NodeBB/src/socket.io/posts/tools.js

'use strict';

const posts = require('../../posts');
const flags = require('../../flags');
const events = require('../../events');
const privileges = require('../../privileges');
const plugins = require('../../plugins');
const social = require('../../social');
const user = require('../../user');
const utils = require('../../utils');
const api = require('../../api');

const sockets = require('..');

module.exports = function (SocketPosts) {
	SocketPosts.loadPostTools = async function (socket, data) {
		if (!data || !data.pid || !data.cid) {
			throw new Error('[[error:invalid-data]]');
		}

		const results = await utils.promiseParallel({
			posts: posts.getPostFields(data.pid, ['deleted', 'bookmarks', 'uid', 'ip', 'flagId']),
			isAdmin: user.isAdministrator(socket.uid),
			isGlobalMod: user.isGlobalModerator(socket.uid),
			isModerator: user.isModerator(socket.uid, data.cid),
			canEdit: privileges.posts.canEdit(data.pid, socket.uid),
			canDelete: privileges.posts.canDelete(data.pid, socket.uid),
			canPurge: privileges.posts.canPurge(data.pid, socket.uid),
			canFlag: privileges.posts.canFlag(data.pid, socket.uid),
			flagged: flags.exists('post', data.pid, socket.uid),	// specifically, whether THIS calling user flagged
			bookmarked: posts.hasBookmarked(data.pid, socket.uid),
			tools: plugins.hooks.fire('filter:post.tools', { pid: data.pid, uid: socket.uid, tools: [] }),
			postSharing: social.getActivePostSharing(),
			history: posts.diffs.exists(data.pid),
			canViewInfo: privileges.global.can('view:users:info', socket.uid),
		});

		const postData = results.posts;
		postData.tools = results.tools.tools;
		postData.bookmarked = results.bookmarked;
		postData.selfPost = socket.uid && socket.uid === postData.uid;
		postData.display_edit_tools = results.canEdit.flag;
		postData.display_delete_tools = results.canDelete.flag;
		postData.display_purge_tools = results.canPurge;
		postData.display_flag_tools = socket.uid && results.canFlag.flag;
		postData.display_moderator_tools = postData.display_edit_tools || postData.display_delete_tools;
		postData.display_move_tools = results.isAdmin || results.isModerator;
		postData.display_change_owner_tools = results.isAdmin || results.isModerator;
		postData.display_ip_ban = (results.isAdmin || results.isGlobalMod) && !postData.selfPost;
		postData.display_history = results.history;
		postData.flags = {
			flagId: parseInt(results.posts.flagId, 10) || null,
			can: results.canFlag.flag,
			exists: !!results.posts.flagId,
			flagged: results.flagged,
		};

		if (!results.isAdmin && !results.canViewInfo) {
			postData.ip = undefined;
		}
		return results;
	};

	SocketPosts.delete = async function (socket, data) {
		sockets.warnDeprecated(socket, 'DELETE /api/v3/posts/:pid/state');
		await api.posts.delete(socket, data);
	};

	SocketPosts.restore = async function (socket, data) {
		sockets.warnDeprecated(socket, 'PUT /api/v3/posts/:pid/state');
		await api.posts.restore(socket, data);
	};

	SocketPosts.deletePosts = async function (socket, data) {
		await deletePurgePosts(socket, data, 'delete');
	};

	SocketPosts.purgePosts = async function (socket, data) {
		await deletePurgePosts(socket, data, 'purge');
	};

	async function deletePurgePosts(socket, data, command) {
		if (!data || !Array.isArray(data.pids)) {
			throw new Error('[[error:invalid-data]]');
		}
		for (const pid of data.pids) {
			/* eslint-disable no-await-in-loop */
			await SocketPosts[command](socket, { pid: pid });
		}
	}

	SocketPosts.purge = async function (socket, data) {
		sockets.warnDeprecated(socket, 'DELETE /api/v3/posts/:pid');
		await api.posts.purge(socket, data);
	};

	SocketPosts.changeOwner = async function (socket, data) {
		if (!data || !Array.isArray(data.pids) || !data.toUid) {
			throw new Error('[[error:invalid-data]]');
		}
		const isAdminOrGlobalMod = await user.isAdminOrGlobalMod(socket.uid);
		if (!isAdminOrGlobalMod) {
			throw new Error('[[error:no-privileges]]');
		}

		const postData = await posts.changeOwner(data.pids, data.toUid);
		const logs = postData.map(({ pid, uid, cid }) => (events.log({
			type: 'post-change-owner',
			uid: socket.uid,
			ip: socket.ip,
			targetUid: data.toUid,
			pid: pid,
			originalUid: uid,
			cid: cid,
		})));

		await Promise.all(logs);
	};
};
socketio/posts socketio/topics refactor 2015-09-25 15:09:25 -04:00			`'use strict';`

refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`const posts = require('../../posts');`
refactor: flags object in post tools 2020-07-30 09:48:14 -04:00			`const flags = require('../../flags');`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`const events = require('../../events');`
			`const privileges = require('../../privileges');`
			`const plugins = require('../../plugins');`
			`const social = require('../../social');`
			`const user = require('../../user');`
			`const utils = require('../../utils');`
refactor: post restore/delete/purge 2020-10-17 21:24:33 -04:00			`const api = require('../../api');`
closes #6311 2018-02-15 14:52:49 -05:00
feat(writeapi): post delete/restore/purge 2020-10-06 14:12:02 -04:00			`const sockets = require('..');`
socketio/posts socketio/topics refactor 2015-09-25 15:09:25 -04:00
Fix space-before-function-paren linter rule 2016-10-13 11:43:39 +02:00			`module.exports = function (SocketPosts) {`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`SocketPosts.loadPostTools = async function (socket, data) {`
post tools test 2016-12-20 16:03:01 +03:00			`if (!data \|\| !data.pid \|\| !data.cid) {`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`throw new Error('[[error:invalid-data]]');`
load post tools menu on demand 2015-10-24 20:50:43 -04:00			`}`
closes #6311 2018-02-15 14:52:49 -05:00
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`const results = await utils.promiseParallel({`
feat: allow direct link to flag from post tools, #8531 2020-07-29 16:55:14 -04:00			`posts: posts.getPostFields(data.pid, ['deleted', 'bookmarks', 'uid', 'ip', 'flagId']),`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`isAdmin: user.isAdministrator(socket.uid),`
			`isGlobalMod: user.isGlobalModerator(socket.uid),`
			`isModerator: user.isModerator(socket.uid, data.cid),`
			`canEdit: privileges.posts.canEdit(data.pid, socket.uid),`
			`canDelete: privileges.posts.canDelete(data.pid, socket.uid),`
			`canPurge: privileges.posts.canPurge(data.pid, socket.uid),`
			`canFlag: privileges.posts.canFlag(data.pid, socket.uid),`
refactor: flags object in post tools 2020-07-30 09:48:14 -04:00			`flagged: flags.exists('post', data.pid, socket.uid), // specifically, whether THIS calling user flagged`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`bookmarked: posts.hasBookmarked(data.pid, socket.uid),`
refactor: move plugin hook methods to plugin.hooks.* 2020-11-20 16:06:26 -05:00			`tools: plugins.hooks.fire('filter:post.tools', { pid: data.pid, uid: socket.uid, tools: [] }),`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`postSharing: social.getActivePostSharing(),`
			`history: posts.diffs.exists(data.pid),`
Add privilege for accessing user information (#7859) * Add view users info global privilege * Show user ip only to global mods and admins * fix missing comma * Hide link for users without correct privilege * move getting privilege information to getAllData * Hide the link from Global Moderators as well * Give Global Moderator view:users:info privilege * Restrict ip in post menu to view:users:info * add some trailing commas.... * Add privilege to categories test * Add group privilege to categories test * add upgrade script * fix style for TravisCI * more styling - change spaces to tabs * some more styling fixes (hopefully final one) * fix style for Travis CI * hide ip in chat messages * Don't show even hidden ips on user profile page 2019-09-17 18:02:52 +00:00			`canViewInfo: privileges.global.can('view:users:info', socket.uid),`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`});`

			`const postData = results.posts;`
			`postData.tools = results.tools.tools;`
			`postData.bookmarked = results.bookmarked;`
			`postData.selfPost = socket.uid && socket.uid === postData.uid;`
			`postData.display_edit_tools = results.canEdit.flag;`
			`postData.display_delete_tools = results.canDelete.flag;`
			`postData.display_purge_tools = results.canPurge;`
feat: #8475, allow flagging self posts dont count flags towards self posts dont allow flagging your own account 2020-11-17 21:28:32 -05:00			`postData.display_flag_tools = socket.uid && results.canFlag.flag;`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`postData.display_moderator_tools = postData.display_edit_tools \|\| postData.display_delete_tools;`
			`postData.display_move_tools = results.isAdmin \|\| results.isModerator;`
			`postData.display_change_owner_tools = results.isAdmin \|\| results.isModerator;`
			`postData.display_ip_ban = (results.isAdmin \|\| results.isGlobalMod) && !postData.selfPost;`
			`postData.display_history = results.history;`
refactor: flags object in post tools 2020-07-30 09:48:14 -04:00			`postData.flags = {`
			`flagId: parseInt(results.posts.flagId, 10) \|\| null,`
			`can: results.canFlag.flag,`
			`exists: !!results.posts.flagId,`
			`flagged: results.flagged,`
			`};`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00
Add privilege for accessing user information (#7859) * Add view users info global privilege * Show user ip only to global mods and admins * fix missing comma * Hide link for users without correct privilege * move getting privilege information to getAllData * Hide the link from Global Moderators as well * Give Global Moderator view:users:info privilege * Restrict ip in post menu to view:users:info * add some trailing commas.... * Add privilege to categories test * Add group privilege to categories test * add upgrade script * fix style for TravisCI * more styling - change spaces to tabs * some more styling fixes (hopefully final one) * fix style for Travis CI * hide ip in chat messages * Don't show even hidden ips on user profile page 2019-09-17 18:02:52 +00:00			`if (!results.isAdmin && !results.canViewInfo) {`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`postData.ip = undefined;`
			`}`
			`return results;`
load post tools menu on demand 2015-10-24 20:50:43 -04:00			`};`

refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`SocketPosts.delete = async function (socket, data) {`
refactor(writeapi): update route prefix to api/v3, default error option 2020-10-07 11:14:37 -04:00			`sockets.warnDeprecated(socket, 'DELETE /api/v3/posts/:pid/state');`
refactor: post restore/delete/purge 2020-10-17 21:24:33 -04:00			`await api.posts.delete(socket, data);`
socketio/posts socketio/topics refactor 2015-09-25 15:09:25 -04:00			`};`

refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`SocketPosts.restore = async function (socket, data) {`
refactor(writeapi): update route prefix to api/v3, default error option 2020-10-07 11:14:37 -04:00			`sockets.warnDeprecated(socket, 'PUT /api/v3/posts/:pid/state');`
refactor: post restore/delete/purge 2020-10-17 21:24:33 -04:00			`await api.posts.restore(socket, data);`
refactor: remove dupe code 2019-09-09 19:34:20 -04:00			`};`

refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`SocketPosts.deletePosts = async function (socket, data) {`
refactor: remove dupe code 2019-09-09 19:34:20 -04:00			`await deletePurgePosts(socket, data, 'delete');`
closes #2134 2015-12-24 12:08:10 +02:00			`};`

refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`SocketPosts.purgePosts = async function (socket, data) {`
refactor: remove dupe code 2019-09-09 19:34:20 -04:00			`await deletePurgePosts(socket, data, 'purge');`
			`};`

			`async function deletePurgePosts(socket, data, command) {`
closes #2134 2015-12-24 12:08:10 +02:00			`if (!data \|\| !Array.isArray(data.pids)) {`
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`throw new Error('[[error:invalid-data]]');`
			`}`
			`for (const pid of data.pids) {`
			`/* eslint-disable no-await-in-loop */`
refactor: socket posts delete/restore/purge so tid is not necessary (#8607) * refactor: socket posts delete/restore/purge so tid is not necessary * refactor: stop trying to be fancy * fix: tests to not pass in tid into posts.deletePosts * fix: some more unnecessary tid passing 2020-09-02 21:51:35 -04:00			`await SocketPosts[command](socket, { pid: pid });`
closes #2134 2015-12-24 12:08:10 +02:00			`}`
refactor: remove dupe code 2019-09-09 19:34:20 -04:00			`}`
closes #2134 2015-12-24 12:08:10 +02:00
refactor: async/await socket.io/posts 2019-09-09 19:19:56 -04:00			`SocketPosts.purge = async function (socket, data) {`
refactor(writeapi): update route prefix to api/v3, default error option 2020-10-07 11:14:37 -04:00			`sockets.warnDeprecated(socket, 'DELETE /api/v3/posts/:pid');`
refactor: post restore/delete/purge 2020-10-17 21:24:33 -04:00			`await api.posts.purge(socket, data);`
socketio/posts socketio/topics refactor 2015-09-25 15:09:25 -04:00			`};`

Change post owner (#7752) * feat: #7749, allow array of keys for setObject * feat: sortedSetRemoveBulk * feat: test for bulk remove * feat: #7083, ability to change post ownership * feat: #7083, fix tid:<tid>:posters * feat: #7083, front end * fix: #7752, psql methods * fix: add missing await * fix: maybe psql 2019-07-12 14:06:09 -04:00			`SocketPosts.changeOwner = async function (socket, data) {`
			`if (!data \|\| !Array.isArray(data.pids) \|\| !data.toUid) {`
			`throw new Error('[[error:invalid-data]]');`
			`}`
fix: missing await in SocketPosts.changeOwner 2020-01-24 14:28:11 -05:00			`const isAdminOrGlobalMod = await user.isAdminOrGlobalMod(socket.uid);`
Change post owner (#7752) * feat: #7749, allow array of keys for setObject * feat: sortedSetRemoveBulk * feat: test for bulk remove * feat: #7083, ability to change post ownership * feat: #7083, fix tid:<tid>:posters * feat: #7083, front end * fix: #7752, psql methods * fix: add missing await * fix: maybe psql 2019-07-12 14:06:09 -04:00			`if (!isAdminOrGlobalMod) {`
			`throw new Error('[[error:no-privileges]]');`
			`}`

chore: eslint no-var, vars-on-top 2021-02-04 00:06:15 -07:00			`const postData = await posts.changeOwner(data.pids, data.toUid);`
			`const logs = postData.map(({ pid, uid, cid }) => (events.log({`
#8115 - log post owner changes (#8117) * log post owner changes * log each post separately * use map instad of a loop 2020-01-15 17:05:57 +01:00			`type: 'post-change-owner',`
			`uid: socket.uid,`
			`ip: socket.ip,`
			`targetUid: data.toUid,`
			`pid: pid,`
			`originalUid: uid,`
			`cid: cid,`
			`})));`

			`await Promise.all(logs);`
Change post owner (#7752) * feat: #7749, allow array of keys for setObject * feat: sortedSetRemoveBulk * feat: test for bulk remove * feat: #7083, ability to change post ownership * feat: #7083, fix tid:<tid>:posters * feat: #7083, front end * fix: #7752, psql methods * fix: add missing await * fix: maybe psql 2019-07-12 14:06:09 -04:00			`};`
Add edit, delete, and topics:delete permissions for users acting on their own posts 2016-08-06 20:28:55 -05:00			`};`