nodebb/src/privileges/posts.js


'use strict';

var async = require('async'),
	winston = require('winston'),

	posts = require('../posts'),
	topics = require('../topics'),
	user = require('../user'),
	helpers = require('./helpers'),
	groups = require('../groups'),
	categories = require('../categories');

module.exports = function(privileges) {

	privileges.posts = {};

	privileges.posts.get = function(pids, uid, callback) {
		async.parallel({
			manage_content: function(next) {
				helpers.hasEnoughReputationFor('privileges:manage_content', uid, next);
			},
			manage_topic: function(next) {
				helpers.hasEnoughReputationFor('privileges:manage_topic', uid, next);
			},
			isAdministrator: function(next) {
				user.isAdministrator(uid, next);
			},
		}, function(err, userResults) {
			if(err) {
				return callback(err);
			}

			var userPriv = userResults.isAdministrator || userResults.manage_topic || userResults.manage_content;

			async.parallel({
				isOwner: function(next) {
					posts.isOwner(pids, uid, next);
				},
				isModerator: function(next) {
					posts.getCidsByPids(pids, function(err, cids) {
						if (err) {
							return next(err);
						}
						user.isModerator(uid, cids, next);
					});
				}
			}, function(err, postResults) {
				if (err) {
					return callback(err);
				}

				var privileges = [];

				for (var i=0; i<pids.length; ++i) {
					var editable = userPriv || postResults.isModerator[i] || postResults.isOwner[i];
					privileges.push({
						editable: editable,
						view_deleted: editable,
						move: userResults.isAdministrator || postResults.isModerator[i]
					});
				}

				callback(null, privileges);
			});
		});
	};

	privileges.posts.can = function(privilege, pid, uid, callback) {
		posts.getCidByPid(pid, function(err, cid) {
			if (err) {
				return callback(err);
			}

			privileges.categories.can(privilege, cid, uid, callback);
		});
	};

	privileges.posts.filter = function(privilege, pids, uid, callback) {
		if (!pids.length) {
			return callback(null, []);
		}
		posts.getCidsByPids(pids, function(err, cids) {
			if (err) {
				return callback(err);
			}

			pids = pids.map(function(pid, index) {
				return {pid: pid, cid: cids[index]};
			});

			privileges.categories.filter(privilege, cids, uid, function(err, cids) {
				if (err) {
					return callback(err);
				}

				pids = pids.filter(function(post) {
					return cids.indexOf(post.cid) !== -1;
				}).map(function(post) {
					return post.pid;
				});
				callback(null, pids);
			});
		});
	};

	privileges.posts.canEdit = function(pid, uid, callback) {
		helpers.some([
			function(next) {
				isPostTopicLocked(pid, function(err, isLocked) {
					if (err || isLocked) {
						return next(err, false);
					}

					helpers.some([
						function(next) {
							posts.isOwner(pid, uid, next);
						},
						function(next) {
							helpers.hasEnoughReputationFor('privileges:manage_content', uid, next);
						},
						function(next) {
							helpers.hasEnoughReputationFor('privileges:manage_topic', uid, next);
						}
					], next);
				});
			},
			function(next) {
				isAdminOrMod(pid, uid, next);
			}
		], callback);
	};

	privileges.posts.canMove = function(pid, uid, callback) {
		posts.isMain(pid, function(err, isMain) {
			if (err || isMain) {
				return callback(err || new Error('[[error:cant-move-mainpost]]'));
			}
			isAdminOrMod(pid, uid, callback);
		});
	};

	function isPostTopicLocked(pid, callback) {
		posts.getPostField(pid, 'tid', function(err, tid) {
			if (err) {
				return callback(err);
			}
			topics.isLocked(tid, callback);
		});
	}

	function isAdminOrMod(pid, uid, callback) {
		helpers.some([
			function(next) {
				posts.getCidByPid(pid, function(err, cid) {
					if (err) {
						return next(err);
					}
					user.isModerator(uid, cid, next);
				});
			},
			function(next) {
				user.isAdministrator(uid, next);
			}
		], callback);
	}
};
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago
			`'use strict';`

			`var async = require('async'),`
check privs pids 11 years ago			`winston = require('winston'),`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago
			`posts = require('../posts'),`
closes #1735 11 years ago			`topics = require('../topics'),`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`user = require('../user'),`
			`helpers = require('./helpers'),`
			`groups = require('../groups'),`
			`categories = require('../categories');`

			`module.exports = function(privileges) {`

			`privileges.posts = {};`

privileges.posts.get takes an array of pids now 11 years ago			`privileges.posts.get = function(pids, uid, callback) {`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`async.parallel({`
			`manage_content: function(next) {`
			`helpers.hasEnoughReputationFor('privileges:manage_content', uid, next);`
			`},`
			`manage_topic: function(next) {`
			`helpers.hasEnoughReputationFor('privileges:manage_topic', uid, next);`
			`},`
			`isAdministrator: function(next) {`
			`user.isAdministrator(uid, next);`
			`},`
privileges.posts.get takes an array of pids now 11 years ago			`}, function(err, userResults) {`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`if(err) {`
			`return callback(err);`
			`}`

privileges.posts.get takes an array of pids now 11 years ago			`var userPriv = userResults.isAdministrator \|\| userResults.manage_topic \|\| userResults.manage_content;`

			`async.parallel({`
			`isOwner: function(next) {`
			`posts.isOwner(pids, uid, next);`
			`},`
			`isModerator: function(next) {`
			`posts.getCidsByPids(pids, function(err, cids) {`
			`if (err) {`
			`return next(err);`
			`}`
			`user.isModerator(uid, cids, next);`
			`});`
			`}`
			`}, function(err, postResults) {`
			`if (err) {`
			`return callback(err);`
			`}`

			`var privileges = [];`

			`for (var i=0; i<pids.length; ++i) {`
			`var editable = userPriv \|\| postResults.isModerator[i] \|\| postResults.isOwner[i];`
			`privileges.push({`
			`editable: editable,`
			`view_deleted: editable,`
			`move: userResults.isAdministrator \|\| postResults.isModerator[i]`
			`});`
			`}`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago
privileges.posts.get takes an array of pids now 11 years ago			`callback(null, privileges);`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`});`
			`});`
			`};`

privilege cleanup 11 years ago			`privileges.posts.can = function(privilege, pid, uid, callback) {`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`posts.getCidByPid(pid, function(err, cid) {`
			`if (err) {`
			`return callback(err);`
			`}`

privilege cleanup 11 years ago			`privileges.categories.can(privilege, cid, uid, callback);`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`});`
			`};`

optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`privileges.posts.filter = function(privilege, pids, uid, callback) {`
early outs for privs no need to check if empty array is passed in, happens if there are no unread topics remove dupe cids before checking for privileges 11 years ago			`if (!pids.length) {`
			`return callback(null, []);`
			`}`
optimize privileges and assorted fixes. * new methods privileges.categories.filter privileges.topics.filter privileges.posts.filter they take a list of ids and a privilege, and return the filtered list of ids, faster than doing async.filter and calling the db for each id. * remove event listeners on recent page before adding * group.exists works for both single group names and arrays * helpers.allowedTo works for both a single cid and an array of cids * moved filter:topic.post hook right before topic creation. * moved filter:topic.reply hook right before topic reply. 11 years ago			`posts.getCidsByPids(pids, function(err, cids) {`
			`if (err) {`
			`return callback(err);`
			`}`

			`pids = pids.map(function(pid, index) {`
			`return {pid: pid, cid: cids[index]};`
			`});`

			`privileges.categories.filter(privilege, cids, uid, function(err, cids) {`
			`if (err) {`
			`return callback(err);`
			`}`

			`pids = pids.filter(function(post) {`
			`return cids.indexOf(post.cid) !== -1;`
			`}).map(function(post) {`
			`return post.pid;`
			`});`
			`callback(null, pids);`
			`});`
			`});`
			`};`

first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`privileges.posts.canEdit = function(pid, uid, callback) {`
more work on #1518 still needs more work, category is next 11 years ago			`helpers.some([`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`function(next) {`
closes #1735 11 years ago			`isPostTopicLocked(pid, function(err, isLocked) {`
			`if (err \|\| isLocked) {`
			`return next(err, false);`
			`}`

			`helpers.some([`
			`function(next) {`
			`posts.isOwner(pid, uid, next);`
			`},`
			`function(next) {`
			`helpers.hasEnoughReputationFor('privileges:manage_content', uid, next);`
			`},`
			`function(next) {`
			`helpers.hasEnoughReputationFor('privileges:manage_topic', uid, next);`
			`}`
			`], next);`
			`});`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`},`
			`function(next) {`
closes #1731 11 years ago			`isAdminOrMod(pid, uid, next);`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`}`
more work on #1518 still needs more work, category is next 11 years ago			`], callback);`
			`};`

			`privileges.posts.canMove = function(pid, uid, callback) {`
closes #1725 removed move button from main post, disable moving main post, fixed moving posts. 11 years ago			`posts.isMain(pid, function(err, isMain) {`
			`if (err \|\| isMain) {`
			`return callback(err \|\| new Error('[[error:cant-move-mainpost]]'));`
			`}`
			`isAdminOrMod(pid, uid, callback);`
			`});`
closes #1731 11 years ago			`};`

closes #1735 11 years ago			`function isPostTopicLocked(pid, callback) {`
			`posts.getPostField(pid, 'tid', function(err, tid) {`
			`if (err) {`
			`return callback(err);`
			`}`
			`topics.isLocked(tid, callback);`
			`});`
			`}`

closes #1731 11 years ago			`function isAdminOrMod(pid, uid, callback) {`
more work on #1518 still needs more work, category is next 11 years ago			`helpers.some([`
			`function(next) {`
			`posts.getCidByPid(pid, function(err, cid) {`
			`if (err) {`
			`return next(err);`
			`}`
			`user.isModerator(uid, cid, next);`
			`});`
			`},`
			`function(next) {`
			`user.isAdministrator(uid, next);`
			`}`
			`], callback);`
closes #1731 11 years ago			`}`
first pass for #1518 this only handles postTools privileges, topic and category will follow 11 years ago			`};`