Edit history is now a category-level privilege

Closes #6425
2025-10-31 02:55:58 +01:00 · 2018-06-07 12:23:08 -04:00
parent b2d7455f72
commit 99dc3feeb2
8 changed files with 44 additions and 5 deletions
--- a/public/language/en-GB/admin/manage/privileges.json
+++ b/public/language/en-GB/admin/manage/privileges.json
@@ -18,6 +18,7 @@
 	"reply-to-topics": "Reply to Topics",
 	"tag-topics": "Tag Topics",
 	"edit-posts": "Edit Posts",
 	"view-edit-history": "View Edit History",
 	"delete-posts": "Delete Posts",
 	"upvote-posts": "Upvote Posts",
 	"downvote-posts": "Downvote Posts",
--- a/public/src/client/topic/postTools.js
+++ b/public/src/client/topic/postTools.js
@@ -140,7 +140,7 @@ define('forum/topic/postTools', [
 			}
 		});
-		if (config.enablePostHistory) {
+		if (config.enablePostHistory && ajaxify.data.privileges['posts:history']) {
 			postContainer.on('click', '[component="post/view-history"], [component="post/edit-indicator"]', function () {
 				var btn = $(this);
 				diffs.open(getData(btn, 'data-pid'));
--- a/src/categories/create.js
+++ b/src/categories/create.js
@@ -60,6 +60,7 @@ module.exports = function (Categories) {
 					'topics:reply',
 					'topics:tag',
 					'posts:edit',
 					'posts:history',
 					'posts:delete',
 					'posts:upvote',
 					'posts:downvote',
--- a/src/privileges.js
+++ b/src/privileges.js
@@ -10,6 +10,7 @@ privileges.privilegeLabels = [
 	{ name: '[[admin/manage/privileges:reply-to-topics]]' },
 	{ name: '[[admin/manage/privileges:tag-topics]]' },
 	{ name: '[[admin/manage/privileges:edit-posts]]' },
 	{ name: '[[admin/manage/privileges:view-edit-history]]' },
 	{ name: '[[admin/manage/privileges:delete-posts]]' },
 	{ name: '[[admin/manage/privileges:upvote-posts]]' },
 	{ name: '[[admin/manage/privileges:downvote-posts]]' },
@@ -26,6 +27,7 @@ privileges.userPrivilegeList = [
 	'topics:reply',
 	'topics:tag',
 	'posts:edit',
 	'posts:history',
 	'posts:delete',
 	'posts:upvote',
 	'posts:downvote',
--- a/src/privileges/topics.js
+++ b/src/privileges/topics.js
@@ -16,7 +16,7 @@ module.exports = function (privileges) {
 	privileges.topics.get = function (tid, uid, callback) {
 		var topic;
-		var privs = ['topics:reply', 'topics:read', 'topics:tag', 'topics:delete', 'posts:edit', 'posts:delete', 'read'];
+		var privs = ['topics:reply', 'topics:read', 'topics:tag', 'topics:delete', 'posts:edit', 'posts:history', 'posts:delete', 'read'];
 		async.waterfall([
 			async.apply(topics.getTopicFields, tid, ['cid', 'uid', 'locked', 'deleted']),
 			function (_topic, next) {
@@ -44,6 +44,7 @@ module.exports = function (privileges) {
 					'topics:tag': privData['topics:tag'] || isAdminOrMod,
 					'topics:delete': (isOwner && privData['topics:delete']) || isAdminOrMod,
 					'posts:edit': (privData['posts:edit'] && !locked) || isAdminOrMod,
 					'posts:history': privData['posts:history'] || isAdminOrMod,
 					'posts:delete': (privData['posts:delete'] && !locked) || isAdminOrMod,
 					read: privData.read || isAdminOrMod,
 					view_thread_tools: editable || deletable,
--- a/src/socket.io/posts/diffs.js
+++ b/src/socket.io/posts/diffs.js
@@ -2,10 +2,16 @@
 var async = require('async');
 var posts = require('../../posts');
 var privileges = require('../../privileges');
 module.exports = function (SocketPosts) {
 	SocketPosts.getDiffs = function (socket, data, callback) {
 		async.waterfall([
 			function (next) {
 				privileges.posts.can('posts:history', data.pid, socket.uid, function (err, allowed) {
 					next(err || allowed ? null : new Error('[[error:no-privileges]]'));
 				});
 			},
 			function (next) {
 				posts.diffs.list(data.pid, next);
 			},
@@ -17,6 +23,12 @@ module.exports = function (SocketPosts) {
 	};
 	SocketPosts.showPostAt = function (socket, data, callback) {
 		privileges.posts.can('posts:history', data.pid, socket.uid, function (err, allowed) {
 			if (err || !allowed) {
 				return callback(err || new Error('[[error:no-privileges]]'));
 			}
 			posts.diffs.load(data.pid, data.since, socket.uid, callback);
 		});
 	};
 };
--- a/src/upgrades/1.10.0/post_history_privilege.js
+++ b/src/upgrades/1.10.0/post_history_privilege.js
@@ -0,0 +1,22 @@
 'use strict';
 var async = require('async');
 var privileges = require('../../privileges');
 var db = require('../../database');
 module.exports = {
 	name: 'Give post history viewing privilege to registered-users on all categories',
 	timestamp: Date.UTC(2018, 5, 7),
 	method: function (callback) {
 		db.getSortedSetRange('categories:cid', 0, -1, function (err, cids) {
 			if (err) {
 				return callback(err);
 			}
 			async.eachSeries(cids, function (cid, next) {
 				privileges.categories.give(['posts:history'], cid, 'registered-users', next);
 			}, callback);
 		});
 	},
 };
--- a/src/views/admin/partials/categories/privileges.tpl
+++ b/src/views/admin/partials/categories/privileges.tpl
@@ -5,7 +5,7 @@
 								<th class="arrowed" colspan="3">
 									[[admin/manage/categories:privileges.section-viewing]]
 								</th>
-								<th class="arrowed" colspan="8">
+								<th class="arrowed" colspan="9">
 									[[admin/manage/categories:privileges.section-posting]]
 								</th>
 								<th class="arrowed" colspan="2">
@@ -61,7 +61,7 @@
 								<th class="arrowed" colspan="3">
 									[[admin/manage/categories:privileges.section-viewing]]
 								</th>
-								<th class="arrowed" colspan="8">
+								<th class="arrowed" colspan="9">
 									[[admin/manage/categories:privileges.section-posting]]
 								</th>
 								<th class="arrowed" colspan="2">