2015-09-25 15:09:25 -04:00
|
|
|
'use strict';
|
|
|
|
|
|
2022-06-10 13:54:39 -04:00
|
|
|
const nconf = require('nconf');
|
|
|
|
|
|
2021-03-12 16:38:05 -05:00
|
|
|
const db = require('../../database');
|
2019-09-09 19:19:56 -04:00
|
|
|
const posts = require('../../posts');
|
2020-07-30 09:48:14 -04:00
|
|
|
const flags = require('../../flags');
|
2019-09-09 19:19:56 -04:00
|
|
|
const events = require('../../events');
|
|
|
|
|
const privileges = require('../../privileges');
|
|
|
|
|
const plugins = require('../../plugins');
|
|
|
|
|
const social = require('../../social');
|
|
|
|
|
const user = require('../../user');
|
|
|
|
|
const utils = require('../../utils');
|
2015-09-25 15:09:25 -04:00
|
|
|
|
2016-10-13 11:43:39 +02:00
|
|
|
module.exports = function (SocketPosts) {
|
2019-09-09 19:19:56 -04:00
|
|
|
SocketPosts.loadPostTools = async function (socket, data) {
|
2023-03-06 09:44:21 -05:00
|
|
|
if (!data || !data.pid) {
|
2019-09-09 19:19:56 -04:00
|
|
|
throw new Error('[[error:invalid-data]]');
|
2015-10-24 20:50:43 -04:00
|
|
|
}
|
2023-03-06 09:44:21 -05:00
|
|
|
const cid = await posts.getCidByPid(data.pid);
|
2019-09-09 19:19:56 -04:00
|
|
|
const results = await utils.promiseParallel({
|
2020-07-29 16:55:14 -04:00
|
|
|
posts: posts.getPostFields(data.pid, ['deleted', 'bookmarks', 'uid', 'ip', 'flagId']),
|
2019-09-09 19:19:56 -04:00
|
|
|
isAdmin: user.isAdministrator(socket.uid),
|
|
|
|
|
isGlobalMod: user.isGlobalModerator(socket.uid),
|
2023-03-06 09:44:21 -05:00
|
|
|
isModerator: user.isModerator(socket.uid, cid),
|
2019-09-09 19:19:56 -04:00
|
|
|
canEdit: privileges.posts.canEdit(data.pid, socket.uid),
|
|
|
|
|
canDelete: privileges.posts.canDelete(data.pid, socket.uid),
|
|
|
|
|
canPurge: privileges.posts.canPurge(data.pid, socket.uid),
|
|
|
|
|
canFlag: privileges.posts.canFlag(data.pid, socket.uid),
|
2023-12-19 21:32:05 -05:00
|
|
|
canViewHistory: privileges.posts.can('posts:history', data.pid, socket.uid),
|
2021-11-18 16:42:18 -05:00
|
|
|
flagged: flags.exists('post', data.pid, socket.uid), // specifically, whether THIS calling user flagged
|
2019-09-09 19:19:56 -04:00
|
|
|
bookmarked: posts.hasBookmarked(data.pid, socket.uid),
|
|
|
|
|
postSharing: social.getActivePostSharing(),
|
|
|
|
|
history: posts.diffs.exists(data.pid),
|
2019-09-17 18:02:52 +00:00
|
|
|
canViewInfo: privileges.global.can('view:users:info', socket.uid),
|
2019-09-09 19:19:56 -04:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const postData = results.posts;
|
2022-06-10 13:54:39 -04:00
|
|
|
postData.absolute_url = `${nconf.get('url')}/post/${data.pid}`;
|
2019-09-09 19:19:56 -04:00
|
|
|
postData.bookmarked = results.bookmarked;
|
|
|
|
|
postData.selfPost = socket.uid && socket.uid === postData.uid;
|
|
|
|
|
postData.display_edit_tools = results.canEdit.flag;
|
|
|
|
|
postData.display_delete_tools = results.canDelete.flag;
|
|
|
|
|
postData.display_purge_tools = results.canPurge;
|
2020-11-17 21:28:32 -05:00
|
|
|
postData.display_flag_tools = socket.uid && results.canFlag.flag;
|
2019-09-09 19:19:56 -04:00
|
|
|
postData.display_moderator_tools = postData.display_edit_tools || postData.display_delete_tools;
|
|
|
|
|
postData.display_move_tools = results.isAdmin || results.isModerator;
|
|
|
|
|
postData.display_change_owner_tools = results.isAdmin || results.isModerator;
|
2024-11-06 11:36:53 -05:00
|
|
|
postData.display_manage_editors_tools = results.isAdmin || results.isModerator || postData.selfPost;
|
2019-09-09 19:19:56 -04:00
|
|
|
postData.display_ip_ban = (results.isAdmin || results.isGlobalMod) && !postData.selfPost;
|
2023-12-19 21:32:05 -05:00
|
|
|
postData.display_history = results.history && results.canViewHistory;
|
2020-07-30 09:48:14 -04:00
|
|
|
postData.flags = {
|
|
|
|
|
flagId: parseInt(results.posts.flagId, 10) || null,
|
|
|
|
|
can: results.canFlag.flag,
|
|
|
|
|
exists: !!results.posts.flagId,
|
|
|
|
|
flagged: results.flagged,
|
2021-03-12 16:38:05 -05:00
|
|
|
state: await db.getObjectField(`flag:${postData.flagId}`, 'state'),
|
2020-07-30 09:48:14 -04:00
|
|
|
};
|
2019-09-09 19:19:56 -04:00
|
|
|
|
2019-09-17 18:02:52 +00:00
|
|
|
if (!results.isAdmin && !results.canViewInfo) {
|
2019-09-09 19:19:56 -04:00
|
|
|
postData.ip = undefined;
|
|
|
|
|
}
|
2022-06-10 13:54:39 -04:00
|
|
|
const { tools } = await plugins.hooks.fire('filter:post.tools', {
|
2021-02-19 11:32:17 -05:00
|
|
|
pid: data.pid,
|
|
|
|
|
post: postData,
|
|
|
|
|
uid: socket.uid,
|
|
|
|
|
tools: [],
|
|
|
|
|
});
|
2022-06-10 13:54:39 -04:00
|
|
|
postData.tools = tools;
|
|
|
|
|
|
2019-09-09 19:19:56 -04:00
|
|
|
return results;
|
2015-10-24 20:50:43 -04:00
|
|
|
};
|
|
|
|
|
|
2019-07-12 14:06:09 -04:00
|
|
|
SocketPosts.changeOwner = async function (socket, data) {
|
|
|
|
|
if (!data || !Array.isArray(data.pids) || !data.toUid) {
|
|
|
|
|
throw new Error('[[error:invalid-data]]');
|
|
|
|
|
}
|
2020-01-24 14:28:11 -05:00
|
|
|
const isAdminOrGlobalMod = await user.isAdminOrGlobalMod(socket.uid);
|
2019-07-12 14:06:09 -04:00
|
|
|
if (!isAdminOrGlobalMod) {
|
|
|
|
|
throw new Error('[[error:no-privileges]]');
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-04 00:06:15 -07:00
|
|
|
const postData = await posts.changeOwner(data.pids, data.toUid);
|
|
|
|
|
const logs = postData.map(({ pid, uid, cid }) => (events.log({
|
2020-01-15 17:05:57 +01:00
|
|
|
type: 'post-change-owner',
|
|
|
|
|
uid: socket.uid,
|
|
|
|
|
ip: socket.ip,
|
|
|
|
|
targetUid: data.toUid,
|
|
|
|
|
pid: pid,
|
|
|
|
|
originalUid: uid,
|
|
|
|
|
cid: cid,
|
|
|
|
|
})));
|
|
|
|
|
|
|
|
|
|
await Promise.all(logs);
|
2019-07-12 14:06:09 -04:00
|
|
|
};
|
2024-11-06 11:36:53 -05:00
|
|
|
|
|
|
|
|
SocketPosts.getEditors = async function (socket, data) {
|
|
|
|
|
if (!data || !data.pid) {
|
|
|
|
|
throw new Error('[[error:invalid-data]]');
|
|
|
|
|
}
|
|
|
|
|
await checkEditorPrivilege(socket.uid, data.pid);
|
|
|
|
|
const editorUids = await db.getSetMembers(`pid:${data.pid}:editors`);
|
|
|
|
|
const userData = await user.getUsersFields(editorUids, ['username', 'userslug', 'picture']);
|
|
|
|
|
return userData;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
SocketPosts.saveEditors = async function (socket, data) {
|
|
|
|
|
if (!data || !data.pid || !Array.isArray(data.uids)) {
|
|
|
|
|
throw new Error('[[error:invalid-data]]');
|
|
|
|
|
}
|
|
|
|
|
await checkEditorPrivilege(socket.uid, data.pid);
|
|
|
|
|
await db.delete(`pid:${data.pid}:editors`);
|
|
|
|
|
await db.setAdd(`pid:${data.pid}:editors`, data.uids);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
async function checkEditorPrivilege(uid, pid) {
|
|
|
|
|
const cid = await posts.getCidByPid(pid);
|
|
|
|
|
const [isAdminOrMod, owner] = await Promise.all([
|
|
|
|
|
privileges.categories.isAdminOrMod(cid, uid),
|
|
|
|
|
posts.getPostField(pid, 'uid'),
|
|
|
|
|
]);
|
|
|
|
|
const isSelfPost = String(uid) === String(owner);
|
|
|
|
|
if (!isAdminOrMod && !isSelfPost) {
|
|
|
|
|
throw new Error('[[error:no-privileges]]');
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-08-06 20:28:55 -05:00
|
|
|
};
|
