NodeBB/src/socket.io/posts/tools.js

'use strict';

const posts = require('../../posts');
const topics = require('../../topics');
const flags = require('../../flags');
const events = require('../../events');
const websockets = require('../index');
const socketTopics = require('../topics');
const privileges = require('../../privileges');
const plugins = require('../../plugins');
const social = require('../../social');
const user = require('../../user');
const utils = require('../../utils');


module.exports = function (SocketPosts) {
	SocketPosts.loadPostTools = async function (socket, data) {
		if (!data || !data.pid || !data.cid) {
			throw new Error('[[error:invalid-data]]');
		}

		const results = await utils.promiseParallel({
			posts: posts.getPostFields(data.pid, ['deleted', 'bookmarks', 'uid', 'ip', 'flagId']),
			isAdmin: user.isAdministrator(socket.uid),
			isGlobalMod: user.isGlobalModerator(socket.uid),
			isModerator: user.isModerator(socket.uid, data.cid),
			canEdit: privileges.posts.canEdit(data.pid, socket.uid),
			canDelete: privileges.posts.canDelete(data.pid, socket.uid),
			canPurge: privileges.posts.canPurge(data.pid, socket.uid),
			canFlag: privileges.posts.canFlag(data.pid, socket.uid),
			flagged: flags.exists('post', data.pid, socket.uid),	// specifically, whether THIS calling user flagged
			bookmarked: posts.hasBookmarked(data.pid, socket.uid),
			tools: plugins.fireHook('filter:post.tools', { pid: data.pid, uid: socket.uid, tools: [] }),
			postSharing: social.getActivePostSharing(),
			history: posts.diffs.exists(data.pid),
			canViewInfo: privileges.global.can('view:users:info', socket.uid),
		});

		const postData = results.posts;
		postData.tools = results.tools.tools;
		postData.bookmarked = results.bookmarked;
		postData.selfPost = socket.uid && socket.uid === postData.uid;
		postData.display_edit_tools = results.canEdit.flag;
		postData.display_delete_tools = results.canDelete.flag;
		postData.display_purge_tools = results.canPurge;
		postData.display_flag_tools = socket.uid && !postData.selfPost && results.canFlag.flag;
		postData.display_moderator_tools = postData.display_edit_tools || postData.display_delete_tools;
		postData.display_move_tools = results.isAdmin || results.isModerator;
		postData.display_change_owner_tools = results.isAdmin || results.isModerator;
		postData.display_ip_ban = (results.isAdmin || results.isGlobalMod) && !postData.selfPost;
		postData.display_history = results.history;
		postData.toolsVisible = postData.tools.length || postData.display_moderator_tools;
		postData.flags = {
			flagId: parseInt(results.posts.flagId, 10) || null,
			can: results.canFlag.flag,
			exists: !!results.posts.flagId,
			flagged: results.flagged,
		};

		if (!results.isAdmin && !results.canViewInfo) {
			postData.ip = undefined;
		}
		return results;
	};

	SocketPosts.delete = async function (socket, data) {
		await deleteOrRestore(socket, data, {
			command: 'delete',
			event: 'event:post_deleted',
			type: 'post-delete',
		});
	};

	SocketPosts.restore = async function (socket, data) {
		await deleteOrRestore(socket, data, {
			command: 'restore',
			event: 'event:post_restored',
			type: 'post-restore',
		});
	};

	async function deleteOrRestore(socket, data, params) {
		if (!data || !data.pid) {
			throw new Error('[[error:invalid-data]]');
		}
		const postData = await posts.tools[params.command](socket.uid, data.pid);
		const results = await isMainAndLastPost(data.pid);
		if (results.isMain && results.isLast) {
			await deleteOrRestoreTopicOf(params.command, data.pid, socket);
		}

		websockets.in('topic_' + data.tid).emit(params.event, postData);

		await events.log({
			type: params.type,
			uid: socket.uid,
			pid: data.pid,
			tid: postData.tid,
			ip: socket.ip,
		});
	}

	SocketPosts.deletePosts = async function (socket, data) {
		await deletePurgePosts(socket, data, 'delete');
	};

	SocketPosts.purgePosts = async function (socket, data) {
		await deletePurgePosts(socket, data, 'purge');
	};

	async function deletePurgePosts(socket, data, command) {
		if (!data || !Array.isArray(data.pids)) {
			throw new Error('[[error:invalid-data]]');
		}
		for (const pid of data.pids) {
			/* eslint-disable no-await-in-loop */
			await SocketPosts[command](socket, { pid: pid, tid: data.tid });
		}
	}

	SocketPosts.purge = async function (socket, data) {
		if (!data || !parseInt(data.pid, 10)) {
			throw new Error('[[error:invalid-data]]');
		}

		const results = await isMainAndLastPost(data.pid);
		if (results.isMain && !results.isLast) {
			throw new Error('[[error:cant-purge-main-post]]');
		}

		const isMainAndLast = results.isMain && results.isLast;
		const postData = await posts.getPostFields(data.pid, ['toPid', 'tid']);
		postData.pid = data.pid;

		await posts.tools.purge(socket.uid, data.pid);

		websockets.in('topic_' + data.tid).emit('event:post_purged', postData);
		const topicData = await topics.getTopicFields(data.tid, ['title', 'cid']);

		await events.log({
			type: 'post-purge',
			uid: socket.uid,
			pid: data.pid,
			ip: socket.ip,
			tid: postData.tid,
			title: String(topicData.title),
		});

		if (isMainAndLast) {
			await socketTopics.doTopicAction('purge', 'event:topic_purged', socket, { tids: [postData.tid], cid: topicData.cid });
		}
	};

	async function deleteOrRestoreTopicOf(command, pid, socket) {
		const topic = await posts.getTopicFields(pid, ['tid', 'cid', 'deleted']);
		if (command === 'delete' && !topic.deleted) {
			await socketTopics.doTopicAction('delete', 'event:topic_deleted', socket, { tids: [topic.tid], cid: topic.cid });
		} else if (command === 'restore' && topic.deleted) {
			await socketTopics.doTopicAction('restore', 'event:topic_restored', socket, { tids: [topic.tid], cid: topic.cid });
		}
	}

	async function isMainAndLastPost(pid) {
		const [isMain, topicData] = await Promise.all([
			posts.isMain(pid),
			posts.getTopicFields(pid, ['postcount']),
		]);
		return {
			isMain: isMain,
			isLast: topicData && topicData.postcount === 1,
		};
	}

	SocketPosts.changeOwner = async function (socket, data) {
		if (!data || !Array.isArray(data.pids) || !data.toUid) {
			throw new Error('[[error:invalid-data]]');
		}
		const isAdminOrGlobalMod = await user.isAdminOrGlobalMod(socket.uid);
		if (!isAdminOrGlobalMod) {
			throw new Error('[[error:no-privileges]]');
		}

		var postData = await posts.changeOwner(data.pids, data.toUid);
		var logs = postData.map(({ pid, uid, cid }) => (events.log({
			type: 'post-change-owner',
			uid: socket.uid,
			ip: socket.ip,
			targetUid: data.toUid,
			pid: pid,
			originalUid: uid,
			cid: cid,
		})));

		await Promise.all(logs);
	};
};
socketio/posts socketio/topics refactor 2015-09-25 15:09:25 -04:00			`'use strict';`

refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`const posts = require('../../posts');`
			`const topics = require('../../topics');`
refactor: flags object in post tools 2020-07-30 09:48:14 -04:00			`const flags = require('../../flags');`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`const events = require('../../events');`
			`const websockets = require('../index');`
			`const socketTopics = require('../topics');`
			`const privileges = require('../../privileges');`
			`const plugins = require('../../plugins');`
			`const social = require('../../social');`
			`const user = require('../../user');`
			`const utils = require('../../utils');`
closes #6311 2018-02-15 14:52:49 -05:00
socketio/posts socketio/topics refactor 2015-09-25 15:09:25 -04:00
Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`module.exports = function (SocketPosts) {`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`SocketPosts.loadPostTools = async function (socket, data) {`
post tools test 2016-12-20 16:03:01 +03:00			`if (!data \|\| !data.pid \|\| !data.cid) {`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`throw new Error('[[error:invalid-data]]');`
load post tools menu on demand 2015-10-24 20:50:43 -04:00			`}`
closes #6311 2018-02-15 14:52:49 -05:00
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`const results = await utils.promiseParallel({`
feat: allow direct link to flag from post tools, #8531 2020-07-29 16:55:14 -04:00			`posts: posts.getPostFields(data.pid, ['deleted', 'bookmarks', 'uid', 'ip', 'flagId']),`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`isAdmin: user.isAdministrator(socket.uid),`
			`isGlobalMod: user.isGlobalModerator(socket.uid),`
			`isModerator: user.isModerator(socket.uid, data.cid),`
			`canEdit: privileges.posts.canEdit(data.pid, socket.uid),`
			`canDelete: privileges.posts.canDelete(data.pid, socket.uid),`
			`canPurge: privileges.posts.canPurge(data.pid, socket.uid),`
			`canFlag: privileges.posts.canFlag(data.pid, socket.uid),`
refactor: flags object in post tools 2020-07-30 09:48:14 -04:00			`flagged: flags.exists('post', data.pid, socket.uid), // specifically, whether THIS calling user flagged`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`bookmarked: posts.hasBookmarked(data.pid, socket.uid),`
			`tools: plugins.fireHook('filter:post.tools', { pid: data.pid, uid: socket.uid, tools: [] }),`
			`postSharing: social.getActivePostSharing(),`
			`history: posts.diffs.exists(data.pid),`
Add privilege for accessing user information (#7859) * Add view users info global privilege * Show user ip only to global mods and admins * fix missing comma * Hide link for users without correct privilege * move getting privilege information to getAllData * Hide the link from Global Moderators as well * Give Global Moderator view:users:info privilege * Restrict ip in post menu to view:users:info * add some trailing commas.... * Add privilege to categories test * Add group privilege to categories test * add upgrade script * fix style for TravisCI * more styling - change spaces to tabs * some more styling fixes (hopefully final one) * fix style for Travis CI * hide ip in chat messages * Don't show even hidden ips on user profile page 2019-09-17 18:02:52 +00:00			`canViewInfo: privileges.global.can('view:users:info', socket.uid),`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`});`

			`const postData = results.posts;`
			`postData.tools = results.tools.tools;`
			`postData.bookmarked = results.bookmarked;`
			`postData.selfPost = socket.uid && socket.uid === postData.uid;`
			`postData.display_edit_tools = results.canEdit.flag;`
			`postData.display_delete_tools = results.canDelete.flag;`
			`postData.display_purge_tools = results.canPurge;`
			`postData.display_flag_tools = socket.uid && !postData.selfPost && results.canFlag.flag;`
			`postData.display_moderator_tools = postData.display_edit_tools \|\| postData.display_delete_tools;`
			`postData.display_move_tools = results.isAdmin \|\| results.isModerator;`
			`postData.display_change_owner_tools = results.isAdmin \|\| results.isModerator;`
			`postData.display_ip_ban = (results.isAdmin \|\| results.isGlobalMod) && !postData.selfPost;`
			`postData.display_history = results.history;`
			`postData.toolsVisible = postData.tools.length \|\| postData.display_moderator_tools;`
refactor: flags object in post tools 2020-07-30 09:48:14 -04:00			`postData.flags = {`
			`flagId: parseInt(results.posts.flagId, 10) \|\| null,`
			`can: results.canFlag.flag,`
			`exists: !!results.posts.flagId,`
			`flagged: results.flagged,`
			`};`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00
Add privilege for accessing user information (#7859) * Add view users info global privilege * Show user ip only to global mods and admins * fix missing comma * Hide link for users without correct privilege * move getting privilege information to getAllData * Hide the link from Global Moderators as well * Give Global Moderator view:users:info privilege * Restrict ip in post menu to view:users:info * add some trailing commas.... * Add privilege to categories test * Add group privilege to categories test * add upgrade script * fix style for TravisCI * more styling - change spaces to tabs * some more styling fixes (hopefully final one) * fix style for Travis CI * hide ip in chat messages * Don't show even hidden ips on user profile page 2019-09-17 18:02:52 +00:00			`if (!results.isAdmin && !results.canViewInfo) {`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`postData.ip = undefined;`
			`}`
			`return results;`
load post tools menu on demand 2015-10-24 20:50:43 -04:00			`};`

refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`SocketPosts.delete = async function (socket, data) {`
refactor: remove dupe code 2019-09-09 19:34:20 -04:00			`await deleteOrRestore(socket, data, {`
			`command: 'delete',`
			`event: 'event:post_deleted',`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`type: 'post-delete',`
			`});`
socketio/posts socketio/topics refactor 2015-09-25 15:09:25 -04:00			`};`

refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`SocketPosts.restore = async function (socket, data) {`
refactor: remove dupe code 2019-09-09 19:34:20 -04:00			`await deleteOrRestore(socket, data, {`
			`command: 'restore',`
			`event: 'event:post_restored',`
			`type: 'post-restore',`
			`});`
			`};`

			`async function deleteOrRestore(socket, data, params) {`
closes #5025 2016-10-12 14:46:04 +03:00			`if (!data \|\| !data.pid) {`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`throw new Error('[[error:invalid-data]]');`
closes #5025 2016-10-12 14:46:04 +03:00			`}`
refactor: remove dupe code 2019-09-09 19:34:20 -04:00			`const postData = await posts.tools[params.command](socket.uid, data.pid);`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`const results = await isMainAndLastPost(data.pid);`
			`if (results.isMain && results.isLast) {`
refactor: remove dupe code 2019-09-09 19:34:20 -04:00			`await deleteOrRestoreTopicOf(params.command, data.pid, socket);`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`}`
refactor: remove dupe code 2019-09-09 19:34:20 -04:00
			`websockets.in('topic_' + data.tid).emit(params.event, postData);`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00
			`await events.log({`
refactor: remove dupe code 2019-09-09 19:34:20 -04:00			`type: params.type,`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`uid: socket.uid,`
			`pid: data.pid,`
			`tid: postData.tid,`
			`ip: socket.ip,`
			`});`
refactor: remove dupe code 2019-09-09 19:34:20 -04:00			`}`
socketio/posts socketio/topics refactor 2015-09-25 15:09:25 -04:00
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`SocketPosts.deletePosts = async function (socket, data) {`
refactor: remove dupe code 2019-09-09 19:34:20 -04:00			`await deletePurgePosts(socket, data, 'delete');`
closes #2134 2015-12-24 12:08:10 +02:00			`};`

refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`SocketPosts.purgePosts = async function (socket, data) {`
refactor: remove dupe code 2019-09-09 19:34:20 -04:00			`await deletePurgePosts(socket, data, 'purge');`
			`};`

			`async function deletePurgePosts(socket, data, command) {`
closes #2134 2015-12-24 12:08:10 +02:00			`if (!data \|\| !Array.isArray(data.pids)) {`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`throw new Error('[[error:invalid-data]]');`
			`}`
			`for (const pid of data.pids) {`
			`/* eslint-disable no-await-in-loop */`
refactor: remove dupe code 2019-09-09 19:34:20 -04:00			`await SocketPosts[command](socket, { pid: pid, tid: data.tid });`
closes #2134 2015-12-24 12:08:10 +02:00			`}`
refactor: remove dupe code 2019-09-09 19:34:20 -04:00			`}`
closes #2134 2015-12-24 12:08:10 +02:00
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`SocketPosts.purge = async function (socket, data) {`
socketio/posts socketio/topics refactor 2015-09-25 15:09:25 -04:00			`if (!data \|\| !parseInt(data.pid, 10)) {`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`throw new Error('[[error:invalid-data]]');`
			`}`

			`const results = await isMainAndLastPost(data.pid);`
			`if (results.isMain && !results.isLast) {`
			`throw new Error('[[error:cant-purge-main-post]]');`
socketio/posts socketio/topics refactor 2015-09-25 15:09:25 -04:00			`}`
if the main and last post is purged, purge the topic as well 2017-04-26 14:19:48 -04:00
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`const isMainAndLast = results.isMain && results.isLast;`
			`const postData = await posts.getPostFields(data.pid, ['toPid', 'tid']);`
			`postData.pid = data.pid;`

			`await posts.tools.purge(socket.uid, data.pid);`

			`websockets.in('topic_' + data.tid).emit('event:post_purged', postData);`
			`const topicData = await topics.getTopicFields(data.tid, ['title', 'cid']);`

			`await events.log({`
			`type: 'post-purge',`
			`uid: socket.uid,`
			`pid: data.pid,`
			`ip: socket.ip,`
			`tid: postData.tid,`
			`title: String(topicData.title),`
			`});`

			`if (isMainAndLast) {`
			`await socketTopics.doTopicAction('purge', 'event:topic_purged', socket, { tids: [postData.tid], cid: topicData.cid });`
			`}`
socketio/posts socketio/topics refactor 2015-09-25 15:09:25 -04:00			`};`

refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`async function deleteOrRestoreTopicOf(command, pid, socket) {`
			`const topic = await posts.getTopicFields(pid, ['tid', 'cid', 'deleted']);`
			`if (command === 'delete' && !topic.deleted) {`
			`await socketTopics.doTopicAction('delete', 'event:topic_deleted', socket, { tids: [topic.tid], cid: topic.cid });`
			`} else if (command === 'restore' && topic.deleted) {`
			`await socketTopics.doTopicAction('restore', 'event:topic_restored', socket, { tids: [topic.tid], cid: topic.cid });`
			`}`
closes #5025 2016-10-12 14:46:04 +03:00			`}`

refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`async function isMainAndLastPost(pid) {`
			`const [isMain, topicData] = await Promise.all([`
			`posts.isMain(pid),`
			`posts.getTopicFields(pid, ['postcount']),`
			`]);`
			`return {`
			`isMain: isMain,`
			`isLast: topicData && topicData.postcount === 1,`
			`};`
socketio/posts socketio/topics refactor 2015-09-25 15:09:25 -04:00			`}`
Change post owner (#7752) * feat: #7749, allow array of keys for setObject * feat: sortedSetRemoveBulk * feat: test for bulk remove * feat: #7083, ability to change post ownership * feat: #7083, fix tid:<tid>:posters * feat: #7083, front end * fix: #7752, psql methods * fix: add missing await * fix: maybe psql 2019-07-12 14:06:09 -04:00
			`SocketPosts.changeOwner = async function (socket, data) {`
			`if (!data \|\| !Array.isArray(data.pids) \|\| !data.toUid) {`
			`throw new Error('[[error:invalid-data]]');`
			`}`
fix: missing await in SocketPosts.changeOwner 2020-01-24 14:28:11 -05:00			`const isAdminOrGlobalMod = await user.isAdminOrGlobalMod(socket.uid);`
Change post owner (#7752) * feat: #7749, allow array of keys for setObject * feat: sortedSetRemoveBulk * feat: test for bulk remove * feat: #7083, ability to change post ownership * feat: #7083, fix tid:<tid>:posters * feat: #7083, front end * fix: #7752, psql methods * fix: add missing await * fix: maybe psql 2019-07-12 14:06:09 -04:00			`if (!isAdminOrGlobalMod) {`
			`throw new Error('[[error:no-privileges]]');`
			`}`

#8115 - log post owner changes (#8117) * log post owner changes * log each post separately * use map instad of a loop 2020-01-15 17:05:57 +01:00			`var postData = await posts.changeOwner(data.pids, data.toUid);`
			`var logs = postData.map(({ pid, uid, cid }) => (events.log({`
			`type: 'post-change-owner',`
			`uid: socket.uid,`
			`ip: socket.ip,`
			`targetUid: data.toUid,`
			`pid: pid,`
			`originalUid: uid,`
			`cid: cid,`
			`})));`

			`await Promise.all(logs);`
Change post owner (#7752) * feat: #7749, allow array of keys for setObject * feat: sortedSetRemoveBulk * feat: test for bulk remove * feat: #7083, ability to change post ownership * feat: #7083, fix tid:<tid>:posters * feat: #7083, front end * fix: #7752, psql methods * fix: add missing await * fix: maybe psql 2019-07-12 14:06:09 -04:00			`};`
Add edit, delete, and topics:delete permissions for users acting on their own posts 2016-08-06 20:28:55 -05:00			`};`