Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-30 18:46:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add edit, delete, and topics:delete permissions for users acting on their own posts

Browse Source
This commit is contained in:
Ben Lubar
2016-08-06 20:28:55 -05:00
parent b0c55c86ed
commit 26df552d55
13 changed files with 213 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/privileges/posts.js
View File

@@ -30,6 +30,7 @@ module.exports = function(privileges) {
isOwner: async.apply(posts.isOwner, pids, uid),
'topics:read': async.apply(helpers.isUserAllowedTo, 'topics:read', uid, cids),
read: async.apply(helpers.isUserAllowedTo, 'read', uid, cids),
edit: async.apply(helpers.isUserAllowedTo, 'edit', uid, cids),
}, next);
}
], function(err, results) {
@@ -41,7 +42,7 @@ module.exports = function(privileges) {
for (var i=0; i<pids.length; ++i) {
var isAdminOrMod = results.isAdmin || results.isModerator[i];
var editable = isAdminOrMod || results.isOwner[i];
var editable = isAdminOrMod || (results.isOwner[i] && results.edit[i]);
privileges.push({
editable: editable,
@@ -169,7 +170,8 @@ module.exports = function(privileges) {
async.parallel({
isAdminOrMod: async.apply(isAdminOrMod, pid, uid),
isLocked: async.apply(topics.isLocked, postData.tid),
isOwner: async.apply(posts.isOwner, pid, uid)
isOwner: async.apply(posts.isOwner, pid, uid),
'delete': async.apply(privileges.posts.can, 'delete', pid, uid)
}, next);
}
], function(err, results) {
@@ -182,6 +184,9 @@ module.exports = function(privileges) {
if (results.isLocked) {
return callback(new Error('[[error:topic-locked]]'));
}
if (!results['delete']) {
return callback(null, false);
}
var postDeleteDuration = parseInt(meta.config.postDeleteDuration, 10);
if (postDeleteDuration && (Date.now() - parseInt(postData.timestamp, 10) > postDeleteDuration * 1000)) {
return callback(new Error('[[error:post-delete-duration-expired, ' + meta.config.postDeleteDuration + ']]'));
@@ -234,10 +239,13 @@ module.exports = function(privileges) {
return callback(null, {isLocked: true});
}
posts.isOwner(pid, uid, next);
async.parallel({
owner: async.apply(posts.isOwner, pid, uid),
edit: async.apply(privileges.posts.can, 'edit', pid, uid)
}, next);
},
function(isOwner, next) {
next(null, {editable: isOwner});
function(result, next) {
next(null, {editable: result.owner && result.edit});
}
], callback);
}