read'];

	const [userPrivileges, isAdministrator, isModerator] = await Promise.all([
		helpers.isAllowedTo(privs, uid, cid),
		user.isAdministrator(uid),
		user.isModerator(uid, cid),
	]);

	const combined = userPrivileges.map(allowed => allowed || isAdministrator);
	const privData = _.zipObject(privs, combined);
	const isAdminOrMod = isAdministrator || isModerator;

	return await plugins.hooks.fire('filter:privileges.categories.get', {
		...privData,
		cid: cid,
		uid: uid,
		editable: isAdminOrMod,
		view_deleted: isAdminOrMod,
		isAdminOrMod: isAdminOrMod,
	});
};

privsCategories.isAdminOrMod = async function (cid, uid) {
	if (parseInt(uid, 10) <= 0) {
		return false;
	}
	const [isAdmin, isMod] = await Promise.all([
		user.isAdministrator(uid),
		user.isModerator(uid, cid),
	]);
	return isAdmin || isMod;
};

privsCategories.isUserAllowedTo = async function (privilege, cid, uid) {
	if ((Array.isArray(privilege) && !privilege.length) || (Array.isArray(cid) && !cid.length)) {
		return [];
	}
	if (!cid) {
		return false;
	}
	const results = await helpers.isAllowedTo(privilege, uid, Array.isArray(cid) ? cid : [cid]);

	if (Array.isArray(results) && results.length) {
		return Array.isArray(cid) ? results : results[0];
	}
	return false;
};

privsCategories.can = async function (privilege, cid, uid) {
	if (!cid) {
		return false;
	}
	const [disabled, isAdmin, isAllowed] = await Promise.all([
		categories.getCategoryField(cid, 'disabled'),
		user.isAdministrator(uid),
		privsCategories.isUserAllowedTo(privilege, cid, uid),
	]);
	return !disabled && (isAllowed || isAdmin);
};

privsCategories.filterCids = async function (privilege, cids, uid) {
	if (!Array.isArray(cids) || !cids.length) {
		return [];
	}

	cids = _.uniq(cids);
	const [categoryData, allowedTo, isAdmin] = await Promise.all([
		categories.getCategoriesFields(cids, ['disabled']),
		helpers.isAllowedTo(privilege, uid, cids),
		user.isAdministrator(uid),
	]);
	return cids.filter(
		(cid, index) => !!cid && !categoryData[index].disabled && (allowedTo[index] || isAdmin)
	);
};

privsCategories.getBase = async function (privilege, cids, uid) {
	return await utils.promiseParallel({
		categories: categories.getCategoriesFields(cids, ['disabled']),
		allowedTo: helpers.isAllowedTo(privilege, uid, cids),
		view_deleted: helpers.isAllowedTo('posts:view_deleted', uid, cids),
		isAdmin: user.isAdministrator(uid),
	});
};

privsCategories.filterUids = async function (privilege, cid, uids) {
	if (!uids.length) {
		return [];
	}

	uids = _.uniq(uids);

	const [allowedTo, isAdmins] = await Promise.all([
		helpers.isUsersAllowedTo(privilege, uids, cid),
		user.isAdministrator(uids),
	]);
	return uids.filter((uid, index) => allowedTo[index] || isAdmins[index]);
};

privsCategories.give = async function (privileges, cid, members) {
	await helpers.giveOrRescind(groups.join, privileges, cid, members);
	plugins.hooks.fire('action:privileges.categories.give', {
		privileges: privileges,
		cids: Array.isArray(cid) ? cid : [cid],
		members: Array.isArray(members) ? members : [members],
	});
};

privsCategories.rescind = async function (privileges, cid, members) {
	await helpers.giveOrRescind(groups.leave, privileges, cid, members);
	plugins.hooks.fire('action:privileges.categories.rescind', {
		privileges: privileges,
		cids: Array.isArray(cid) ? cid : [cid],
		members: Array.isArray(members) ? members : [members],
	});
};

privsCategories.canMoveAllTopics = async function (currentCid, targetCid, uid) {
	const [isAdmin, isModerators] = await Promise.all([
		user.isAdministrator(uid),
		user.isModerator(uid, [currentCid, targetCid]),
	]);
	return isAdmin || !isModerators.includes(false);
};

privsCategories.userPrivileges = async function (cid, uid) {
	return await helpers.userOrGroupPrivileges(cid, uid, privsCategories.userPrivilegeList);
};

privsCategories.groupPrivileges = async function (cid, groupName) {
	return await helpers.userOrGroupPrivileges(cid, groupName, privsCategories.groupPrivilegeList);
};
more work on #1518 still needs more work, category is next 2014-05-15 10:38:02 -04:00
			`'use strict';`

feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`const _ = require('lodash');`
more work on #1518 still needs more work, category is next 2014-05-15 10:38:02 -04:00
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`const categories = require('../categories');`
			`const user = require('../user');`
			`const groups = require('../groups');`
			`const helpers = require('./helpers');`
			`const plugins = require('../plugins');`
			`const utils = require('../utils');`
more work on #1518 still needs more work, category is next 2014-05-15 10:38:02 -04:00
refactor: privileges, export modules directly (#9325) fix unused/commented out methods in admin privileges 2021-02-24 18:10:34 -05:00			`const privsCategories = module.exports;`

			`privsCategories.privilegeLabels = [`
			`{ name: '[[admin/manage/privileges:find-category]]' },`
			`{ name: '[[admin/manage/privileges:access-category]]' },`
			`{ name: '[[admin/manage/privileges:access-topics]]' },`
			`{ name: '[[admin/manage/privileges:create-topics]]' },`
			`{ name: '[[admin/manage/privileges:reply-to-topics]]' },`
			`{ name: '[[admin/manage/privileges:tag-topics]]' },`
			`{ name: '[[admin/manage/privileges:edit-posts]]' },`
			`{ name: '[[admin/manage/privileges:view-edit-history]]' },`
			`{ name: '[[admin/manage/privileges:delete-posts]]' },`
			`{ name: '[[admin/manage/privileges:upvote-posts]]' },`
			`{ name: '[[admin/manage/privileges:downvote-posts]]' },`
			`{ name: '[[admin/manage/privileges:delete-topics]]' },`
			`{ name: '[[admin/manage/privileges:view_deleted]]' },`
			`{ name: '[[admin/manage/privileges:purge]]' },`
			`{ name: '[[admin/manage/privileges:moderate]]' },`
			`];`

			`privsCategories.userPrivilegeList = [`
			`'find',`
			`'read',`
			`'topics:read',`
			`'topics:create',`
			`'topics:reply',`
			`'topics:tag',`
			`'posts:edit',`
			`'posts:history',`
			`'posts:delete',`
			`'posts:upvote',`
			`'posts:downvote',`
			`'topics:delete',`
			`'posts:view_deleted',`
			`'purge',`
			`'moderate',`
			`];`

			privsCategories.groupPrivilegeList = privsCategories.userPrivilegeList.map(privilege => `groups:${privilege}`);

			`privsCategories.privilegeList = privsCategories.userPrivilegeList.concat(privsCategories.groupPrivilegeList);`

			`// Method used in admin/category controller to show all users/groups with privs in that given cid`
			`privsCategories.list = async function (cid) {`
fix: regression via c1b3079d93fb4c49ba62a4be5279b7bff8e5a54d Also refactored privilege render logic so that it no longer needs a server-side hack to render column count 2021-03-12 14:22:16 -05:00			`const labels = await utils.promiseParallel({`
			`users: plugins.hooks.fire('filter:privileges.list_human', privsCategories.privilegeLabels.slice()),`
			`groups: plugins.hooks.fire('filter:privileges.groups.list_human', privsCategories.privilegeLabels.slice()),`
			`});`
refactor: privileges, export modules directly (#9325) fix unused/commented out methods in admin privileges 2021-02-24 18:10:34 -05:00
			`const keys = await utils.promiseParallel({`
			`users: plugins.hooks.fire('filter:privileges.list', privsCategories.userPrivilegeList.slice()),`
			`groups: plugins.hooks.fire('filter:privileges.groups.list', privsCategories.groupPrivilegeList.slice()),`
			`});`

			`const payload = await utils.promiseParallel({`
fix: regression via c1b3079d93fb4c49ba62a4be5279b7bff8e5a54d Also refactored privilege render logic so that it no longer needs a server-side hack to render column count 2021-03-12 14:22:16 -05:00			`labels,`
refactor: privileges, export modules directly (#9325) fix unused/commented out methods in admin privileges 2021-02-24 18:10:34 -05:00			`users: helpers.getUserPrivileges(cid, keys.users),`
			`groups: helpers.getGroupPrivileges(cid, keys.groups),`
			`});`
			`payload.keys = keys;`

			`payload.columnCountUserOther = payload.labels.users.length - privsCategories.privilegeLabels.length;`
			`payload.columnCountGroupOther = payload.labels.groups.length - privsCategories.privilegeLabels.length;`
fix: regression via c1b3079d93fb4c49ba62a4be5279b7bff8e5a54d Also refactored privilege render logic so that it no longer needs a server-side hack to render column count 2021-03-12 14:22:16 -05:00
refactor: privileges, export modules directly (#9325) fix unused/commented out methods in admin privileges 2021-02-24 18:10:34 -05:00			`return payload;`
			`};`
feat: more discrete commit-on-save instead of commit-on-change w/ confirm modals (#8541) * feat: privileges save button, #8537, WIP * fix: disable firefox autocomplete on privilege form fields * feat: closes #8537 privilege changes commit on save - new language strings for confirmation and success modals/toasts - indeterminate privilege handling (/cc @psychobunny) - added new discard button - both discard and save buttons now have confirmation dialogs * fix(tests): remove duplicate template helper test * fix(tests): broken template helper test * feat: confirm dialogs for all privilege copy actions Also, ability to add user to a privilege table without needing to refresh the privilege table. * feat: group row addition w/o table refresh breaking: helpers.getUserPrivileges and helpers.getGroupPrivileges no longer make socket calls to the following hooks: - filter:privileges.list, filter:privileges.admin.list, filter:privileges.global.list, filter:privileges.groups.list, filter:privileges.admin.groups.list, filter:privileges.gloval.groups.list The filters are still called, but done before the helper method is called, and the results are passed in instead. This change should only affect you if you directly call the helper methods, otherwise the change is transparent. * fix: stale ajaxify data on privilege category switch * fix: implicit privileges not showing for user privs * fix: groups, not group, also fix tests * fix(tests): again * fix: wrong tpl rendered when adding group to global priv table 2020-08-03 20:42:45 -04:00
refactor: privileges, export modules directly (#9325) fix unused/commented out methods in admin privileges 2021-02-24 18:10:34 -05:00			`privsCategories.get = async function (cid, uid) {`
			`const privs = ['topics:create', 'topics:read', 'topics:tag', 'read'];`

			`const [userPrivileges, isAdministrator, isModerator] = await Promise.all([`
			`helpers.isAllowedTo(privs, uid, cid),`
			`user.isAdministrator(uid),`
			`user.isModerator(uid, cid),`
			`]);`

			`const combined = userPrivileges.map(allowed => allowed \|\| isAdministrator);`
			`const privData = _.zipObject(privs, combined);`
			`const isAdminOrMod = isAdministrator \|\| isModerator;`

			`return await plugins.hooks.fire('filter:privileges.categories.get', {`
			`...privData,`
			`cid: cid,`
			`uid: uid,`
			`editable: isAdminOrMod,`
			`view_deleted: isAdminOrMod,`
			`isAdminOrMod: isAdminOrMod,`
			`});`
			`};`

			`privsCategories.isAdminOrMod = async function (cid, uid) {`
			`if (parseInt(uid, 10) <= 0) {`
feat: #7743, privileges 2019-07-20 22:12:22 -04:00			`return false;`
refactor: privileges, export modules directly (#9325) fix unused/commented out methods in admin privileges 2021-02-24 18:10:34 -05:00			`}`
			`const [isAdmin, isMod] = await Promise.all([`
			`user.isAdministrator(uid),`
			`user.isModerator(uid, cid),`
			`]);`
			`return isAdmin \|\| isMod;`
			`};`
closes #1518 2014-05-15 20:49:47 -04:00
refactor: privileges, export modules directly (#9325) fix unused/commented out methods in admin privileges 2021-02-24 18:10:34 -05:00			`privsCategories.isUserAllowedTo = async function (privilege, cid, uid) {`
			`if ((Array.isArray(privilege) && !privilege.length) \|\| (Array.isArray(cid) && !cid.length)) {`
			`return [];`
			`}`
			`if (!cid) {`
			`return false;`
			`}`
			`const results = await helpers.isAllowedTo(privilege, uid, Array.isArray(cid) ? cid : [cid]);`

			`if (Array.isArray(results) && results.length) {`
			`return Array.isArray(cid) ? results : results[0];`
			`}`
			`return false;`
			`};`

			`privsCategories.can = async function (privilege, cid, uid) {`
			`if (!cid) {`
			`return false;`
			`}`
			`const [disabled, isAdmin, isAllowed] = await Promise.all([`
			`categories.getCategoryField(cid, 'disabled'),`
			`user.isAdministrator(uid),`
			`privsCategories.isUserAllowedTo(privilege, cid, uid),`
			`]);`
			`return !disabled && (isAllowed \|\| isAdmin);`
			`};`

			`privsCategories.filterCids = async function (privilege, cids, uid) {`
			`if (!Array.isArray(cids) \|\| !cids.length) {`
			`return [];`
			`}`

			`cids = _.uniq(cids);`
			`const [categoryData, allowedTo, isAdmin] = await Promise.all([`
			`categories.getCategoriesFields(cids, ['disabled']),`
			`helpers.isAllowedTo(privilege, uid, cids),`
			`user.isAdministrator(uid),`
			`]);`
			`return cids.filter(`
			`(cid, index) => !!cid && !categoryData[index].disabled && (allowedTo[index] \|\| isAdmin)`
			`);`
			`};`

			`privsCategories.getBase = async function (privilege, cids, uid) {`
			`return await utils.promiseParallel({`
			`categories: categories.getCategoriesFields(cids, ['disabled']),`
			`allowedTo: helpers.isAllowedTo(privilege, uid, cids),`
			`view_deleted: helpers.isAllowedTo('posts:view_deleted', uid, cids),`
			`isAdmin: user.isAdministrator(uid),`
			`});`
			`};`

			`privsCategories.filterUids = async function (privilege, cid, uids) {`
			`if (!uids.length) {`
			`return [];`
			`}`

			`uids = _.uniq(uids);`

			`const [allowedTo, isAdmins] = await Promise.all([`
			`helpers.isUsersAllowedTo(privilege, uids, cid),`
			`user.isAdministrator(uids),`
			`]);`
			`return uids.filter((uid, index) => allowedTo[index] \|\| isAdmins[index]);`
			`};`

			`privsCategories.give = async function (privileges, cid, members) {`
			`await helpers.giveOrRescind(groups.join, privileges, cid, members);`
			`plugins.hooks.fire('action:privileges.categories.give', {`
			`privileges: privileges,`
			`cids: Array.isArray(cid) ? cid : [cid],`
			`members: Array.isArray(members) ? members : [members],`
			`});`
			`};`

			`privsCategories.rescind = async function (privileges, cid, members) {`
			`await helpers.giveOrRescind(groups.leave, privileges, cid, members);`
			`plugins.hooks.fire('action:privileges.categories.rescind', {`
			`privileges: privileges,`
			`cids: Array.isArray(cid) ? cid : [cid],`
			`members: Array.isArray(members) ? members : [members],`
			`});`
			`};`

			`privsCategories.canMoveAllTopics = async function (currentCid, targetCid, uid) {`
			`const [isAdmin, isModerators] = await Promise.all([`
			`user.isAdministrator(uid),`
			`user.isModerator(uid, [currentCid, targetCid]),`
			`]);`
			`return isAdmin \|\| !isModerators.includes(false);`
			`};`

			`privsCategories.userPrivileges = async function (cid, uid) {`
			`return await helpers.userOrGroupPrivileges(cid, uid, privsCategories.userPrivilegeList);`
			`};`

			`privsCategories.groupPrivileges = async function (cid, groupName) {`
			`return await helpers.userOrGroupPrivileges(cid, groupName, privsCategories.groupPrivilegeList);`
ESlint eol-last 2017-02-18 02:30:48 -07:00			`};`